From MAILER-DAEMON Sun Jun 30 10:53:51 2024 Date: 30 Jun 2024 10:53:51 -0700 From: Mail System Internal Data Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA Message-ID: <1719770031@impsec.org> X-IMAP: 1719770031 0000000383 $Forwarded Status: RO This text is part of the internal format of your mail folder, and is not a real message. It is created automatically by the mail system software. If deleted, important folder data will be lost, and it will be re-created with the data reset to initial values. From goroo@lis-edu.kz Sun Jan 3 02:08:32 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, FORGED_MUA_OUTLOOK,FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_LOTTO,LOTS_OF_MONEY,MILLION_HUNDRED,MILLION_USD, MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MONEY_NOHTML,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_NONE,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known 419 fraud collector * mailbox * 0.2 NSL_RCVD_HELO_USER Received from HELO User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrcjames001[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.3 MILLION_USD BODY: Talks about millions of dollars * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [103.75.167.6 listed in dnsbl.sorbs.net] * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 HK_LOTTO No description available. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.7 MONEY_NOHTML Lots of money in plain text * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.4 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: KZ IN Received: from lis-edu.kz ([109.248.236.30]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10388M69011207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA256 bits=256 verify=NO) for ; Sun, 3 Jan 2021 02:08:32 -0600 Message-Id: <202101030808.10388M69011207@ga.impsec.org> Received: from [103.75.167.6] (helo=User) by lis-edu.kz with esmtpa (Exim 4.82) (envelope-from ) id 1kvbyK-0007M2-Oa; Sat, 02 Jan 2021 14:09:13 +0600 Reply-To: From: "COCA COLA." Subject: [SPAM] COCA-COLA LOTTERY ORGANIZATION. Date: Sat, 2 Jan 2021 07:13:50 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-SpamProbe: expansion failed X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 03 Jan 2021 02:08:32 -0600 (CST) for IP:'109.248.236.30' DOMAIN:'[109.248.236.30]' HELO:'lis-edu.kz' FROM:'goroo@lis-edu.kz' RCPT:'' X-Greylist: Delayed for 23:50:59 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 03 Jan 2021 02:08:32 -0600 (CST) X-Spam-Prev-Subject: COCA-COLA LOTTERY ORGANIZATION. Status: R X-Status: X-Keywords: X-UID: 2 Content-Length: 1901 COCA-COLA LOTTERY ORGANIZATION TICKET FREE/ONLINE E-MAIL ADDRESS WINNINGS DEPARTMENT. Greetings Winner, If you are the correct owner of this email address? If yes then be glad this day as the result of the Coca-Cola lotto online e-mail address free-ticket winning draws of October 2020 ,held in United States of America has just been released and we are glad to announce to you that your email address won you the sweepstakes in the first category and you are entitled to claim the sum of One Million Two Hundred And Fifty Thousand United States Dollars(US$1,250,000.00). Your email address was entered for the online draw on this ticket No: 546-373-66773 and won on this Lucky No: (14)-(8)-(5)-(19)-(28)-(12)-(30). On how to receive your won prize of US$1.250,000.00M. (One Million Two Hundred And Fifty Thousand United States Dollars Only) to enable Mr.James Curtise ascertain you as the rightful winner and receiver of the US$1.250,000.00M.Make sure you include the below listed information in your contact email to him. Your complete official names, country of origin and country of residence/work, contact telephone and mobile numbers, amount won,lucky numbers, date of draw. OPTIONAL: - [Sex, age, occupation and job title]. Just in case you are thinking of how you won without entering then know again that this very draw of the Coca-Cola Lottery Organization in which you have emerged as a winner was a free ticket online email address draws were thousands of email addresses was collected from almost all world wide websites and used for the online draws/sweepstakes and during winners selection your email address came out among the first ten which won you the lottery in the first winnings category and entitles you to claim the US$1,250,000.00 dollars. Yours Faithfully, Mr.James Curtise COCA-COLA LOTTERY ORGANIZATION. Online Winning Notification Department. Tel: +1-403-607-1548 From jhardin@impsec.org Mon Jan 4 17:11:53 2021 +0000 Return-Path: <3WEzzXw0JBcMqj1qvr0nnvH9Apvjru.lxv31n011yjvj11j11rw.jyjlqn.x0p@trix.bounces.google.com> Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 56014 invoked by uid 99); 4 Jan 2021 17:12:02 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jan 2021 17:12:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id F41D41FF3A1 for ; Mon, 4 Jan 2021 17:12:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.854 X-Spam-Level: *** X-Spam-Status: No, score=3.854 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_3_NEW=3.256, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.2, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id xl15q37foks8 for ; Mon, 4 Jan 2021 17:12:01 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.166.77; helo=mail-io1-f77.google.com; envelope-from=3wezzxw0jbcmqj1qvr0nnvh9apvjru.lxv31n011yjvj11j11rw.jyjlqn.x0p@trix.bounces.google.com; receiver= Received: from mail-io1-f77.google.com (mail-io1-f77.google.com [209.85.166.77]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id E53F4BCD1B for ; Mon, 4 Jan 2021 17:12:00 +0000 (UTC) Received: by mail-io1-f77.google.com with SMTP id 191so12139731iob.15 for ; Mon, 04 Jan 2021 09:12:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:message-id:date:subject:from:to; bh=ivX21qkV0Usb3JhWwOZsjaj26CfwS8OlAU2X81QRjBY=; b=nndAl+kBPaemp2AyEpWKZ3UHPSctOeoINhLAqQLpjXnjFkS4rIkeXkyPjXwxP9mhGw mw2fCEaygN5unBQmKTc1CvMdHOL9V/phHrU0aMJLHWqjDMV9VyoEfGTvRmG5p6XolIKE dPPrekMSeYgHvFis8XhkxSNV3/BpMPR6wo+qveB7Nh0IKmjU+qq0z+WzD2zmdxA9B5+7 3x0vYNdcA9fQ5kl+g4OXmy37WA7DWZOcocnB+3L4jpvsoQuNEhtRWFZxN8oIFgtN+paC 1hylYArl5pyvwo5wsNMFAs7kfioB+MtuAVgf859sI+80LyWqUUxDoYmlG1fus9fTX2Fy aUTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:message-id:date:subject :from:to; bh=ivX21qkV0Usb3JhWwOZsjaj26CfwS8OlAU2X81QRjBY=; b=Cjq6Aoi7RKe36dPoRnHQzIdPVCk0xCi/xa9u3p4fwKlwF18DcYXgoYPMR9CuhHnVK4 SIAl0Q/93yItULhXE+RIvaLpc5FMMK/gkjW/S4Qf9FzEDrILN4Fq3bBJKIZevpSvnOqS Oh+n6y+9ozHG8t28TiPGzHB1WgNjjcHfCgh6XPbRPFb5unPK8CAPV00mErmUwjrAV+VB nCXj+mVNCH/yBS+HadtPEU/aALgBklL4dh8JVXtRPwykYq2xADM5w/kK9SjL2+Yq4CVa /lD0NsBZYu/Taqyx1uU0RIQqGqPB6kHzGqnMMuOQ5/jpI/gHOUgpA3/aWd0K0z1g8swt XBMQ== X-Gm-Message-State: AOAM532RjqEUxk6m8cIk+2gXo9+bi85LrcID/GK3bYzi9yQSNVEDM4Yl CYjapJQRR4XKLP9u3c6H47JUI9PyIRMJ4V4EXbNC MIME-Version: 1.0 X-Received: by 2002:a05:6e02:154c:: with SMTP id j12mt44553126ilu.33.1609780312099; Mon, 04 Jan 2021 09:11:52 -0800 (PST) Reply-To: hashmireem801@gmail.com X-No-Auto-Attachment: 1 Message-ID: <000000000000ab7aec05b8162f98@google.com> Date: Mon, 04 Jan 2021 17:11:53 +0000 Subject: Partnership From: hashmireem801@gmail.com To: users@spamassassin.apache.org X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000c7b24805b8162fda" Status: R X-Status: X-Keywords: X-UID: 3 Content-Length: 6148 --000000000000c7b24805b8162fda Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes I've invited you to fill in the following form: Untitled form To fill it in, visit: https://docs.google.com/forms/d/e/1FAIpQLScAZxQ4CoE9kV3SmXIiQ68N7TKOvLCwt7hBtygRoV6AKuSCBQ/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link Hello, My name is Reem E. Al-Hashimi,I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee. Am a women and serving as a Minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Eu 47,745,000.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment. reply on this email only: reem.alhashimi@kakao.com Regards, Ms. Reem Google Forms: Create and analyse surveys. --000000000000c7b24805b8162fda Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<= DEFANGED_IMG alt=3D"Google Forms" height=3D"26px" style=3D"display: = inline-block; margin: 0; vertical-align: middle;" width=3D"143px" src=3D"ht= tps://www.gstatic.com/docs/forms/google_forms_logo_lockup_white_2x.png">
=
Hello,

My name is Reem E. Al-Hashimi,I am writ= ing to you to stand as my partner to receive my share of gratification from= foreign companies whom I helped during the bidding exercise towards the Du= bai World Expo 2020 Committee.

Am a women and serving as a Minister,= there is a limit to my personal income and investment level and For this r= eason, I cannot receive such a huge sum back to my country or my personal a= ccount, so an agreement was reached with the foreign companies to direct th= e gratifications to an open beneficiary account with a financial institutio= n where it will be possible for me to instruct further transfer of the fund= to a third party account for investment purpose which is the reason i cont= acted you to receive the fund as my partner for investment in your country.=

The amount is valued at Eu 47,745,000.00 with a financial instituti= on waiting my instruction for further transfer to a destination account as = soon as I have your information indicating interest to receive and invest t= he fund, I will compensate you with 30% of the total amount and you will al= so get benefit from the investment.

If you can handle the fund in a = good investment. reply on this email only: reem.alhashimi@kakao.com

= Regards,
Ms. Reem
Untitled form
=
Fill out form
= =
Cr= eate your own Google Form
--000000000000c7b24805b8162fda-- From info@buffett.org Mon Jan 4 02:42:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.1 required=5.0 tests=BAYES_99,BAYES_999, BODY_SINGLE_WORD,FREEMAIL_FORGED_REPLYTO,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, RCVD_IN_BL_SPAMCOP_NET,RELAY_COUNTRY_IT,SPAM_BOOSTER_04,SPF_HELO_NONE, T_SPF_TEMPERROR autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.5 MONEY_NOHTML Lots of money in plain text * 0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 BODY_SINGLE_WORD Message body is only one word (no spaces) X-Spam-Relay-Country: HK IT Received: from mail.ruyi.com.hk (061092169178.static.ctinets.com [61.92.169.178]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1048g8AP009111 for ; Mon, 4 Jan 2021 02:42:13 -0600 Message-Id: <202101040842.1048g8AP009111@ga.impsec.org> Received: from DESKTOP-TO32L7N.homenet.telecomitalia.it (host-79-35-182-211.retail.telecomitalia.it [79.35.182.211]) by mail.ruyi.com.hk (Postfix) with ESMTPA id 46D664D53217; Mon, 4 Jan 2021 11:08:00 +0800 (HKT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Warren Buffett Foundation picked you for a $1 500, 000 donation. For more details reply To: Recipients From: "WARREN B FOUNDATION" Date: Mon, 04 Jan 2021 04:03:22 +0100 Reply-To: buffookj@gmail.com X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: 46D664D53217.A720F X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamScore: ss X-yoursite-MailScanner-From: info@buffett.org X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 02:42:13 -0600 (CST) for IP:'61.92.169.178' DOMAIN:'061092169178.static.ctinets.com' HELO:'mail.ruyi.com.hk' FROM:'info@buffett.org' RCPT:'' X-Greylist: Delayed for 11:48:31 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 02:42:13 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1048g8AP009111 X-Spam-Prev-Subject: Warren Buffett Foundation picked you for a $1 500, Status: R X-Status: X-Keywords: X-UID: 4 REPLY From zapros@dks.ru Mon Jan 4 03:30:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_95,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, RCVD_IN_SORBS_WEB,RELAY_COUNTRY_RU,RELAY_COUNTRY_TR,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9800] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [212.154.23.124 listed in dnsbl.sorbs.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [kimleang575[at]yahoo.com] * 0.6 URG_BIZ Contains urgent matter * 0.7 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.5 MONEY_NOHTML Lots of money in plain text * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: RU ** TR Received: from post.dks.ru (post.dks.ru [194.226.89.161]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1049Twbu011801 for ; Mon, 4 Jan 2021 03:30:02 -0600 Received: from ksmg.dks.lan (unknown [172.17.112.11]) by post.dks.ru (Postfix) with ESMTP id 6228A26AC1B; Mon, 4 Jan 2021 11:58:56 +0300 (MSK) Received: from [192.168.88.237] (unknown [212.154.23.124]) (Authenticated sender: zapros@dks.ru) by post.dks.ru (Postfix) with ESMTP id 959D626AB03; Mon, 4 Jan 2021 11:58:53 +0300 (MSK) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] YOUR URGENT RESPONSE !!!! To: Recipients From: "Mr. Kim Leang" Date: Mon, 04 Jan 2021 00:59:19 -0800 Reply-To: kimleang575@yahoo.com Message-Id: <20210104085853.959D626AB03@post.dks.ru> X-KLMS-Rule-ID: 7 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Status: not scanned, disabled by settings X-KLMS-AntiSpam-Interceptor-Info: not scanned X-KLMS-AntiPhishing: Clean, bases: 2021/01/04 08:40:00 X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2021/01/04 05:34:00 #16008269 X-KLMS-AntiVirus-Status: Clean, skipped X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 03:30:02 -0600 (CST) for IP:'194.226.89.161' DOMAIN:'post.dks.ru' HELO:'post.dks.ru' FROM:'zapros@dks.ru' RCPT:'' X-Greylist: Delayed for 00:24:31 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 03:30:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1049Twbu011801 X-Spam-Prev-Subject: YOUR URGENT RESPONSE !!!! Status: R X-Status: X-Keywords: X-UID: 5 Greeting! I am contacting you to receive and share with me an abandoned fund ( $21,537.000.00 ) left in our bank by a deceased customer. I was going through the Internet search when I found your email address. My name is Mr. Kim Leang. I want to utilize this opportunity and make use of this fund if I should present your name to the bank to stand as his business associate/ trustee for the fund to be released to you via Visa card for easy withdrawals in any VISA ATM machine anywhere in the World. The bank will also give you international online transfer options. With these you can transfer the funds without any risk. Should you be interested in working with me in this project? Please reply back and let's benefit from this golden opportunity.You are my first contact. I shall wait a few days and if I do not hear from you, I shall look for another person. Thanks and have a nice day, Mr. Kim Leang From info@buffett.org Mon Jan 4 06:37:42 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.1 required=5.0 tests=BAYES_99,BAYES_999, BODY_SINGLE_WORD,FREEMAIL_FORGED_REPLYTO,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, RCVD_IN_BL_SPAMCOP_NET,RELAY_COUNTRY_IT,SPAM_BOOSTER_04,SPF_HELO_NONE, T_SPF_TEMPERROR autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.5 MONEY_NOHTML Lots of money in plain text * 0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 BODY_SINGLE_WORD Message body is only one word (no spaces) X-Spam-Relay-Country: HK IT Received: from mail.ruyi.com.hk (061092169178.static.ctinets.com [61.92.169.178]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 104CbaCr041173 for ; Mon, 4 Jan 2021 06:37:42 -0600 Message-Id: <202101041237.104CbaCr041173@ga.impsec.org> Received: from DESKTOP-TO32L7N.homenet.telecomitalia.it (host-79-35-182-211.retail.telecomitalia.it [79.35.182.211]) by mail.ruyi.com.hk (Postfix) with ESMTPA id 83FAA4661E9C; Mon, 4 Jan 2021 03:03:23 +0800 (HKT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Warren Buffett Foundation picked you for a $1 500, 000 donation. For more details reply To: Recipients From: "WARREN B FOUNDATION" Date: Sun, 03 Jan 2021 19:58:45 +0100 Reply-To: buffookj@gmail.com X-yoursite-MailScanner-Information: Please contact the ISP for more information X-yoursite-MailScanner-ID: 83FAA4661E9C.A1300 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-SpamScore: sss X-yoursite-MailScanner-From: info@buffett.org X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 06:37:42 -0600 (CST) for IP:'61.92.169.178' DOMAIN:'061092169178.static.ctinets.com' HELO:'mail.ruyi.com.hk' FROM:'info@buffett.org' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 06:37:42 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 104CbaCr041173 X-Spam-Prev-Subject: Warren Buffett Foundation picked you for a $1 500, Status: R X-Status: X-Keywords: X-UID: 6 REPLY From 3Rlv0XwwJB9M4GzQPP2J0QSR5Bz7A.1DB86zG27C7BEH31.DG5@trix.bounces.google.com Tue Jan 5 04:30:02 2021 Return-Path: <3Rlv0XwwJB9M4GzQPP2J0QSR5Bz7A.1DB86zG27C7BEH31.DG5@trix.bounces.google.com> Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 105CU2Pt012903 for ; Tue, 5 Jan 2021 04:30:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******* X-Spam-Status: Yes, score=7.3 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,GOOGLE_DOC_SUSP, HEADER_FROM_DIFFERENT_DOMAINS,HK_SCAM,HTML_MESSAGE,LOTS_OF_MONEY, MILLION_HUNDRED,MILLION_USD,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, SUBJ_ALL_CAPS,T_MONEY_PERCENT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7408] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [fra100dub132[at]gmail.com] * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.219.208 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.219.208 listed in wl.mailspike.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [fra100dub132[at]gmail.com] * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.3 MILLION_USD BODY: Talks about millions of dollars * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and * EnvelopeFrom freemail headers are different * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 HK_SCAM No description available. * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.0 GOOGLE_DOC_SUSP Suspicious use of Google Docs X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 05 Jan 2021 04:30:02 -0800 (PST) Received: from mail-yb1-f208.google.com (mail-yb1-f208.google.com [209.85.219.208]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 105CRuOl042617 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 5 Jan 2021 06:28:00 -0600 Received: by mail-yb1-f208.google.com with SMTP id l8so56472338ybj.16 for ; Tue, 05 Jan 2021 04:27:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:message-id:date:subject:from:to; bh=33RF38ohp94Sh1APLPhVzi+txNAf5w3WTUTfNQQmRA4=; b=qEUg8l1NVMoSmfY9ZI0Aq8FKDZulMX2Yi+cK9XbThE37shvuYGesWQsczceaeJqt+b qgBnCR8oSi4iS4v9ojFI7uYcPZokZKx/qvkg4W+DgvU3dvNMkU38vR0WZik9J1ST5vmk GYbA3GCWjhdFH9AfBEklakYH1O6dZHfUA4qwSTdF8IFqurNppVVTlYPk2DHRabIaD67J hzCPraRQCRYTvp6D1HmUlH8xgtznxtTLKbkBNuUNrQh4tRL9wXODdrNSzfaMvI4wpUz8 8TVheUnDoZmCF7Aoqc+Nlmtym++cFrn8FzgBmNJvF5QjiudkDM/S30tPy91iufPCC4fX +l7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:message-id:date:subject :from:to; bh=33RF38ohp94Sh1APLPhVzi+txNAf5w3WTUTfNQQmRA4=; b=P6emTgayTpW690O3uja5ToHLsjeETz975pc3Ri54ntk8mYR8doJD5aAAHaqNVZ04eX TyCmSEdZ35oh2sAMy57G93uNUwEnH39ytEDvt/qkIUWtTKXUNWPrvW3JPZA9IbUHr5dd v7t/OzRBimmXPWg+qKFtAtun1mjVlP4zz6VJniu2ptMxaqtKtwzNrENoG62ydaz1eTsc nnjnGR6ITuUobepqRGq8pqeSwz4A9h6m1caQq9wm84f7Onx46VvHWa/EBoACrz5P4rMF lN+Vyb81qKoMvkQC6oEJSctBkTqKFIBOX8ZvwSDOaVqQW7LRcjJx6da5W0/o1joHoqiL p42g== X-Gm-Message-State: AOAM530urpqeVaNKnZOH6c6T0W5CAZuecwcHn2xA6sAdPWeIQY2Edm5o /hCQmx64T4JzFsCBFvwV43CAyYNDEdaxBORA0qaE MIME-Version: 1.0 X-Received: by 2002:a25:3812:: with SMTP id f18mt102384742yba.157.1609849670210; Tue, 05 Jan 2021 04:27:50 -0800 (PST) Reply-To: fra100dub132@gmail.com X-No-Auto-Attachment: 1 Message-ID: <000000000000bc48b605b8265571@google.com> Date: Tue, 05 Jan 2021 12:27:55 +0000 Subject: [SPAM] FROM FRANK DUBE JR. From: fra100dub132@gmail.com To: jhardin@impsec.org X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="0000000000000fc65405b8265615" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 05 Jan 2021 06:28:00 -0600 (CST) for IP:'209.85.219.208' DOMAIN:'mail-yb1-f208.google.com' HELO:'mail-yb1-f208.google.com' FROM:'3Rlv0XwwJB9M4GzQPP2J0QSR5Bz7A.1DB86zG27C7BEH31.DG5@trix.bounces.google.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 05 Jan 2021 06:28:00 -0600 (CST) X-Spam-Prev-Subject: FROM FRANK DUBE JR. Status: R X-Status: X-Keywords: X-UID: 7 Content-Length: 9362 --0000000000000fc65405b8265615 Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes Content-Transfer-Encoding: base64 SSd2ZSBpbnZpdGVkIHlvdSB0byBmaWxsIGluIHRoZSBmb2xsb3dpbmcgZm9ybToNCkNvbnRhY3Qg aW5mb3JtYXRpb24NCg0KVG8gZmlsbCBpdCBpbiwgdmlzaXQ6DQpodHRwczovL2RvY3MuZ29vZ2xl LmNvbS9mb3Jtcy9kL2UvMUZBSXBRTFNlNldvMGxLWmt4Tm9uWE9WMEszTkFNNEIyTWRMWnFuLV9I VTBrY21ieFg2dExUSmcvdmlld2Zvcm0/dmM9MCZhbXA7Yz0wJmFtcDt3PTEmYW1wO2Zscj0wJmFt cDt1c3A9bWFpbF9mb3JtX2xpbmsNCg0KR3JlZXRpbmdzIQ0KDQpJIGFwb2xvZ2l6ZSBmb3IgdGhp cyB1bnNvbGljaXRlZCBtYWlsIHRvIHlvdS4gSSBhbSBhd2FyZSB0aGF0IHRoaXMgaXMgIA0KY2Vy dGFpbmx5IGFuIHVuY29udmVudGlvbmFsIGFwcHJvYWNoIHRvIGVzdGFibGlzaGluZyBhIHJlbGF0 aW9uc2hpcCB3aXRoICANCnlvdSwgYnV0IHlvdSB3aWxsIHJlYWxpemUgdGhlIG5lZWQgZm9yIG15 IGxldHRlciB0byB5b3UuIE1lYW53aGlsZSwgSSBnb3QgIA0KeW91ciBpbmZvcm1hdGlvbiBmcm9t IGEgcmVzZWFyY2ggd2hpY2ggSSBtYWRlIGZyb20gdGhlIFNvdXRoIEFmcmljYW4gIA0KY2hhbWJl ciBvZiBjb21tZXJjZS4NCg0KQXMgYSBtYXR0ZXIgb2YgdXJnZW5jeSBJIHdhbnQgeW91IHRvIGNv bWUgdG8gbXkgYXNzaXN0YW5jZSwgbXkgbmFtZXMgYXJlICANCkZyYW5rIER1YmUgSnIsIHdoaWxl IE15IGxhdGUgZmF0aGVyIG5hbWVzIGFyZSBGcmFuayBNb3lvIER1YmUsIGEgWmltYmFid2VhbiAg DQpmYXJtZXIgc2luY2UgMTk2NyBvbmUgb2YgdGhlIGZhcm1lcnMgdGhlIHN1cHBvcnRlcnMgb2Yg bGF0ZSBQcmVzaWRlbnQgIA0KUm9iZXJ0IE11Z2FiZSBvZiBaaW1iYWJ3ZSBidXJudCB0aGVpciBm YXJtcywgd2hvIGRpZWQgb2YgYSBoZWFydCBhdHRhY2sgYXQgIA0KdGhlIGFnZSBvZiA3MyBhdCBh IFNvdXRoIEFmcmljYW4gcHJpdmF0ZSBjbGluaWMuDQoNCkJlZm9yZSBoaXMgZGVhdGgsIGhlIGRy ZXcgbXkgYXR0ZW50aW9uIHRvIHRoZSBzdW0gb2YgKFVTJDE1LDUwMC4wMDAgMDApICANCmZpZnRl ZW4gbWlsbGlvbiBmaXZlIGh1bmRyZWQgdGhvdXNhbmQgVW5pdGVkIFN0YXRlcyBkb2xsYXJzIHdo aWNoIGhlICANCmRlcG9zaXRlZCB3aXRoIGEgcHJpdmF0ZSBTZWN1cml0eSBDb21wYW55IGluIFNv dXRoIEFmcmljYS4gVGhpcyBjb25zaWdubWVudCAgDQp3YXMgcmVnaXN0ZXJlZCBhcyBmYW1pbHkg dmFsdWFibGVzIGFuZCBwcmVjaW91cyBzdG9uZXMgZm9yIHNhZmUga2VlcGluZyBpbiAgDQpjYXNl IG9mIGRlYXRoLg0KDQpNeSBzaWJsaW5ncyBhbmQgSSBsZWZ0IG91ciBjb3VudHJ5IFppbWJhYndl IHRvIFNvdXRoIEFmcmljYS4gV2UgYXJlICANCnByZXNlbnRseSBpbiBTb3V0aCBBZnJpY2EgYXMg YXN5bHVtIHNlZWtlcnMuIEJ1dCBvdXIgZmFtaWx5IGF0dG9ybmV5IGhhcyAgDQphZHZpc2VkIHVz IHRvIHNvbGljaXQgZm9yIGFueSBvZiBvdXIgbGF0ZSBmYXRoZXLigJlzIHJlbGlhYmxlIGZvcmVp Z24gIA0KcGFydG5lcnMgdG8gYXNzaXN0IHVzIGluIGNsYWltaW5nIHRoZSBjb25zaWdubWVudCBh bmQgdHJhbnNmZXJyaW5nIG9mIHRoZSAgDQpmdW5kIHRvIGhpcy9oZXIgYWNjb3VudCBhcyBuZXh0 IG9mIGtpbiBmb3IgaW52ZXN0bWVudCBhYnJvYWQgYXMgd2FzIHdyaXR0ZW4gIA0KaW4gdGhlIGFn cmVlbWVudCBteSBsYXRlIGZhdGhlciBtYWRlIHdpdGggdGhlIHNlY3VyaXR5IGNvbXBhbnkuDQoN CkkgZGVjaWRlZCB0byBzb2xpY2l0IGZvciB5b3VyIGFzc2lzdGFuY2Ugb24gdGhpcyB0cmFuc2Fj dGlvbiBtZW50aW9uZWQgIA0KYWJvdmUgYmVjYXVzZSBhcyBhc3lsdW0gc2Vla2VycyB3ZSBhcmUg dW5kZXIgdGhlIGxhdyBvZiBTb3V0aCBBZnJpY2FuICANCkdvdmVybm1lbnQgcmVzdHJpY3Rpb24g ZnJvbSBhbnkgYnVzaW5lc3MgZW5nYWdlbWVudHMgYW5kIGFsc28gZm9yIHRoZSAgDQpmYW1pbHkg dG8gbW92ZSB0byBhIHNhZmVyIGNvdW50cnkgdG8gaW52ZXN0IGR1ZSB0byB0aGUgb25nb2luZyBY ZW5vcGhvYmljICANCmF0dGFja3Mgb24gZm9yZWlnbmVycyBoZXJlIGluIFNvdXRoIEFmcmljYSBh cyB0aGlzIGlzIHRoZSBvbmx5IGZvcnR1bmUgbGVmdCAgDQpmb3IgdXMgdG8gc3RhcnQgdXAgb3Vy IGxpdmVzLg0KDQpXZSBhcmUgb2ZmZXJpbmcgeW91IDQwJSBvZiB0aGUgdG90YWwgZnVuZCBmb3Ig eW91ciBlZmZvcnRzLDEwJSBmb3IgYW55ICANCmV4cGVuZGl0dXJlIG1hZGUgZHVyaW5nIHRoZSB0 cmFuc2FjdGlvbiBmcm9tIGJvdGggc2lkZXMgd2hpbGUgdGhlIHJlbWFpbmluZyAgDQo1MCUgd2ls bCBiZSBmb3IgbXkgZmFtaWx5JiMzOTtzIGZ1dHVyZSBpbnZlc3RtZW50IHVuZGVyIHlvdXIgc3Vw ZXJ2aXNpb24gaW4gIA0KeW91ciBjb3VudHJ5Lg0KDQpXZSBsb29rIGZvcndhcmQgdG8geW91ciBr aW5kIGFzc2lzdGFuY2UgYXMgeW91IGV4cGVkaXRlIGFjdGlvbiBpbW1lZGlhdGVseSAgDQp3aXRo IHV0bW9zdCBjb25maWRlbnRpYWxpdHkuDQoNCkF3YWl0aW5nIHlvdXIgcHJvbXB0IHJlc3BvbnNl Lg0KDQpCZXN0IHJlZ2FyZHMuDQpGcmFuayBEdWJlIEpyLg0Ke0ZvciB0aGUgZmFtaWx5fQ0KKzI3 IDc2MyA2NDIgMzM5DQoNClBsZWFzZSBraW5kbHkgcmVwbHkgdmlhIHtkdWJlZnJhbmsxOTcwQGdt YWlsLmNvbX0NCg0KDQpHb29nbGUgRm9ybXM6IENyZWF0ZSBhbmQgYW5hbHlzZSBzdXJ2ZXlzLg0K --0000000000000fc65405b8265615 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<= DEFANGED_IMG alt=3D"Google Forms" height=3D"26px" style=3D"display: = inline-block; margin: 0; vertical-align: middle;" width=3D"143px" src=3D"ht= tps://www.gstatic.com/docs/forms/google_forms_logo_lockup_white_2x.png">
= =
Greetings!

I apologize for this unsolicited = mail to you. I am aware that this is certainly an unconventional approach t= o establishing a relationship with you, but you will realize the need for m= y letter to you. Meanwhile, I got your information from a research which I = made from the South African chamber of commerce.

As a matter of urg= ency I want you to come to my assistance, my names are Frank Dube Jr, while= My late father names are Frank Moyo Dube, a Zimbabwean farmer since 1967 o= ne of the farmers the supporters of late President Robert Mugabe of Zimbabw= e burnt their farms, who died of a heart attack at the age of 73 at a South= African private clinic.

Before his death, he drew my attention to = the sum of (US$15,500.000 00) fifteen million five hundred thousand United = States dollars which he deposited with a private Security Company in South = Africa. This consignment was registered as family valuables and precious st= ones for safe keeping in case of death.

My siblings and I left our = country Zimbabwe to South Africa. We are presently in South Africa as asylu= m seekers. But our family attorney has advised us to solicit for any of our= late father=E2=80=99s reliable foreign partners to assist us in claiming t= he consignment and transferring of the fund to his/her account as next of k= in for investment abroad as was written in the agreement my late father mad= e with the security company.

I decided to solicit for your assistan= ce on this transaction mentioned above because as asylum seekers we are und= er the law of South African Government restriction from any business engage= ments and also for the family to move to a safer country to invest due to t= he ongoing Xenophobic attacks on foreigners here in South Africa as this is= the only fortune left for us to start up our lives.

We are offerin= g you 40% of the total fund for your efforts,10% for any expenditure made d= uring the transaction from both sides while the remaining 50% will be for m= y family's future investment under your supervision in your country.
We look forward to your kind assistance as you expedite action immedi= ately with utmost confidentiality.

Awaiting your prompt response.
Best regards.
Frank Dube Jr.
{For the family}
+27 763 642 3= 39

Please kindly reply via {dubefrank1970@gmail.com}
= Contact information
<= meta itemprop=3D"name" content=3D"Fill out form">
Fill out form
Create your own Google Form
--0000000000000fc65405b8265615-- From donotreply@curatio.ge Mon Jan 4 22:53:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.5 required=5.0 tests=BAYES_99,BAYES_999, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [212.72.135.240 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [212.72.135.240 listed in bl.score.senderscore.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [annallee091[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: GE ** ** ** ** ** ** ** US Received: from mx1.curatio.ge (mx1.curatio.ge [212.72.135.240]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1054qqRN044147 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 4 Jan 2021 22:53:01 -0600 Content-Type: multipart/alternative; boundary="===============0332981804==" DKIM-Signature: v=1; a=rsa-sha256; d=curatio.ge; s=mx1; c=simple/simple; t=1609821459; h=from:subject:to:date:message-id; bh=UB6AC667Lxttu+93r/oBo7KjdLQqADLi+OHr6T6Rrhw=; b=ZRS8TDf7uieFEQ0hiv3qUh517wo1gRbMynRN9Lj96yRKM3JMqpqK2/MRpAzCPvPpurcHH8KoJL3 F9v1ebRkgDpaqf+qLIsd9et8a94uyG9Q7T8GJUwZGsOWd7VYOlabjy0JkMaojUTUVNPH8cQDolcHO ZgcKl+7Wfc+qBqqgHu+eAP5P4qUu96tTE5w2zjd98y5goE9xZgO526M1GbSX31s6AQT/GemUKTnm3 k9nKj/dbSCiKsTx4Nb39enGog0Bfbmy5mCTNDW8vXacz1P3+kGagwlJwHd5xrITRJos72D8IraJ1N pPnwR6sUbdAee44oH9qcwgtfN6N9Uy1SpszA== Received: from CUR-EXCH-MBX01.gpiclinic.ge (172.30.100.151) by CUR-EXCH-MEDGE1.gpiclinic.ge (172.30.150.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Mon, 4 Jan 2021 20:33:53 -0800 Received: from CUR-EXCH-MBX01.gpiclinic.ge (172.30.100.151) by CUR-EXCH-MBX01.gpiclinic.ge (172.30.100.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Tue, 5 Jan 2021 03:00:26 +0400 Received: from mail.curatio.ge (172.30.100.110) by CUR-EXCH-MBX01.gpiclinic.ge (172.30.100.151) with Microsoft SMTP Server id 15.1.2044.4 via Frontend Transport; Tue, 5 Jan 2021 03:00:26 +0400 Received: from localhost (localhost [127.0.0.1]) by mail.curatio.ge (Postfix) with ESMTP id B000DBC2800; Tue, 5 Jan 2021 03:00:26 +0400 (+04) Received: from mail.curatio.ge ([127.0.0.1]) by localhost (mail.curatio.ge [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id NxcPZSXixZXW; Tue, 5 Jan 2021 03:00:26 +0400 (+04) Received: from localhost (localhost [127.0.0.1]) by mail.curatio.ge (Postfix) with ESMTP id E1359BC1DD5; Tue, 5 Jan 2021 02:54:42 +0400 (+04) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.curatio.ge E1359BC1DD5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=curatio.ge; s=65468BCA-AFD5-11EA-A3DE-7B10CB393751; t=1609800883; bh=ydcarMvSkwAdnT5dFYwL+UOJ+xSEn9WRQdHDdGRdNLY=; h=MIME-Version:To:From:Date:Message-Id; b=W1Cn07ifF49IN/exBaLiVK5BIDPpz3O8ZbObM8kNe0WksecTyAEr44inE2PGT0zKD 6IHE36WFS6NDwcrVJvpNjjB6Noj27w/TN1WzXBeIUN++8bG/ySAMaT2ib+pzxmsFbC Pr7khWO3i2bQmEbuXyGIyvjYUz0VAu/Tja7xyzHY86jHIXTPZw6jzkaqWArktsGExm McDIsnh9moHR9ZEg02Z5hJxbLsTNxYkuYGR63VsmUhOhpJV7FPlInsgqHGgFb+iSJg 8bl+fTi8bAqTBOeVL3KizcSg8gEE0y408TNmGPYxBRxV0tGAWadxmhksBH7S59fxf/ 1IjNMShnoTsYA== X-Virus-Scanned: amavisd-new at curatio.ge Received: from mail.curatio.ge ([127.0.0.1]) by localhost (mail.curatio.ge [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8vuYAhEJFqSN; Tue, 5 Jan 2021 02:54:42 +0400 (+04) Received: from EC2AMAZ-QOC8ODH.ec2.internal (ec2-18-232-59-24.compute-1.amazonaws.com [18.232.59.24]) by mail.curatio.ge (Postfix) with ESMTPSA id 0D85CBC19B2; Tue, 5 Jan 2021 02:49:42 +0400 (+04) MIME-Version: 1.0 Subject: [SPAM] =?utf-8?b?R3LDvMOfZSw=?= To: Recipients From: donotreply@curatio.ge Date: Mon, 04 Jan 2021 22:49:39 +0000 Reply-To: Message-Id: <20210104224943.0D85CBC19B2@mail.curatio.ge> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 22:53:02 -0600 (CST) for IP:'212.72.135.240' DOMAIN:'mx1.curatio.ge' HELO:'mx1.curatio.ge' FROM:'donotreply@curatio.ge' RCPT:'' X-Greylist: Delayed for 00:15:09 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 04 Jan 2021 22:53:02 -0600 (CST) X-Spam-Prev-Subject: =?utf-8?b?R3LDvMOfZSw=?= Status: R X-Status: X-Keywords: X-UID: 8 Content-Length: 1632 --===============0332981804== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Hallo, Komplimente des Tages. Mein Name ist Ann Lee. Ich bin leitender Angestellt= er bei einer =F6ffentlichen Bank hier in der Wing Hang Bank in Hongkong. Ic= h kontaktiere Sie bez=FCglich eines vertraulichen Gesch=E4ftsvorschlags, de= r f=FCr uns beide von gro=DFem gegenseitigem Nutzen ist. Wenn Sie interessi= ert sind Bitte kontaktieren Sie mich unter meiner privaten E-Mail-Adresse f= =FCr weitere Informationen: annallee091@gmail.com Ich freue mich darauf bal= d von Ihnen zu h=F6ren. Gr=FC=DFe, Fr=E4ulein Anna Lee --===============0332981804== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body

Hallo,

Komplimente des Tages. Mein Name ist Ann Lee. Ich bin leitender Angestel= lter bei einer =F6ffentlichen Bank hier in der Wing Hang Bank in Hongkong. = Ich kontaktiere Sie bez=FCglich eines vertraulichen Gesch=E4ftsvorschlags, = der f=FCr uns beide von gro=DFem gegenseitigem Nutzen ist. Wenn Sie interes= siert sind Bitte kontaktieren Sie mich unter meiner privaten E-Mail-Adresse= f=FCr weitere Informationen: anna= llee091@gmail.com Ich freue mich darauf bald von Ihnen zu h=F6ren.

Gr=FC=DFe,

Fr=E4ulein Anna Lee

--===============0332981804==-- From karla@grupoi5.com.br Tue Jan 5 16:37:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.8 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DEAR_BENEFICIARY,FORM_FRAUD_3, FREEMAIL_FORGED_REPLYTO,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MAY_BE_FORGED, MILLION_USD,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, PDS_RDNS_DYNAMIC_FP,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL,RDNS_DYNAMIC,RELAY_COUNTRY_BR, REPTO_419_FRAUD_YN,SPAM_BOOSTER_04,SPAM_BOOSTER_08,SPAM_BOOSTER_13, SPF_HELO_NONE,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_YN Reply-To is known 419 fraud collector * mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [138.219.176.24 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [138.219.176.24 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.3 MILLION_USD BODY: Talks about millions of dollars * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.6 MONEY_NOHTML Lots of money in plain text * 0.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 2.4 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: BR DE Received: from srv01.grupoi5.com.br (138.219.176.24.grupoi5.com.br [138.219.176.24] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 105MbeCm027854 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 5 Jan 2021 16:37:47 -0600 Received: from vmi501802.contaboserver.net ([178.238.224.83]) by srv01.grupoi5.com.br with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.92.2) (envelope-from ) id 1kwnU2-0001Jl-Lx; Tue, 05 Jan 2021 12:38:50 -0200 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re-Release of your fund valued at 22.5 Million USD To: Recipients From: "David Malpass" Date: Tue, 05 Jan 2021 15:38:37 +0100 Reply-To: fed.r3v@yandex.com Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 05 Jan 2021 16:37:47 -0600 (CST) for IP:'138.219.176.24' DOMAIN:'[138.219.176.24]' HELO:'srv01.grupoi5.com.br' FROM:'karla@grupoi5.com.br' RCPT:'' X-Greylist: Delayed for 07:58:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 05 Jan 2021 16:37:47 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 105MbeCm027854 X-Spam-Prev-Subject: Re-Release of your fund valued at 22.5 Million USD Status: R X-Status: X-Keywords: X-UID: 9 Attention Beneficiary, Re-Release of your fund valued at 22.5 Million Dollars Following the recent development in regards to your long awaiting payment valued at 22.5 Million dollars, We write to notify you that we have rescheduled your payment by Telegraphic Wire Transfer through our accredited bank, Federal Reserve Bank to enable you to have full access to your funds immediately. The reason is because we would not want you to encounter any difficulty on your fund transfer. You are hereby advised to reply to us immediately with the below information. Full Name: Full Address: Bank Name: Telephone#: Thanks for your patience Regards, World Bank Group President: David Malpass. From 3XPb1XwoJBycR.SHDFHddhJPDLO.FRPMKDUGLQLPSVHF.RUJ@trix.bounces.google.com Wed Jan 6 11:41:58 2021 Return-Path: <3XPb1XwoJBycR.SHDFHddhJPDLO.FRPMKDUGLQLPSVHF.RUJ@trix.bounces.google.com> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.5 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,GOOGLE_DOC_SUSP, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.222.197 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.222.197 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [o.peace004[at]gmail.com] * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [o.peace004[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and * EnvelopeFrom freemail headers are different * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 GOOGLE_DOC_SUSP Suspicious use of Google Docs * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 106HfrL4014474 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 6 Jan 2021 11:41:57 -0600 Received: by mail-qk1-f197.google.com with SMTP id a17so3294998qko.11 for ; Wed, 06 Jan 2021 09:41:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:message-id:date:subject:from:to; bh=nuJBljDDB9e1bHQ5qF8YtiaM/QFVyD6JpNZ14azx31Y=; b=V08EGkqnoN1A5QGOrLzxBPWa7wPW4i3SSUxZ67HZBJiXHhupq4NR+L8SYQTtR6fa+R /yvow7RZESt/5FkK9ik8Xg3eZb/+yUpB5B1Dj2A6mtMb7sMA57SHEWRqZcTxUkbUP7jI 5g2gZAuRgPhto37O/URkC8JNjGHVMVpJz42XrVh2BpQKDY/YD9UxU/5t4/Ek1yw21Wir XI2A3x5HxLWX+FrgnJ//y7+LQ7zxiQJHpoo7s6aBm2I4te21v7yY2ZL19XGvPdqMo6+f Jd++1Dg9t5bfma7gMeRh3ZNbK7DmcBJlItkrufJ08gJWo5vnVDzTpxZYbY96JPIl5Z2i 9Itw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:message-id:date:subject :from:to; bh=nuJBljDDB9e1bHQ5qF8YtiaM/QFVyD6JpNZ14azx31Y=; b=ow1SPz7/o/pZL8s4AXhdhB+ok8pQ+HQMYjOzN50pt5KmUyyOGUxKRa2HPKt8v4Yr01 yHOD47t8KSgvxa28ivOUSwZu3O67mwz+GJtRrOtj0UcCDgXgq0r4ikEU/u/SOW7S1Cr3 Au5Eux/gj+GiQcY07yPKRDX4Jcde9KYBh1nR+EodNOnlSIx0D6jf56qucsM0XDrIMRoK XqMBz0aMGb7zGLSFx8aLzqO4+IrpJ1JmwOVRb4q7xN/JpWM8hqeGm7YNtOOhU7tl4o6s n8EFxaeEg/I6xy5ajG01T92sgwlzTOLJH89bVHdW2lszzj6Dj1fY6cDfm66LNWc/rY/a ySSw== X-Gm-Message-State: AOAM531Bp9FrlCcbzkxdhADKX9LKASfolbwP87M5MFCuCHfI1GHjCHdn UZB40TReiQA8JxyvaA92TkuPYlAPYiqZqjHeZuYW MIME-Version: 1.0 X-Received: by 2002:a05:620a:a19:: with SMTP id i25mt5639595qka.157.1609954908563; Wed, 06 Jan 2021 09:41:48 -0800 (PST) Reply-To: o.peace004@gmail.com X-No-Auto-Attachment: 1 Message-ID: <0000000000006e0b3f05b83ed67a@google.com> Date: Wed, 06 Jan 2021 17:41:50 +0000 Subject: [SPAM] Greetings From: o.peace004@gmail.com To: jhardin@impsec.org Content-Type: multipart/alternative; boundary="000000000000905c7205b83ed651" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Jan 2021 11:41:58 -0600 (CST) for IP:'209.85.222.197' DOMAIN:'mail-qk1-f197.google.com' HELO:'mail-qk1-f197.google.com' FROM:'3XPb1XwoJBycR.SHDFHddhJPDLO.FRPMKDUGLQLPSVHF.RUJ@trix.bounces.google.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Jan 2021 11:41:58 -0600 (CST) X-Spam-Prev-Subject: Greetings Status: R X-Status: X-Keywords: X-UID: 10 Content-Length: 4699 --000000000000905c7205b83ed651 Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes I've invited you to fill out the following form: Untitled form To fill it out, visit: https://docs.google.com/forms/d/e/1FAIpQLSelcrDIrrnnxgg8dFnHSz_Ja56AC4i3TozxbTYs2AAkhG1w0A/viewform?vc=0&c=0&w=1&flr=0&usp=mail_form_link marie_avis12@yahoo.com Greetings to you my dear, My name is Mrs Marie Evis I have a donation of ($10.500.000.00) for you. Please I will like you to get back to me if you will help on this donation to help the poor. I will give you more details on how you can help to invest this money to help the poor because of my poor health condition which I will let you know as soon as I hear from you. Please do reply me with my private email address below for more details. God bless you as I wait for your reply. Your sister. Miss Marie Evis. marie_avis12@yahoo.com Google Forms: Create and analyze surveys. --000000000000905c7205b83ed651 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
3D"Google
=
marie_avis12@yahoo.com
Greetings to you my dear,My name is Mrs Marie Evis I have a donation of ($10.500.000.00) for you. = Please I will like you to get back to me if you will help on this donation = to help the poor. I will give you more details on how you can help to inves= t this money to help the poor because of my poor health condition which I w= ill let you know as soon as I hear from you. Please do reply me with my pri= vate email address below for more details.
God bless you as I wait for y= our reply.
Your sister.
Miss Marie Evis.
marie_avis12@yahoo.com
Untitled form
Fill out form
<= td>
Create your own Google = Form
--000000000000905c7205b83ed651-- From info@amourjewelry.com.tw Wed Jan 6 13:22:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.7 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BAYES_999,DEAR_FRIEND,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_DYNIP, FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MILLION_HUNDRED,MILLION_USD,MONEY_BARRISTER, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,PDS_RDNS_DYNAMIC_FP,RCVD_IN_RP_RNBL,RDNS_DYNAMIC, RELAY_COUNTRY_TW,SPAM_BOOSTER_08,SPF_HELO_NONE,SPF_NONE, TO_NO_BRKTS_FROM_MSSP,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [59.124.0.16 listed in bl.score.senderscore.com] * 0.5 RELAY_COUNTRY_TW Relayed via Taiwan * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [roberthanandez6655[at]gmail.com] * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.3 MILLION_USD BODY: Talks about millions of dollars * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.6 MONEY_NOHTML Lots of money in plain text * 1.0 FROM_MISSP_DYNIP From misspaced + dynamic rDNS * 0.0 MONEY_BARRISTER Lots of money from a UK lawyer * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.2 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TW ** Received: from mail.amourjewelry.com.tw (59-124-0-16.HINET-IP.hinet.net [59.124.0.16]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 106JMkxC020423 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 6 Jan 2021 13:22:50 -0600 Message-Id: <202101061922.106JMkxC020423@ga.impsec.org> Received: from [193.239.147.143] (unknown [192.168.2.254]) by mail.amourjewelry.com.tw (Postfix) with ESMTP id 7673548E209 for ; Thu, 7 Jan 2021 03:12:57 +0800 (CST) Authentication-Results: mail.amourjewelry.com.tw; dmarc=none (p=none dis=none) header.from=amourjewelry.com.tw Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re: GOOD DAY To: jhardin@impsec.org From: "Mrs.Esther Taylor" Date: Wed, 06 Jan 2021 11:12:54 -0800 Reply-To: roberthanandez6655@gmail.com X-Synology-Virus-Status: no X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Jan 2021 13:22:50 -0600 (CST) for IP:'59.124.0.16' DOMAIN:'59-124-0-16.HINET-IP.hinet.net' HELO:'mail.amourjewelry.com.tw' FROM:'info@amourjewelry.com.tw' RCPT:'' X-Greylist: Delayed for 00:09:36 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Jan 2021 13:22:50 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 106JMkxC020423 X-Spam-Prev-Subject: Re: GOOD DAY Status: R X-Status: X-Keywords: X-UID: 11 Content-Length: 2660 Dear Friend, My name is Mrs.Esther Taylor, I am a dying woman who have decided to donate what I have to you/ church/ mosque and the less privileged. I am 77 years old and I was diagnosed for cancer for about 9 years ago, immediately after the death of my husband, who has left me everything he worked for. I have been touched by God to donate from what I have inherited from my late husband to you for the good work of God,rather than allow my relatives to use my husband hard earned funds ungodly. Please pray,that the good Lord forgive me my sins.I have asked God to forgive me and believe he has because He is a merciful God. I will be going in for an operation in less than one hour. I decided to WILL/donate the sum of {usd$13.8 }thirteen million eight hundred thousand dollars) to you for the good work of the lord, and also to help the motherless and less privilege and also for the assistance of the widows.At the moment I cannot take any telephone calls right now due to the fact that my husband relative are around me and my health status. I have adjusted my WILL and my lawyer is aware I have changed my will you and my lawyer will arrange the transfer of the funds from my account to you.I wish you all the best and may the good Lord bless you abundantly,and please use the funds well and always extend the good work to others.Contact my lawyer with this specified contact details: Barrister Jeffery Briggs. 133 Kingsway London WC2B 6UN E-MAIL ; roberthanandez6655@gmail.com Please Inform him I have WILLED(usd$13.8 ) thirteen million eight hundred thousand united state dollar to you by quoting my personal reference number WILL/TT453276542/Jrr/075.And I have also notified him that I am WILLING that amount to you for a specific and good work. I know I don't know you but I have been directed to do this.Thanks and God bless. NB: I will appreciate your utmost confidentiality in this matter until the task is accomplish. Mrs.Esther Taylor, ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This mail and information is intended only for the person or entity that is addressed and may contain confidential and / or privileged material. Any review, re-transmission, dissemination or other use, or any action in reliance on this information by persons or entities. If you have received this mail in error, please contact the sender and delete the material from any computer. Finally, the recipient should check this email and any attachments for the presence of viruses. Union Bank PLC and its employees accept no liability for any damage caused by any virus transmitted by this email. From jhardin@impsec.org Thu Jan 7 11:08:22 2021 +0100 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 86969 invoked by uid 99); 7 Jan 2021 11:36:08 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jan 2021 11:36:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 5200CC0494 for ; Thu, 7 Jan 2021 11:36:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 4.843 X-Spam-Level: **** X-Spam-Status: No, score=4.843 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, RCVD_IN_BL_SPAMCOP_NET=2, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_PSBL=2.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=agrovolcan.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id bI328qUTUhSK for ; Thu, 7 Jan 2021 11:36:05 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=161.35.54.180; helo=panel.agrovolcan.com; envelope-from=imffunds@agrovolcan.com; receiver= Received: from panel.agrovolcan.com (panel.agrovolcan.com [161.35.54.180]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 5C088BC957 for ; Thu, 7 Jan 2021 11:36:05 +0000 (UTC) Received: from [192.168.43.233] (unknown [197.210.70.135]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by panel.agrovolcan.com (Postfix) with ESMTPSA id 046B11975D2E; Thu, 7 Jan 2021 10:08:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=agrovolcan.com; s=default; t=1610014113; bh=g6ux5CudS/t7SVtqF1WxvTPMVZrzblypsiqyOPxYi7M=; h=Subject:To:From:Date:Reply-To; b=J0/6Y//B5cM1wNp2AX+SVfHvUd2DNqVvPp6XLO1HCeNKvzelmAgESGWGKiocYfWJw tKn1LBzwCVQh8GJsh1DcL53K9BD2UxreRKlXxxYwGBGxI8E71U7+diljBGYQMOvENX 19iHpci5knmklcOQYoSeOB+xCyV9oNvB1b8zQjIM= X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="===============0808897383==" MIME-Version: 1.0 Subject: HABEN SIE IHRE 2, 5 MILLIONEN EURO-FONDS JETZT E-MAIL ERHALTEN? imffunds@inbox.lv To: Recipients From: IMFFUNDS@agrovolcan.com Date: Thu, 07 Jan 2021 11:08:22 +0100 Reply-To: imffunds@inbox.lv Status: R X-Status: X-Keywords: X-UID: 12 Content-Length: 1920 You will not see this in a MIME-aware mail reader. --===============0808897383== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Hallo Liebes, Ich bin Mr. William. Ich schreibe Ihnen, um Sie darauf aufmerksam zu machen= , dass der Internationale W=E4hrungsfonds (IWF) =FCber meine Bank Ihre E-Ma= il-Adresse unter den als entsch=E4digt aufgef=FChrten Betrugsopfern ausgew= =E4hlt hat. In Ihrem Namen wurde eine Gesamtsumme von 2.500.000,00 =20AC (z= wei Millionen f=FCnfhunderttausend Euro) genehmigt, die Ihnen innerhalb von= 2 Tagen per Bargeld =FCber diplomatische Kurierdienste zugestellt werden s= oll. Wir empfehlen Ihnen daher, sich jetzt mit uns in Verbindung zu setzen,= damit Sie Ihr Geld erhalten k=F6nnen Vielen Dank, Herr William --===============0808897383== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable

Hallo Liebes,

Ich bin Mr. William. Ich schreibe Ihnen, um Sie = darauf aufmerksam zu machen, dass der Internationale W=C3=A4hrungsfonds (IW= F) =C3=BCber meine Bank Ihre E-Mail-Adresse unter den als entsch=C3=A4digt = aufgef=C3=BChrten Betrugsopfern ausgew=C3=A4hlt hat. In Ihrem Namen wurde e= ine Gesamtsumme von 2.500.000,00 =E2=82=AC (zwei Millionen f=C3=BCnfhundert= tausend Euro) genehmigt, die Ihnen innerhalb von 2 Tagen per Bargeld =C3=BC= ber diplomatische Kurierdienste zugestellt werden soll. Wir empfehlen Ihnen= daher, sich jetzt mit uns in Verbindung zu setzen, damit Sie Ihr Geld erha= lten k=C3=B6nnen

Vielen Dank,
Herr William

--===============0808897383==-- From nami@5papa.xyz Sat Jan 9 14:21:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.6 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_95,CTE_8BIT_MISMATCH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_MSFT,FROM_NTLD_REPLY_FREEMAIL, FROM_SUSPICIOUS_NTLD,FROM_SUSPICIOUS_NTLD_FP,FSL_CTYPE_WIN1251, LCL_FROM_RARE_TLD,LCL_HAS_RPATH,LOTS_OF_MONEY,MISSING_HEADERS, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML,PDS_OTHER_BAD_TLD, RCVD_IN_PSBL,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC,SPF_HELO_PASS, SPF_PASS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9697] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [106.75.210.59 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 LCL_HAS_RPATH Has Return-Path * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs * [URI: 5papa.xyz (xyz)] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [melvidabullock5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 3.0 LCL_FROM_RARE_TLD From address in rarely-nonspam TLD * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.3 FROM_SUSPICIOUS_NTLD_FP From abused NTLD * 0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.8 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.8 FROM_NTLD_REPLY_FREEMAIL From abused NTLD and Reply-To is * FREEMAIL * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.3 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CN Received: from 5papa.xyz (5papa.xyz [106.75.210.59]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 109KKuco004107 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 9 Jan 2021 14:21:01 -0600 Message-Id: <202101092021.109KKuco004107@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=5papa.xyz; h=Reply-To:From:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding; i=nami@5papa.xyz; bh=04Q9kOrO+YlsXmmx9afohTycOWM=; b=ifGTSd+MAl/cEsjS5AdXqJTxdjMGCvnFe/RCoXieegJ2TZfts0GX9qqN/eTiwGqJo/R3WIPvX7mt ALXuuHqgXwPbUV4sMo57mtRYBzbiSAixfGeci53Wu5XfCvF6KDajbitzw4Vz4dgcKeIQlReg7is/ fx7Pe0VHcXReN8U3dqE= Reply-To: From: "Ms. Melvida bullock" Subject: [SPAM] Greetings; Date: Sat, 9 Jan 2021 12:09:11 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 09 Jan 2021 14:21:02 -0600 (CST) for IP:'106.75.210.59' DOMAIN:'5papa.xyz' HELO:'5papa.xyz' FROM:'nami@5papa.xyz' RCPT:'' X-Greylist: Delayed for 00:10:52 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 09 Jan 2021 14:21:02 -0600 (CST) X-Spam-Prev-Subject: Greetings; Status: R X-Status: X-Keywords: X-UID: 13 Dear Beloved Life is gradually passing away from me as a result of my present medical condition and my personal doctor confided in me yesterday that I have only but few more weeks to live. In view of this setback, I want to donate my estate for humanitarian assistance, since this has always been the plan of my late husband and besides I have no child. In an effort to compliment the good work of our creator for humanity and the wish of my late Husband I donate the sum of 10,000,000.00 Euro (Ten Million EUR) to you. On your acknowledgment of this mail and informing me of your nationality and current place of resident, my Bank will facilitate due processes for transfer of this legacy to you. May God bless you as you use this money judiciously for the work of charity. Sincere regards, Ms. Melvida Bullock Email: melvidabullock5@gmail.com From eventos@turbolinenet.com.br Wed Jan 13 07:55:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.3 required=5.0 tests=BAYES_50,FORM_FRAUD, FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, LCL_HAS_ENVFROM,LCL_HAS_RPATH,MAY_BE_FORGED,PDS_RDNS_DYNAMIC_FP, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RDNS_DYNAMIC,REPTO_419_FRAUD_YN, SPF_HELO_NONE,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5662] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [45.173.252.243 listed in psbl.surriel.com] * 0.0 LCL_HAS_ENVFROM Has populated envfrom * 6.0 REPTO_419_FRAUD_YN Reply-To is known 419 fraud collector * mailbox * 0.0 LCL_HAS_RPATH Has Return-Path * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [45.173.252.243 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [45.173.252.243 listed in bl.score.senderscore.com] * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 1.0 FORM_FRAUD Fill a form and a fraud phrase X-Spam-Relay-Country: XX GB Received: from srv01.turbolinenet.com.br (45.173.252.243.turbolinenet.com.br [45.173.252.243] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10DDspPF020831 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 13 Jan 2021 07:55:01 -0600 Received: from 399795.vps-10.com ([91.109.5.26]) by srv01.turbolinenet.com.br with esmtpa (Exim 4.92.2) (envelope-from ) id 1kzccB-0003Jp-3s; Wed, 13 Jan 2021 07:38:55 -0200 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Telegraphic Telex! To: Recipients From: "Mr. Jerome Powell" Date: Wed, 13 Jan 2021 10:39:05 +0000 Reply-To: fed.r3v@yandex.com Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 13 Jan 2021 07:55:02 -0600 (CST) for IP:'45.173.252.243' DOMAIN:'[45.173.252.243]' HELO:'srv01.turbolinenet.com.br' FROM:'eventos@turbolinenet.com.br' RCPT:'' X-Greylist: Delayed for 03:14:33 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 13 Jan 2021 07:55:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10DDspPF020831 X-Spam-Prev-Subject: Telegraphic Telex! Status: R X-Status: X-Keywords: X-UID: 14 Content-Length: 2506 Dear Customers; Happy New Year! We the Federal Reserve Bank officials were heading a meeting at the White House yesterday towards the situation of this funds delivery of a thing,when Mr. Williams from the Federal Reserve Bank of New York came out with his topic and opinions which later ended with a report on the cancellation of some of the beneficiaries whose according to him,did not make any attempt or show any interest in the funds assigned to them. He added that , it isn't the fault of the beneficiaries and also not the fault of the deliverers which he considered poor working class and organizing mentality as the cause of it. As an angry bird, he asked for the cancellation of any fund beneficiary who decided not to be replying his emails about this funds issue, he had it that, there seems to be no reason of keeping your emails on his phone since no other business that tied you both together except the funds from the UN and to be delivered by his bank. A list he presented which shows the number of beneficiaries he is going to attend,how much they are to receive, how to get it delivered, how many people who had received theirs, the ones who is yet to receive theirs, number of unbelievers, and the ones who is yet to be informed about the funds. Your information,phone number and email address was seen as #86 out of the #160 persons who suddenly stopped replying his emails. His reports are too numerous to be written down here. ************************************************* I looked at the report and decided to sleep over it before passing out my judgement. The FBI got involved in the issues and according to what they said,most people lost confidence in the Federal Reserve Bank institution because: 1.They receives more emails about the funds more than expected. 2.They were made to believe that the yet to receive fund comes also from the other financial institution and not only the Federal Reserve Bank.( But this is a very big lie!). ************************************************* To end the long messages, Mr. John C Williams wrote a letter to the authority , seeking for the cancellation of your fund which he stated that he reason is that you are no longer responding to his emails, and for him to avoid been charged for an unexpected fine,he has no right to leave a rejected funds in his bank. So you have to get back to me as soon as you received this email. ************************************************* Mr Jerome Powell Director Federal Reserve Bank From jhardin@impsec.org Mon Jan 18 09:46:42 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 72787 invoked by uid 99); 18 Jan 2021 09:58:06 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jan 2021 09:58:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 12C80C0115 for ; Mon, 18 Jan 2021 09:58:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 5.424 X-Spam-Level: ***** X-Spam-Status: No, score=5.424 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_DYNAMIC_IPADDR=3.243, KAM_BLANKSUBJECT=0.25, LOTS_OF_MONEY=0.001, MISSING_SUBJECT=1.767, RDNS_DYNAMIC=0.363, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=qriusbd.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id u_KXXl69cILW for ; Mon, 18 Jan 2021 09:58:04 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=18.138.214.209; helo=ec2-18-138-214-209.ap-southeast-1.compute.amazonaws.com; envelope-from=info@qriusbd.com; receiver= Received: from ec2-18-138-214-209.ap-southeast-1.compute.amazonaws.com (ec2-18-138-214-209.ap-southeast-1.compute.amazonaws.com [18.138.214.209]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 2292EBCC5C for ; Mon, 18 Jan 2021 09:58:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=qriusbd.com ; s=default; h=Content-Transfer-Encoding:Content-Type:Message-ID:Reply-To:To: From:Date:MIME-Version:Sender:Subject:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=QkpHXlFNL/qt/+Iws54EzTWqLytHRDCGzDKoo7/5A/E=; b=bL7EpLZJvndzQkTHNuS84+KVnh DtB3zC3L6se/7jPQLMVmfPlMIayyEj3hJc/BN+BhBSlQ0RgOCpyNKd4EaPhIhQ4DquQ6JUsB84bPZ jrHPkgC+5ryj7SIrDbys/zxWXZs6/MQ7j/wzPBmVHVEgLv5kotlfu+fOB9FJj5RF+2eI3oqFt0py3 3j4VKpDmzQYlc4zLVvyg1Gyr45Yys17eWs5JFOWlIIoPyHmXSB3AB5QyQ8Hj/aGlerkQXKt6TYuYi jBsdCoZGRXPcU57lKZzWG5jAssAZpkeT1P2B+XE/sRnvPE5yh4gTjum1uIBxy258r0M8N1LDd0VfU Wgn6u4ng==; Received: from [::1] (port=47024 helo=server2.bestssdserver1.com) by server2.bestssdserver1.com with esmtpa (Exim 4.93) (envelope-from ) id 1l1R7S-0003nb-MB; Mon, 18 Jan 2021 09:46:42 +0000 MIME-Version: 1.0 Date: Mon, 18 Jan 2021 09:46:42 +0000 From: COVID -19 Benefit Funds wert To: undisclosed-recipients:; Reply-To: c.european@aol.com User-Agent: Roundcube Webmail/1.4.10 Message-ID: X-Sender: info@qriusbd.com Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server2.bestssdserver1.com X-AntiAbuse: Original Domain - spamassassin.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - qriusbd.com X-Get-Message-Sender-Via: server2.bestssdserver1.com: authenticated_id: info@qriusbd.com X-Authenticated-Sender: server2.bestssdserver1.com: info@qriusbd.com X-Source: X-Source-Args: X-Source-Dir: Status: R X-Status: X-Keywords: X-UID: 15 -- Schönen Tag, Herzlichen Glückwunsch, dass Sie einer der glücklichen Gewinner des COVID-19-Vorteilsfonds im Wert von 500.000 EUR sind, um den Kampf gegen COVID-19 zu unterstützen und Ihr Unternehmen zu finanzieren, während Sie zu Hause bleiben, um die Ausbreitung des Virus zu stoppen. UNICEF und die Europäische Union haben Ihnen mit REF NUMBER COVID -19 / EU / 08/2021 750.000 EUR Leistungsfonds zugesprochen Bitte füllen Sie die folgenden Details aus, um Ihren Gewinn zu verarbeiten. Vollständiger Name, Geburtsdatum, Land, Telefon, Grüße Im Namen der Europäischen Kommission Ursula von der Leyen COVID -19 NUTZENFONDS From tedros.ghebreyesus@who.int Mon Jan 18 23:03:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.5 required=5.0 tests=BAYES_50,DEAR_SOMETHING, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RELAY_COUNTRY_RU,SPF_FAIL, SPF_HELO_SOFTFAIL,SUBJ_ALL_CAPS,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5001] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [31.13.36.133 listed in psbl.surriel.com] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [31.13.36.133 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [31.13.36.133 listed in bl.mailspike.net] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [tg331965[at]outlook.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=tedros.ghebreyesus%40who.int;ip=31.13.36.133;r=ga.impsec.org] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.6 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU ** US Received: from mailbox.mos.ru (mailbox.mos.ru [31.13.36.133]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10J53XBl009202 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 18 Jan 2021 23:03:37 -0600 Received: from owa.dit.local (10.159.86.52) by owa.dit.local (10.159.86.52) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.529.5; Mon, 18 Jan 2021 17:53:46 +0300 Received: from [64.188.20.99] (64.188.20.99) by mailbox.mos.ru (10.159.86.52) with Microsoft SMTP Server id 15.2.529.5 via Frontend Transport; Mon, 18 Jan 2021 17:53:43 +0300 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] "DONATION " To: Recipients From: World Health Organization Date: Mon, 18 Jan 2021 06:53:40 -0800 Reply-To: Message-ID: <9f744723-818d-4cfc-8796-9ba0b13b905b@owa.dit.local> X-CrossPremisesHeadersFilteredBySendConnector: owa.dit.local X-OrganizationHeadersPreserved: owa.dit.local X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Jan 2021 23:03:37 -0600 (CST) for IP:'31.13.36.133' DOMAIN:'mailbox.mos.ru' HELO:'mailbox.mos.ru' FROM:'tedros.ghebreyesus@who.int' RCPT:'' X-Greylist: Delayed for 00:15:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Jan 2021 23:03:37 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10J53XBl009202 X-Spam-Prev-Subject: "DONATION " Status: R X-Status: X-Keywords: X-UID: 16 Content-Length: 1164 Dear Sir/Madam This is to notify you that you have been chosen by the World Health Organization (W.H.O) in-conjunction with the World Bank Organization (W.B.O) as Quarantine funds donation to help and fight against the Corona Virus Disease (COVID-19). The World Health Organization (W.H.O)/ World Bank Organization (W.B.O) release out a total of $800 Billion dollars to spread around the world. You have been granted with the sum of $750,000.00 USD (Seven Hundred and Fifty Thousand United States Dollars). You are advised to contact the World Health Organization (W.H.O) Funds Claims Office as soon as possible at the email below, failure to do so might result to funds been returned unclaimed. Send your full name with the following Donation code to the below Email. Donation code: WHO#00291/Covid-19/21 E-Mail to: (p.perrenoud@eim.ae) As soon as our claims office receive your donation code and your details, they shall inform you with the mode of payment. As we have appointed several Banks around the world for this purpose. Thank you for your understanding. COVID-19 is real stay safe! Best Regards, Dr Tedros Adhanom Ghebreyesus Director-General. From tedros.ghebreyesus@who.int Tue Jan 19 02:26:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.9 required=5.0 tests=BAYES_50,DEAR_SOMETHING, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5009] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [tg331965[at]outlook.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=tedros.ghebreyesus%40who.int;ip=181.57.184.218;r=ga.impsec.org] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.4 MONEY_NOHTML Lots of money in plain text * 2.3 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.5 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.1 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: CO ** Received: from igleco.site (static-ip-18157184218.cable.net.co [181.57.184.218] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10J8QJEs021126 for ; Tue, 19 Jan 2021 02:26:24 -0600 Message-Id: <202101190826.10J8QJEs021126@ga.impsec.org> Received: from [64.188.20.99] (unknown [172.16.0.1]) by igleco.site (Postfix) with ESMTP id 57D6B22C61; Mon, 18 Jan 2021 10:04:45 -0500 (COT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] "DONATION" To: Recipients From: "World Health Organization" Date: Mon, 18 Jan 2021 06:42:34 -0800 Reply-To: tg331965@outlook.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 19 Jan 2021 02:26:24 -0600 (CST) for IP:'181.57.184.218' DOMAIN:'[181.57.184.218]' HELO:'igleco.site' FROM:'tedros.ghebreyesus@who.int' RCPT:'' X-Greylist: Delayed for 10:24:47 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 19 Jan 2021 02:26:24 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10J8QJEs021126 X-Spam-Prev-Subject: "DONATION" Status: R X-Status: X-Keywords: X-UID: 17 Content-Length: 1129 Dear Sir/Madam This is to notify you that you have been chosen by the World Health Organization (W.H.O) in-conjunction with the World Bank Organization (W.B.O) as Quarantine funds donation to help and fight against the Corona Virus Disease (COVID-19). The World Health Organization (W.H.O)/ World Bank Organization (W.B.O) release out a total of $800 Billion dollars to spread around the world. You have been granted with the sum of $750,000.00 USD (Seven Hundred and Fifty Thousand United States Dollars). You are advised to contact the World Health Organization (W.H.O) Funds Claims Office as soon as possible at the email below, failure to do so might result to funds been returned unclaimed. Send your full name with the following Donation code to the below Email. Donation code: WHO#00291/Covid-19/21 E-Mail to: (p.perrenoud@eim.ae) As soon as our claims office receive your donation code and your details, they shall inform you with the mode of payment. As we have appointed several Banks around the world for this purpose. COVID-19 is real stay safe! Best Regards, Dr Tedros Adhanom Ghebreyesus Director-General. From tedros.ghebreyesus@who.int Wed Jan 20 13:35:32 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.2 required=5.0 tests=BAYES_99,BAYES_999, DEAR_SOMETHING,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL, RDNS_NONE,RELAY_COUNTRY_VN,REPTO_419_FRAUD_OL,SPF_FAIL,SPF_HELO_NONE, TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [118.70.165.84 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [118.70.165.84 listed in bl.mailspike.net] * 6.0 REPTO_419_FRAUD_OL Reply-To is known 419 fraud collector * mailbox * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [tg331965[at]outlook.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=tedros.ghebreyesus%40who.int;ip=118.70.165.84;r=ga.impsec.org] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [118.70.165.84 listed in bl.score.senderscore.com] * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.2 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.4 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: VN US Received: from pmail.com ([118.70.165.84]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10KJZRsr005639 for ; Wed, 20 Jan 2021 13:35:31 -0600 Message-Id: <202101201935.10KJZRsr005639@ga.impsec.org> Received: from [64.188.20.99] (unknown [64.188.20.99]) by pmail.com (Postfix) with ESMTP id E0308DC1E4E; Mon, 18 Jan 2021 20:04:40 +0700 (+07) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] "DONATION" To: Recipients From: "World Health Organization" Date: Mon, 18 Jan 2021 05:04:34 -0800 Reply-To: tg331965@outlook.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Jan 2021 13:35:32 -0600 (CST) for IP:'118.70.165.84' DOMAIN:'[118.70.165.84]' HELO:'pmail.com' FROM:'tedros.ghebreyesus@who.int' RCPT:'' X-Greylist: Delayed for 51:26:43 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Jan 2021 13:35:32 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10KJZRsr005639 X-Spam-Prev-Subject: "DONATION" Status: R X-Status: X-Keywords: X-UID: 18 Content-Length: 1129 Dear Sir/Madam This is to notify you that you have been chosen by the World Health Organization (W.H.O) in-conjunction with the World Bank Organization (W.B.O) as Quarantine funds donation to help and fight against the Corona Virus Disease (COVID-19). The World Health Organization (W.H.O)/ World Bank Organization (W.B.O) release out a total of $800 Billion dollars to spread around the world. You have been granted with the sum of $750,000.00 USD (Seven Hundred and Fifty Thousand United States Dollars). You are advised to contact the World Health Organization (W.H.O) Funds Claims Office as soon as possible at the email below, failure to do so might result to funds been returned unclaimed. Send your full name with the following Donation code to the below Email. Donation code: WHO#00291/Covid-19/21 E-Mail to: (p.perrenoud@eim.ae) As soon as our claims office receive your donation code and your details, they shall inform you with the mode of payment. As we have appointed several Banks around the world for this purpose. COVID-19 is real stay safe! Best Regards, Dr Tedros Adhanom Ghebreyesus Director-General. From abkennedy@us.org Wed Jan 20 13:51:15 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.3 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_80,FILL_THIS_FORM,FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS, LOTS_OF_MONEY,LOTTO_DEPT,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO, MONEY_NOHTML,MSGID_FROM_MTA_HEADER,NA_DOLLARS,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,RCVD_IN_PSBL,RCVD_IN_RP_RNBL, RCVD_IN_SBL_CSS,RDNS_NONE,RELAY_COUNTRY_CN,SPF_HELO_NONE,SPF_NONE, SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8172] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [196.196.116.91 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [119.28.84.15 listed in psbl.surriel.com] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [119.28.84.15 listed in bl.score.senderscore.com] * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [119.28.84.15 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.1 NA_DOLLARS BODY: Talks about a million North American dollars * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.2 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: CN US Received: from mail.oischolars.com ([119.28.84.15]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10KJpAg1006380 for ; Wed, 20 Jan 2021 13:51:15 -0600 Message-Id: <202101201951.10KJpAg1006380@ga.impsec.org> Received: from [196.196.116.91] (unknown [196.196.116.91]) by mail.oischolars.com (Postfix) with ESMTP id 5BEEB6B29F; Wed, 20 Jan 2021 20:19:18 +0800 (CST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP. To: Recipients From: "Mrs. Alecia" Date: Wed, 20 Jan 2021 04:19:16 -0800 Reply-To: fbicompensation_funds@yahoo.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Jan 2021 13:51:15 -0600 (CST) for IP:'119.28.84.15' DOMAIN:'[119.28.84.15]' HELO:'mail.oischolars.com' FROM:'abkennedy@us.org' RCPT:'' X-Greylist: Delayed for 05:24:59 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Jan 2021 13:51:15 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10KJpAg1006380 X-Spam-Prev-Subject: THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP. Status: R X-Status: X-Keywords: X-UID: 19 Content-Length: 2430 I am Mrs. Alecia B Kennedy, I am a US citizen, 51 years Old, I reside here in America My residential address is as follows, 2380 Maco Rd NE Leland NC 28451 USA , I am one of those that took part in the Compensation in Africa many years ago and they refused to pay me, I had paid over $58,000 while in the US, trying to get my payment all to no avail. So, I decided to travel to WASHINGTON D..C with all my compensation documents, And I was directed by the ( F B I) Director to contact Agent Alexander Bryant who is a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE currently in Africa, I contacted him and he explained everything to me, He said whoever is contacting us through emails are fake, He took me to the paying bank for the claim of my Compensation payment, right now I am the happiest woman on earth because I have received my compensation funds of $2.5 Million Us Dollars, Moreover, Agent Alexander Bryant, showed me the full information of those that are yet to receive their payments and I saw your name and email as one of the scam victims, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Agent Alexander Bryant, You have to contact him directly on his private information below, COMPENSATION AWARD HOUSE Name : Agent Alexander Bryant Email: fbicompensation_funds@yahoo.com You are hereby advised to contact Agent Alexander Bryant with the information's below 1. Your Names in full 2. Your Occupation 3. Your Residential Address 4. Your Place and date of birth 5. Your Telephone and fax Number 6. Your id You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in any way with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Agent Alexander Bryant was just $150 for the paper work of my transfer, take note of that. Once again stop contacting those people, I will advise you to contact Agent Alexander Bryant so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction. Thank You and Be Blessed. Mrs. Alecia Kennedy, 2380 Maco Rd NE Leland NC 28451 USA United States of America. From lei.shi@yitu-inc.com Thu Jan 21 13:33:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 10LLX2lh005990 for ; Thu, 21 Jan 2021 13:33:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****** X-Spam-Status: Yes, score=6.4 required=5.0 tests=BAYES_50, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5764] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [daviyax98[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: HK ** ** ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 21 Jan 2021 13:33:02 -0800 (PST) Received: from mail.yitu-inc.com (mail.yitu-inc.com [103.59.50.2] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10LLUJAf033454 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=FAIL) for ; Thu, 21 Jan 2021 15:30:25 -0600 Received: from WXEX01.yitu-inc.intra (10.40.38.21) by WXEX01.yitu-inc.intra (10.40.38.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Fri, 22 Jan 2021 05:15:00 +0800 Received: from WXEX01.yitu-inc.intra ([fe80::7c36:e592:b206:892f]) by WXEX01.yitu-inc.intra ([fe80::7c36:e592:b206:892f%9]) with mapi id 15.01.1779.004; Fri, 22 Jan 2021 05:14:59 +0800 From: =?iso-2022-jp?B?GyRCQFBifRsoQg==?= Subject: [SPAM] Hello? Thread-Topic: Hello? Thread-Index: AdbwOnnXzoFYMH0vyUGsEVYr0Iup2Q== Date: Thu, 21 Jan 2021 21:14:59 +0000 Message-ID: <0b3605f0caa6433eab59c5fc4c7bda99@yitu-inc.com> Reply-To: "daviyax98@gmail.com" Accept-Language: zh-CN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.84.9.17] X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_0b3605f0caa6433eab59c5fc4c7bda99yituinccom_" MIME-Version: 1.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Jan 2021 15:30:25 -0600 (CST) for IP:'103.59.50.2' DOMAIN:'[103.59.50.2]' HELO:'mail.yitu-inc.com' FROM:'lei.shi@yitu-inc.com' RCPT:'' X-Greylist: Delayed for 00:15:09 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Jan 2021 15:30:25 -0600 (CST) X-Spam-Prev-Subject: Hello? Status: R X-Status: X-Keywords: X-UID: 20 Content-Length: 2502 --_000_0b3605f0caa6433eab59c5fc4c7bda99yituinccom_ Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable COVID-19: $680,000.00USD additional support fund now available to you affec= ted by the pandemic. Thanks --_000_0b3605f0caa6433eab59c5fc4c7bda99yituinccom_ Content-Type: text/html; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable

COVID-19: $680,000.= 00USD additional support fund now available to you affected by the pandemic= .

 

Thanks

--_000_0b3605f0caa6433eab59c5fc4c7bda99yituinccom_-- From raywandyg@gmail.com Fri Jan 22 04:02:49 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=55.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known 419 fraud collector * mailbox * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky34[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MA2jFm005855 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 04:02:49 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2sF1-0007jX-8M; Fri, 22 Jan 2021 08:56:27 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 00:56:34 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 04:02:49 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 01:06:08 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 04:02:49 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: X-UID: 21 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From tedros.ghebreyesus@who.int Fri Jan 22 05:45:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************* X-Spam-Status: Yes, score=37.7 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DEAR_SOMETHING,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL,FROM_MISSP_USER, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE, LOTS_OF_MONEY,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_OL,SPAM_BOOSTER_05, SPF_FAIL,SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_OL Reply-To is known 419 fraud collector * mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [118.201.147.26 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [118.201.147.26 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [tg331965[at]outlook.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=tedros.ghebreyesus%40who.int;ip=118.201.147.26;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.4 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: SG US Received: from mail.worldmarketing-group.net ([118.201.147.26]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MBjpYH011323 for ; Fri, 22 Jan 2021 05:45:56 -0600 Message-Id: <202101221145.10MBjpYH011323@ga.impsec.org> Received: from User (64.188.20.99.static.quadranet.com [64.188.20.99]) by mail.worldmarketing-group.net with SMTP; Fri, 22 Jan 2021 18:42:21 +0800 Reply-To: From: "World Health Organization" Subject: [SPAM] "DONATION". Date: Fri, 22 Jan 2021 02:42:26 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 05:45:56 -0600 (CST) for IP:'118.201.147.26' DOMAIN:'[118.201.147.26]' HELO:'mail.worldmarketing-group.net' FROM:'tedros.ghebreyesus@who.int' RCPT:'' X-Greylist: Delayed for 00:39:46 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 05:45:56 -0600 (CST) X-Spam-Prev-Subject: "DONATION". Status: R X-Status: X-Keywords: X-UID: 22 Content-Length: 1813
Dear Sir/Madam
 
This is to notify you that you have been chosen by the World Health Organization (W.H.O) in-conjunction with the World Bank Organization
(W.B.O) as Quarantine funds donation to help and fight against the Corona Virus Disease (COVID-19).
 
The World Health Organization (W.H.O)/ World Bank Organization (W.B.O) release out a total of $800 Billion dollars to spread around the world. You have been granted with the sum of $750,000.00 USD (Seven Hundred and Fifty Thousand United States Dollars).
 
You are advised to contact the World Health Organization (W.H.O) Funds Claims Office as soon as possible at the email below, failure to do so
might result to funds been returned unclaimed.
 
Send your full name with the following Donation code to the below Email. Donation code: WHO#00291/Covid-19/21 E-Mail to: (p.perrenoud@eim.ae)
 
As soon as our claims office receive your donation code and your details, they shall inform you with the mode of payment. As we have appointed several Banks around the world for this purpose.
 
Thank you for your understanding.
 
COVID-19 is real stay safe!
 
Best Regards,
 
Dr Tedros Adhanom Ghebreyesus
Director-General.
 From prvs=1679a48564=busoro@nyanza.gov.rw Fri Jan 22 06:26:39 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.2 required=5.0 tests=BAYES_95,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FORGED_REPLYTO, HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY,MISSING_HEADERS, MONEY_FREEMAIL_REPTO,RELAY_COUNTRY_NG,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_PASS,URIBL_CSS_A autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9762] * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS * blocklist * [URIs: nyanza.gov.rw] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: RW RW ** ** ** RW NG Received: from gateway15.aos.rw (gateway15.aos.rw [197.243.20.142]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MCQSXL014023 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 22 Jan 2021 06:26:38 -0600 Received: from mail.nyanza.gov.rw (sm.zm.074.mb.rw [197.243.21.102]) by gateway.aos.rw with ESMTP id 10KKuLdp024611-10KKuLdr024611 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 20 Jan 2021 22:56:21 +0200 Received: from mail.nyanza.gov.rw (localhost [127.0.0.1]) by mail.nyanza.gov.rw (Postfix) with ESMTPS id 7685F24832C; Wed, 20 Jan 2021 22:56:19 +0200 (CAT) Received: from localhost (localhost [127.0.0.1]) by mail.nyanza.gov.rw (Postfix) with ESMTP id AD8AC248330; Wed, 20 Jan 2021 22:56:18 +0200 (CAT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.nyanza.gov.rw AD8AC248330 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nyanza.gov.rw; s=nyanza.gov.rw; t=1611176179; bh=Rl6GztV5bJ7sz5LEVjIoWQC9HYgZg0ohqAUG0RQQwj0=; h=Date:From:Message-ID:MIME-Version; b=lrj88gMmfbsETtULM9vT7Z8inXoCXbZoyXJSo9WZm8zL2LUcoNy1BYQKqH/RD+KyM XoRZsvx9fi+daYVUX4p1EtnSIzjUy2cU0LHc54BK8V2nUV6vuHjQR51uEPEM8jiqPo uH9Ye5B+Eegn/tbvtrpns/04wpNDCBKonooVAV1O0umQjin+cPL/Suj43xx9gZVHBF P1mw3GBNYemCNWeaQFXEJm2A9v2HtS4RNqE7UJzaXHjp7NQ2emZUbLliOIEHUXzJ5g jLCW2i5eYzp5Z2ecj+1wfenTAtcCZ6XfcjS9cvAOUR1MUDoGA1lwXF146M1ZyR5Q8R 0njq2BWXGe4oA== Received: from mail.nyanza.gov.rw ([127.0.0.1]) by localhost (mail.nyanza.gov.rw [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iT1RoeVxr6mK; Wed, 20 Jan 2021 22:56:18 +0200 (CAT) Received: from mail.nyanza.gov.rw (mail2.nyanza.gov.rw [197.243.21.102]) by mail.nyanza.gov.rw (Postfix) with ESMTP id 1CED8248323; Wed, 20 Jan 2021 22:56:16 +0200 (CAT) Date: Wed, 20 Jan 2021 22:56:11 +0200 (CAT) From: "Mrs Mavis L. Wanczyk" Reply-To: "Mrs Mavis L. Wanczyk" Message-ID: <1145637427.1293502.1611176171574.JavaMail.zimbra@nyanza.gov.rw> Subject: [SPAM] Charity Donation !!! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_4648ed31-79a0-4340-b22e-61445c08762f" X-Originating-IP: [105.112.112.224] X-Mailer: Zimbra 8.8.12_GA_3803 (zclient/8.8.12_GA_3803) Thread-Index: Qofo77rysxcI4VUZWspPHBdD7PFUsg== Thread-Topic: Charity Donation !!! X-FEAS-SPF: spf-result=pass, ip=197.243.21.102, helo=mail.nyanza.gov.rw, mailFrom=busoro@nyanza.gov.rw Authentication-Results: gateway.aos.rw; spf=pass (aos.rw: domain of busoro@nyanza.gov.rw designates 197.243.21.102 as permitted sender) smtp.mailfrom=busoro@nyanza.gov.rw X-FE-Policy-ID: 208:4:2:SYSTEM X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:26:39 -0600 (CST) for IP:'197.243.20.142' DOMAIN:'gateway15.aos.rw' HELO:'gateway15.aos.rw' FROM:'busoro@nyanza.gov.rw' RCPT:'' X-Greylist: Delayed for 01:50:22 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:26:39 -0600 (CST) X-Spam-Prev-Subject: Charity Donation !!! Status: R X-Status: X-Keywords: X-UID: 23 Content-Length: 1134 --=_4648ed31-79a0-4340-b22e-61445c08762f Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit This is the second time i am sending you this mail. I, Mavis Wanczyk donates $ 5 Million Dollars from part of my Powerball Jackpot Lottery of $ 758 Million Dollars, respond with your details for claims. I await your earliest response and God Bless you Good luck. Mrs Mavis L. Wanczyk --=_4648ed31-79a0-4340-b22e-61445c08762f Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit



This is the second time i am sending you this mail.

I, Mavis Wanczyk donates $ 5 Million Dollars from part of my Powerball Jackpot Lottery of $ 758 Million Dollars, respond with your details for claims.

I await your earliest response and God Bless you

Good luck.
Mrs Mavis L. Wanczyk
--=_4648ed31-79a0-4340-b22e-61445c08762f-- From raywandyg@gmail.com Fri Jan 22 06:34:19 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MCYEHF014407 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 06:34:18 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2vbn-0001Hd-Cf; Fri, 22 Jan 2021 12:32:11 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 04:32:18 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:34:19 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:34:19 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: $Forwarded X-UID: 24 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 06:35:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MCZ90M014429 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 06:35:13 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2vbx-0001HP-5V; Fri, 22 Jan 2021 12:32:21 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 04:32:28 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:35:13 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 03:38:37 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 06:35:13 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: $Forwarded X-UID: 25 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 07:10:57 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MDArDd017207 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 07:10:57 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2w9t-00069y-4I; Fri, 22 Jan 2021 13:07:25 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 05:07:32 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 07:10:57 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 03:37:13 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 07:10:57 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: $Forwarded X-UID: 26 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 08:07:21 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10ME7GiC019874 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 08:07:21 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2x29-0005iq-LI; Fri, 22 Jan 2021 14:03:30 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 06:03:36 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 08:07:21 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 03:33:54 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 08:07:21 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: $Forwarded X-UID: 27 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From attny.erik2013@gmail.com Fri Jan 22 09:06:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 10MH62U6014766 for ; Fri, 22 Jan 2021 09:06:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: ** X-Spam-Status: No, score=2.8 required=5.0 tests=BAYES_60,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Fri, 22 Jan 2021 09:06:02 -0800 (PST) Received: from mail-lj1-f195.google.com (mail-lj1-f195.google.com [209.85.208.195]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MH4Qdd031365 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 22 Jan 2021 11:04:30 -0600 Received: by mail-lj1-f195.google.com with SMTP id f17so7294300ljg.12 for ; Fri, 22 Jan 2021 09:04:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=kDbyZorEZe4b1cMl4hUwAEn6Y6iBSmC3QMlw50m7Occ=; b=HuIOqyCcBNUbCUAHseZu4n5ATAMg3/W7rMKhIy2M5WzMqtPssGsVPs12f5qn2GPsI9 LS4lM/hDgNqJ6SSZiCKkMHQusu2hvUQwUmERMg29G3uvxPy/2oKTUHOr9nLdu37+2CoU 3miPIZ8mO36LMp+01d5JWo70GcGk2QgvevuD9Dge/uxxk3X0mPB8SPA4MHw60EbRf6pN XmPc6EaTNtwUZxdOYJAPY0Xcubxt4E0KUKWxRJxJtLI2vWmWdR3dbWHKon5NmPRMM5F/ J7PDnhqueiKA9YLBYt4LXqKvrLCNhVnuLp4kSxmejs28z361ppjxmkCjWpM7WWOpbht/ UeNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=kDbyZorEZe4b1cMl4hUwAEn6Y6iBSmC3QMlw50m7Occ=; b=h139zbUgSt09JZGmWqNkdbN1vEvCvKx14wlFDs5UztHtF2nZa965KUXIhFgI0C6f4c /b5BYBJUw+r5U4CqIFpWGD7fdSbXtSqhGiqO/KNcTcjftQ+KxNc0d8MQgmiUtEhiMVCp /yfmf3xV0Yk49us2m1TKgu/JKC0UQV4WQ8CrbS9POnnf56oltuj6XmkJoXnxBVeRwgCq Ii3RRBfDjOBX2hB4+JDPFIHyqiyrV4pBkPfY2KFmveiVEQWdTzsQ8ojm5BASbaoAIG05 +gX+Zaha0JeMTVjnSka/TUc8GUisrfvo3qBYIWKc6qmNw6hos6yRbzMv2SXzlLFpyUIn kPCg== X-Gm-Message-State: AOAM530efNaXJAErmFYyD4ABHAqIon2bCTEb4s5WbSWrve14vIVL/b+b bRsWdycm5ERvN2XDuVrP+PAvEcVy91sxc8PgJ28= X-Google-Smtp-Source: ABdhPJz819gSAJJANdkuOPb0CIcPC+2Vd+BHCyM7kbiz9em8/Yq7gcR5NG/OrmRmD0DA+aysLDGa3OYCL2/B2C6miEU= X-Received: by 2002:a2e:b4a7:: with SMTP id q7mr790109ljm.391.1611335062647; Fri, 22 Jan 2021 09:04:22 -0800 (PST) MIME-Version: 1.0 Reply-To: shinawatrathaksin93@gmail.com From: Ms Yingluck Shinawatra Date: Fri, 22 Jan 2021 20:03:59 +0300 Message-ID: Subject: Business Proposal To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="00000000000005f4af05b9802ee9" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 11:04:30 -0600 (CST) for IP:'209.85.208.195' DOMAIN:'mail-lj1-f195.google.com' HELO:'mail-lj1-f195.google.com' FROM:'attny.erik2013@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 11:04:30 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 28 --00000000000005f4af05b9802ee9 Content-Type: text/plain; charset="UTF-8" Hello, Greetings, I am Yingluck Shinawatra, a former Prime minister of Thailand. I have a business proposal for you. It will be highly beneficial. I will give you more details as soon as I receive your reply. Yingluck Shinawatra Former Prime Minister of Thailand --00000000000005f4af05b9802ee9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

Gree= tings,

I am Yingluck Shinawatra, a former Prime mi= nister of Thailand. I have a business proposal for you. It will be highly b= eneficial. I will give you more details as soon as I receive your reply.=C2= =A0

Yingluck Shinawatra
Former Prime Min= ister of Thailand
--00000000000005f4af05b9802ee9-- From raywandyg@gmail.com Fri Jan 22 10:04:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RDNS_NONE,RELAY_COUNTRY_FR,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [165.22.65.191 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MG4ium027445 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 10:04:50 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2ytd-00072O-EL; Fri, 22 Jan 2021 16:02:49 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 08:02:56 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:04:50 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:04:50 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: X-UID: 29 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 10:05:27 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RDNS_NONE,RELAY_COUNTRY_FR,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [165.22.65.191 listed in bl.mailspike.net] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MG5O61027474 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 10:05:27 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2ytU-0006yw-99; Fri, 22 Jan 2021 16:02:40 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 08:02:47 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:05:27 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:05:27 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: X-Status: X-Keywords: X-UID: 30 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 10:33:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RDNS_NONE,RELAY_COUNTRY_FR,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [165.22.65.191 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MGX63R029232 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 10:33:10 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l2zLm-0000Jp-Hh; Fri, 22 Jan 2021 16:31:54 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 08:32:01 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:33:10 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 10:33:10 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: X-Status: X-Keywords: X-UID: 31 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From raywandyg@gmail.com Fri Jan 22 11:34:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RDNS_NONE,RELAY_COUNTRY_FR,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [165.22.65.191 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [hoseoky9[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known 419 fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.5 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US FR Received: from funjimwm.com ([165.22.65.191]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10MHY8uc033371 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jan 2021 11:34:16 -0600 Received: from ip86.ip-51-81-161.us ([51.81.161.86] helo=User) by funjimwm.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1l305v-0003ba-2f; Fri, 22 Jan 2021 17:19:35 +0000 Reply-To: From: "Mr.Ho-Seok Yang" Subject: [SPAM] WORKING TOGETHER Date: Fri, 22 Jan 2021 09:19:42 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 11:34:17 -0600 (CST) for IP:'165.22.65.191' DOMAIN:'[165.22.65.191]' HELO:'funjimwm.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Jan 2021 11:34:17 -0600 (CST) X-Spam-Prev-Subject: WORKING TOGETHER Status: R X-Status: X-Keywords: X-UID: 32 Good Day I am Ho-Seok Yang, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resources such as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. He has a huge available financial portfolio. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response hoseoky9@gmail.com Best Regards, Ho-Seok Yang From jhardin@impsec.org Sat Jan 23 00:11:24 2021 -0800 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 30467 invoked by uid 99); 23 Jan 2021 10:25:51 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Jan 2021 10:25:51 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id D05D81FF39B for ; Sat, 23 Jan 2021 10:25:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.068 X-Spam-Level: **** X-Spam-Status: No, score=4.068 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_IMAGE_ONLY_16=1.048, HTML_MESSAGE=0.2, HTML_SHORT_LINK_IMG_2=0.259, LOTS_OF_MONEY=0.001, RCVD_IN_BL_SPAMCOP_NET=2, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=unimedbrusque.com.br Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id u96yNQrYwUAU for ; Sat, 23 Jan 2021 10:25:50 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=177.101.127.195; helo=mail.unimedbrusque.com.br; envelope-from=fabiola.fonseca@unimedbrusque.com.br; receiver= Received: from mail.unimedbrusque.com.br (mx.unimedbrusque.com.br [177.101.127.195]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id A5D84BC957 for ; Sat, 23 Jan 2021 10:25:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.unimedbrusque.com.br (Postfix) with ESMTP id 033A682925C; Sat, 23 Jan 2021 05:29:46 -0300 (-03) Received: from mail.unimedbrusque.com.br ([127.0.0.1]) by localhost (mail.unimedbrusque.com.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BRpSe5VSn_RW; Sat, 23 Jan 2021 05:29:44 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mail.unimedbrusque.com.br (Postfix) with ESMTP id 225B784797B; Sat, 23 Jan 2021 05:18:56 -0300 (-03) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.unimedbrusque.com.br 225B784797B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unimedbrusque.com.br; s=8DF0E182-9FC0-11E8-A665-957E5D3458D4; t=1611389936; bh=kx6bXQjg68p/fO1kEoagGS9JHsXw5kJwM/HF04CLSUc=; h=MIME-Version:To:From:Date:Message-Id; b=GUwTXabWMJW6AHYTNkYSmV6yBXDgHaN/ofMEhVqstHGoRSKVJPn35XZW61TZDid0E OKgYNtns4JW+jN9OW4AZw9DkH0SzWehtVRR2EpVSjjj8WdCu6nqNOeRvAEmZhw1PBH ggOYnbvgXCEztpkZoIpSeGxAPpUbQxwSTDb+Blds= X-Virus-Scanned: amavisd-new at unimedbrusque.com.br Received: from mail.unimedbrusque.com.br ([127.0.0.1]) by localhost (mail.unimedbrusque.com.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NTg1jthV5ZxJ; Sat, 23 Jan 2021 05:18:56 -0300 (-03) Received: from [192.168.8.100] (unknown [105.9.15.111]) by mail.unimedbrusque.com.br (Postfix) with ESMTPSA id A4A5978624E; Sat, 23 Jan 2021 05:11:36 -0300 (-03) X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="===============0446407381==" MIME-Version: 1.0 Subject: DONATION FOR THE PANDEMIC To: Recipients From: ADRIAN TONGSON Date: Sat, 23 Jan 2021 00:11:24 -0800 Reply-To: adriantongson13@yahoo.com X-Antivirus: Avast (VPS 210122-10, 01/22/2021), Outbound message X-Antivirus-Status: Clean Message-Id: <20210123081136.A4A5978624E@mail.unimedbrusque.com.br> Status: X-Status: X-Keywords: X-UID: 33 Content-Length: 2562 You will not see this in a MIME-aware mail reader. --===============0446407381== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Sch=F6ne Gr=FC=DFe, Sie haben eine Spende von EUR 3.500.000,00. Ich habe mi= ch freiwillig bereit erkl=E4rt, den Betrag von EUR 3.500.000,00 an eine der= ausgew=E4hlten 5 Personen zu spenden, um w=E4hrend der Zeit dieser Pandemi= e zu helfen. Komm zur=FCck, um zu behaupten. Dies ist Ihr Spendencode: [NJ0= 05USA00035] Kommen Sie mit einer Antwort zur=FCck, um Ihr Geschenk zu erhal= ten. Ich w=FCnsche dir einen sch=F6nen Tag. Adrian Tongson. -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus --===============0446407381== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Sch=F6ne Gr=FC=DFe, Sie haben eine Spende von EUR 3.500.000,00. Ich habe mich freiwillig bereit= erkl=E4rt, den Betrag von EUR 3.500.000,00 an eine der ausgew=E4hlten 5 Pe= rsonen zu spenden, um w=E4hrend der Zeit dieser Pandemie zu helfen. Komm zu= r=FCck, um zu behaupten. Dies ist Ihr Spendencode: [NJ005USA00035] Kommen S= ie mit einer Antwort zur=FCck, um Ihr Geschenk zu erhalten. Ich w=FCnsche dir einen sch=F6nen Tag. Adrian Tongson. --===============0446407381==-- From fb@fb.com Sat Jan 23 04:23:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.4 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FBI_MONEY,FBI_SPOOF, FILL_THIS_FORM,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_SPF_FAIL,FROM_MISSP_USER,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FORM, MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NA_DOLLARS, NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RDNS_NONE, RELAY_COUNTRY_VN,REPLYTO_WITHOUT_TO_CC,SPF_FAIL,SPF_HELO_NONE, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9656] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [68.71.132.216 listed in psbl.surriel.com] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [68.71.132.216 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [68.71.132.216 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=fb%40fb.com;ip=68.71.132.216;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 1.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.6 URG_BIZ Contains urgent matter * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.4 FROM_MISSP_SPF_FAIL No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.2 MONEY_NOHTML Lots of money in plain text * 1.0 FBI_SPOOF Claims to be FBI, but not from FBI domain * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.0 FBI_MONEY The FBI wants to give you lots of money? * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.1 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: US VN Received: from vibrant-northcutt.68-71-132-216.plesk.page ([68.71.132.216]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10NANbaE023965 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 23 Jan 2021 04:23:46 -0600 Message-Id: <202101231023.10NANbaE023965@ga.impsec.org> Received: from User (unknown [103.89.89.225]) by vibrant-northcutt.68-71-132-216.plesk.page (Postfix) with ESMTPA id A3B6C23D9E0; Thu, 21 Jan 2021 19:43:09 +0000 (UTC) Authentication-Results: vibrant-northcutt.68-71-132-216.plesk.page; spf=pass (sender IP is 103.89.89.225) smtp.mailfrom=fb@fb.com smtp.helo=User Received-SPF: pass (vibrant-northcutt.68-71-132-216.plesk.page: connection is authenticated) Reply-To: From: "CHRISTOPHER WRAY[FBI]" Subject: [SPAM] Verify from FBI[code:210]t Date: Thu, 21 Jan 2021 11:43:19 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 04:23:46 -0600 (CST) for IP:'68.71.132.216' DOMAIN:'[68.71.132.216]' HELO:'vibrant-northcutt.68-71-132-216.plesk.page' FROM:'fb@fb.com' RCPT:'' X-Greylist: Delayed for 27:52:45 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 04:23:46 -0600 (CST) X-Spam-Prev-Subject: Verify from FBI[code:210]t Status: R X-Status: X-Keywords: X-UID: 34 Content-Length: 3380 CHRISTOPHER WRAY DIRECTOR FBI FEDERAL BUREAU OF INVESTIGATION FBI.WASHINGTON D.C FEDERAL BUREAU OF INVESTIGATION SEEKING TO WIRETAP The Federal bureau of investigation (FBI) Washington,D.C in conjunction with some other relevant Investigations Agencies have recently been informed through our Global intelligence monitoring network that your over-due contract payment which was fully endorsed in your favor accordingly by the Central bank of Malaysia(Bank Negara Malaysia) has not been claimed. It might interest you to know that we have taken out time in screening through this project as stipulated on our protocol of operation and have finally confirmed that your contract payment is 100% genuine and hitch free from all facet and of which you have the lawful right to claim your fund without any further delay. We further advise that you go ahead in dealing with the Central Bank office accordingly as we will be monitoring all their services with you as well as your correspondence at all level. We were also made to understand that a lady with name Mrs. Joan C.Bailey from OHIO has already contacted them and also presented to them all the necessary documentation evidencing your claim purported to have been signed personally by you prior to the release of your contract fund valued at about $25million us dollars only but the Central Bank office did the wise thing by insisting on hearing from you personally before they go ahead on wiring your fund to the Bank information which was forwarded to them by the above named Lady so that the main reason why they contacted us so as to assist them in making the investigation. Contact immediately the office of the Central Bank of Malaysia (Bank Negara Malaysia) via email with the below information accordingly: NAME: Nor Shamsiah Mohamad Yunus OFFICE ADDRESS: Bank Negara Malaysia, Jalan Kuching, Kuala Lumpur, Wilayah Persekutuan,Kuala Lumpur, Selangor,Malaysia Email: shamsiahmohamadyunusbnegara@gmail.com Meanwhile, we will advise that you contact the office of the Governor of the Central Bank immediately with the above email address and request that they attend to your payment file as directed, so as to enable you receive your contract fund accordingly. To this effect, you are required to reconfirm and authenticate your given particulars below for certainty and onward processing and release of you funds as we may not be held liable for any wrong payment. FULL NAMES:________________________________ CITY: _____________________________ ZIP: _____________ COUNTRY____________________________ SEX:___________ AGE:_______________ TELEPHONE NUMBER:_____________________ FAX: __________________________ Ensure you follow all their procedure as may be required by them as that will further help hasten up the whole procedure as regard to the transfer of your fund to you as designated. Also have in mind that the Central Bank of Malaysia equally have their own protocol of operation as stipulated on their banking terms, so delay could be very dangerous. Thank you very much for your anticipated co-operation in advance as we earnestly await your urgent response to this matter. Best Regards, Christopher Wray[FBI Director] Federal Bureau of Investigation J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. From alecia@us.org Sat Jan 23 10:47:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.8 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,FILL_THIS_FORM,FREEMAIL_FORGED_REPLYTO, HK_NAME_MR_MRS,LOTS_OF_MONEY,LOTTO_DEPT,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,NA_DOLLARS,RCVD_IN_PSBL, REPTO_419_FRAUD_YH,SPF_HELO_NONE,SPF_NONE,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [181.48.91.190 listed in psbl.surriel.com] * 6.0 REPTO_419_FRAUD_YH Reply-To is known advance fee fraud * collector mailbox * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.2 MONEY_NOHTML Lots of money in plain text * 2.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: CO ** ** ** ** ** Received: from mail1.cobyser01.com (mail1.cobyser01.com [181.48.91.190]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10NGl64K045893 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 23 Jan 2021 10:47:09 -0600 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id D284B1AAE64A; Sat, 23 Jan 2021 06:59:04 -0500 (COT) Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id KWEll6oXQIDw; Sat, 23 Jan 2021 06:59:04 -0500 (COT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id EE7AE1AAD4F2; Sat, 23 Jan 2021 06:43:39 -0500 (COT) X-Virus-Scanned: amavisd-new at cobyser01.com Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id L5XILcHIf8NP; Sat, 23 Jan 2021 06:43:39 -0500 (COT) Received: from [196.196.116.91] (unknown [192.168.0.2]) by mail1.cobyser01.com (Postfix) with ESMTP id E35091AAC9A6; Sat, 23 Jan 2021 06:32:11 -0500 (COT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP, To: Recipients From: "Mrs. Alecia" Date: Sat, 23 Jan 2021 03:32:22 -0800 Reply-To: fbicompensation_funds@yahoo.com Message-Id: <20210123113211.E35091AAC9A6@mail1.cobyser01.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 10:47:09 -0600 (CST) for IP:'181.48.91.190' DOMAIN:'mail1.cobyser01.com' HELO:'mail1.cobyser01.com' FROM:'alecia@us.org' RCPT:'' X-Greylist: Delayed for 02:33:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 10:47:09 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10NGl64K045893 X-Spam-Prev-Subject: THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP, Status: R X-Status: X-Keywords: X-UID: 35 Content-Length: 2432 I am Mrs. Alicia B Kennedy, I am a US citizen, 51 years Old, I reside here in America My residential address is as follows, 2380 Maco Rd NE Leland NC 28451 USA , I am one of those that took part in the Compensation in Africa many years ago and they refused to pay me, I had paid over $58,000 while in the US, trying to get my payment all to no avail. So, I decided to travel to WASHINGTON D..C with all my compensation documents, And I was directed by the ( F B I) Director to contact Agent Alexander Bryant who is a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE currently in Africa, I contacted him and he explained everything to me, He said whoever is contacting us through emails are fake, He took me to the paying bank for the claim of my Compensation payment, right now I am the happiest woman on earth because I have received my compensation funds of $2.5 Million Us Dollars, Moreover, Agent Alexander Bryant, showed me the full information of those that are yet to receive their payments and I saw your name and email as one of the scam victims, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Agent Alexander Bryant, You have to contact him directly on his private information below, COMPENSATION AWARD HOUSE Name : Agent Alexander Bryant Email: fbicompensation_funds@yahoo.com You are hereby advised to contact Agent Alexander Bryant with the information's below 1. Your Names in full 2. Your Occupation 3. Your Residential Address 4. Your Place and date of birth 5. Your Telephone and fax Number 6. Your id You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in any way with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Agent Alexander Bryant was just $150 for the paper work of my transfer, take note of that. Once again stop contacting those people, I will advise you to contact Agent Alexander Bryant so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction. Thank You and Be Blessed. Mrs. Alicia Kennedy, 2380 Maco Rd NE Leland NC 28451 USA United States of America. From alecia@us.org Sat Jan 23 14:52:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.1 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,FILL_THIS_FORM,FREEMAIL_FORGED_REPLYTO, HK_NAME_MR_MRS,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,LOTTO_DEPT,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,NA_DOLLARS,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_PSBL,REPTO_419_FRAUD_YH,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_NONE, SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_YH Reply-To is known advance fee fraud * collector mailbox * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [202.143.113.67 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.2 MONEY_NOHTML Lots of money in plain text * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: PK ** ** ** ** ** Received: from mail.alnafayproperties.com (mail.validus.com.pk [202.143.113.67]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10NKqpC3015039 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 23 Jan 2021 14:52:56 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.alnafayproperties.com (Postfix) with ESMTP id A177D46A250C; Sat, 23 Jan 2021 04:53:10 -0500 (EST) Received: from mail.alnafayproperties.com ([127.0.0.1]) by localhost (mail.alnafayproperties.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id iw2Z7tdWVN9c; Sat, 23 Jan 2021 04:53:10 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mail.alnafayproperties.com (Postfix) with ESMTP id 53EB7469ED73; Sat, 23 Jan 2021 04:53:10 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.alnafayproperties.com Received: from mail.alnafayproperties.com ([127.0.0.1]) by localhost (mail.alnafayproperties.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ijaUYNyWbbqO; Sat, 23 Jan 2021 04:53:10 -0500 (EST) Received: from [196.196.116.91] (gateway [192.168.0.99]) by mail.alnafayproperties.com (Postfix) with ESMTP id 0802746A1F87; Sat, 23 Jan 2021 04:53:05 -0500 (EST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP, To: Recipients From: "Mrs. Alecia" Date: Sat, 23 Jan 2021 01:53:15 -0800 Reply-To: fbicompensation_funds@yahoo.com Message-Id: <20210123095306.0802746A1F87@mail.alnafayproperties.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 14:52:56 -0600 (CST) for IP:'202.143.113.67' DOMAIN:'mail.validus.com.pk' HELO:'mail.alnafayproperties.com' FROM:'alecia@us.org' RCPT:'' X-Greylist: Delayed for 08:07:15 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 14:52:56 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10NKqpC3015039 X-Spam-Prev-Subject: THE TRUTH ABOUT YOUR FUND, CONTACT FBI AGENT ALEXANDER BRYANT ASAP, Status: R X-Status: X-Keywords: X-UID: 36 Content-Length: 2432 I am Mrs. Alicia B Kennedy, I am a US citizen, 51 years Old, I reside here in America My residential address is as follows, 2380 Maco Rd NE Leland NC 28451 USA , I am one of those that took part in the Compensation in Africa many years ago and they refused to pay me, I had paid over $58,000 while in the US, trying to get my payment all to no avail. So, I decided to travel to WASHINGTON D..C with all my compensation documents, And I was directed by the ( F B I) Director to contact Agent Alexander Bryant who is a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE currently in Africa, I contacted him and he explained everything to me, He said whoever is contacting us through emails are fake, He took me to the paying bank for the claim of my Compensation payment, right now I am the happiest woman on earth because I have received my compensation funds of $2.5 Million Us Dollars, Moreover, Agent Alexander Bryant, showed me the full information of those that are yet to receive their payments and I saw your name and email as one of the scam victims, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Agent Alexander Bryant, You have to contact him directly on his private information below, COMPENSATION AWARD HOUSE Name : Agent Alexander Bryant Email: fbicompensation_funds@yahoo.com You are hereby advised to contact Agent Alexander Bryant with the information's below 1. Your Names in full 2. Your Occupation 3. Your Residential Address 4. Your Place and date of birth 5. Your Telephone and fax Number 6. Your id You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in any way with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Agent Alexander Bryant was just $150 for the paper work of my transfer, take note of that. Once again stop contacting those people, I will advise you to contact Agent Alexander Bryant so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction. Thank You and Be Blessed. Mrs. Alicia Kennedy, 2380 Maco Rd NE Leland NC 28451 USA United States of America. From zabbix@infosysco.ru Sat Jan 23 20:48:16 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.6 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_MR_MRS, HTML_MESSAGE,LOTS_OF_MONEY,MONEY_ATM_CARD,MONEY_FORM_SHORT, MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RCVD_IN_PSBL,RELAY_COUNTRY_IT,RELAY_COUNTRY_RU, SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_PASS, T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [188.226.64.34 listed in psbl.surriel.com] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [188.226.64.34 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [k.doreen00[at]aol.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 MONEY_ATM_CARD Lots of money on an ATM card * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: RU ** ** ** ** IT Received: from exim-el8.infosysco.ru (exim-el8.infosysco.ru [188.226.64.34]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10O2m8GC037097 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 23 Jan 2021 20:48:15 -0600 Received: from localhost (localhost [127.0.0.1]) by exim-el8.infosysco.ru (Postfix) with ESMTP id 796CF9914D31; Sat, 23 Jan 2021 18:08:43 +0500 (+05) Received: from exim-el8.infosysco.ru ([127.0.0.1]) by localhost (exim-el8.infosysco.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id NcAHf3NP2_Xs; Sat, 23 Jan 2021 18:08:43 +0500 (+05) Received: from localhost (localhost [127.0.0.1]) by exim-el8.infosysco.ru (Postfix) with ESMTP id 806D799145C8; Sat, 23 Jan 2021 18:08:41 +0500 (+05) DKIM-Filter: OpenDKIM Filter v2.10.3 exim-el8.infosysco.ru 806D799145C8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infosysco.ru; s=755A1AAE-188F-11EB-9871-8A98C630A617; t=1611407321; bh=ObWqQXqhfdRYghpA7+EsZB68YgYEAhYcTuWvaUeC5xA=; h=MIME-Version:To:From:Date:Message-Id; b=L4i0Ot86I07YlayEwtNO9lVESVtsRI5UssAxiMAe+s77Mx3Vp8QaKNNbZGegA1EFf AK1CI9EQQJgmvAuEYvi0pjBUiNTIwxs8blzNkkyhwDKAXZpC4yrt2Vl6ZNB1gm9viU gOSs21gC/Wy6TzYoGPMya7uK/UXXO15cAjjbw0jn8GWsW4eYmLaL+mQt3sq8/m7XDW BhuFkd/sA/C0Y3RSkqF3Qc0iSshNhgJ3pgKe69dNiNHOd4LoFbPl+fn1FDavFvlQYF /RRjf2pl+ublORYVr/aGRFtpsMXoOpqwyViXJsn8BM40CtqkqbCJM6kA7sVzT4i4R6 3ZkETd75jXXwA== X-Virus-Scanned: amavisd-new at infosysco.ru Received: from exim-el8.infosysco.ru ([127.0.0.1]) by localhost (exim-el8.infosysco.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Sp1bXgZgM50o; Sat, 23 Jan 2021 18:08:41 +0500 (+05) Received: from Ts-New.isr.local (net77-43-70-26.mclink.it [77.43.70.26]) by exim-el8.infosysco.ru (Postfix) with ESMTPSA id D0BA39912A97; Sat, 23 Jan 2021 18:08:38 +0500 (+05) Content-Type: multipart/alternative; boundary="===============1691804196==" MIME-Version: 1.0 Subject: [SPAM] Re: Are You Dead Or Alive.! To: Recipients From: "Mr.Mark Philip" Date: Sat, 23 Jan 2021 14:08:37 +0100 Reply-To: k.doreen00@aol.com Message-Id: <20210123130838.D0BA39912A97@exim-el8.infosysco.ru> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 20:48:16 -0600 (CST) for IP:'188.226.64.34' DOMAIN:'exim-el8.infosysco.ru' HELO:'exim-el8.infosysco.ru' FROM:'zabbix@infosysco.ru' RCPT:'' X-Greylist: Delayed for 11:12:45 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Jan 2021 20:48:16 -0600 (CST) X-Spam-Prev-Subject: Re: Are You Dead Or Alive.! Status: R X-Status: X-Keywords: X-UID: 37 Content-Length: 3385 You will not see this in a MIME-aware mail reader. --===============1691804196== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body The sum of $4.5 million. out of your over due total sum has been approved = for payment through ATM cash card system after all attempts to pay you thro= ugh the bank, and diplomatic courier failed. The approved sum has been prog= rammed into the ATM cash card which will be dispatched to you through your = address upon reconfirmation. I have made several attempts to contact you an= d this is the 3rd and perhaps the last email to you with respect to this ma= tter. Meanwhile, I received a power of attorney from one SUSAN GERRAD from = the USA purportedly issued by you asking us to change the fund beneficiary = to her name hence we are seeking your confirmation as soon as possible. to = this end, you should Kindly Re-confirm this information to me. = (1) Your Full Names:- (2) Address:- (3) Your Phone Numbers:- = NOTE: The actual fees for shipping your ATM card is just $125 nothing more= and no hidden fees of any sort! Upon receipt of payment, the delivery offi= cer will ensure that your package is sent within 24 working hours. Because = I am very sure of everything I am giving you a 100% money-back guarantee if= you do not receive payment/package within the next 24hrs after you have ma= de the payment for shipping. = Regards Mr. Dave West --===============1691804196== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body

The sum of $4.5 million. out of your over due total sum has = been approved for payment through ATM cash card system after all attempts t= o pay you through the bank, and diplomatic courier failed. The approved sum= has been programmed into the ATM cash card which will be dispatched to you= through your address upon reconfirmation. I have made several attempts to = contact you and this is the 3rd and perhaps the last email to you with resp= ect to this matter. Meanwhile, I received a power of attorney from one SUSA= N GERRAD from the USA purportedly issued by you asking us to change the fun= d beneficiary to her name hence we are seeking your confirmation as soon as= possible. to this end, you should Kindly Re-confirm this information to me= .

(1) Your Full Names:-
(2) Address:-
(3) Your Phone Numbers:-

NOTE: The actual fees for shipping your ATM card is just $12= 5 nothing more and no hidden fees of any sort! Upon receipt of payment, the= delivery officer will ensure that your package is sent within 24 working h= ours. Because I am very sure of everything I am giving you a 100% money-bac= k guarantee if you do not receive payment/package within the next 24hrs aft= er you have made the payment for shipping.

Regards
 
Mr. Dave West
--===============1691804196==-- From Lorraine@us.org Sun Jan 24 11:23:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.1 required=5.0 tests=ADVANCE_FEE_5_NEW,BAYES_99, BAYES_999,FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS,RCVD_IN_PSBL, SPF_HELO_NONE,SPF_NONE,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [181.48.91.190 listed in psbl.surriel.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_MR_MRS No description available. * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 3.2 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: CO ** ** ** ** ** Received: from mail1.cobyser01.com (mail1.cobyser01.com [181.48.91.190]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10OHNfvF015631 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 24 Jan 2021 11:23:46 -0600 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id 5E4E61ACCC92; Sun, 24 Jan 2021 10:28:09 -0500 (COT) Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id SGwJWX0ntjJ0; Sun, 24 Jan 2021 10:28:07 -0500 (COT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id F21221BAB56C; Sun, 24 Jan 2021 09:17:38 -0500 (COT) X-Virus-Scanned: amavisd-new at cobyser01.com Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id dGOG-qytP4oZ; Sun, 24 Jan 2021 09:17:38 -0500 (COT) Received: from [196.196.116.91] (unknown [192.168.0.2]) by mail1.cobyser01.com (Postfix) with ESMTP id 88C281BAB592; Sun, 24 Jan 2021 08:42:15 -0500 (COT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Greetings from Lorraine, To: Recipients From: "Miss. Lorraine" Date: Sun, 24 Jan 2021 05:42:28 -0800 Reply-To: lorrainewirangee@aol.com Message-Id: <20210124134215.88C281BAB592@mail1.cobyser01.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 24 Jan 2021 11:23:46 -0600 (CST) for IP:'181.48.91.190' DOMAIN:'mail1.cobyser01.com' HELO:'mail1.cobyser01.com' FROM:'Lorraine@us.org' RCPT:'' X-Greylist: Delayed for 01:40:33 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 24 Jan 2021 11:23:46 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 10OHNfvF015631 X-Spam-Prev-Subject: Greetings from Lorraine, Status: R X-Status: X-Keywords: X-UID: 38 My name is Lorraine Wirangee; I am 24 years old female from Romania. I seek for your assistance to be my partner and advicer for an investment in your country, money that I inherited from my late mother I wish to relocate to your country and I will give you more details after I hear from you. I await your urgent reply and May God bless you. Lorraine Wirangee From cdnleak@cdnleak.com Tue Jan 26 02:27:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 10QAR2iC012755 for ; Tue, 26 Jan 2021 02:27:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: **** X-Spam-Status: No, score=4.6 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_50, DKIM_INVALID,DKIM_SIGNED,HTML_MESSAGE,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US US ** TG Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 26 Jan 2021 02:27:02 -0800 (PST) Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2136.outbound.protection.outlook.com [40.107.243.136]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10QAPRbT010534 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 26 Jan 2021 04:25:36 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eJ7C98jRjTHH60mq+DBfld1Df/XMWTPQSMpzjP+Nh5sSHNSU2I+iXpauOtFPtMFHeMPOGsWFJ4/kouflM8mH4hFvYEh4DSY/LDbEwrAzfUBGlprdUmttV6jkU2u6G0UpFpzz1AyCjY+5y+DhG4NrycTFRFqkapbRCs0MGX+kxBe8//efP1mCqJnYxhfJbRXAa8qNLIwMKxapjGAm5061Hg6IJNHwZVYvVELyIK42n8pO61GRNw+1tGMVQB8whVqNJmX8YfxkprYSIofdXQuphomL2sSCYSOAhID0rhUfK0TAZwvn8kqmU3Nu4JY2B1PwAjKwhNB22V7jWEojCj9LBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JfEgLLuEb34rw4PIOxJimWDcgVJsXZp5mW80d242F/U=; b=BPNH9A83DzmKR//eHb2+GoZFwTwVfK/bD8HTot5jg4nKj2Fh2LN6m9anmpXeWwfvI/IcSrhlvH05wNAbYQLjrni8q6LrDmO2SsMl+RpzTm8N7ORck+2iNrCpk+eouoIVnYGyTOEIRCw9JaBaibGBcayF8973SzKylr4TeR15F3seH27zb1pdYbMDZYyvQ66Bd1CFniazKZYO4YaV/NF3XCNvh4kUJAMS5mJwTtK22AiMLURG2US6k3b7oaqZRPRFVJ/hjkIZfaymDeiv0Z1XmVLapqfWzikqOEDCXISB31RWfj1oGBKIvt+xPtrSGXM5A5SeKYChV1uKfL1+li01wA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cdnleak.com; dmarc=pass action=none header.from=cdnleak.com; dkim=pass header.d=cdnleak.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORG4196968.onmicrosoft.com; s=selector1-NETORG4196968-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JfEgLLuEb34rw4PIOxJimWDcgVJsXZp5mW80d242F/U=; b=yDYbSIeXgQ8440OfOxrqtD84oI7jhk2PZ5ONMJOiy2TvUAp3WB4zVd2M9iq8ntgQDiGCabJOdb5qBvHRgUUYwm40PmXJj08hNYpWJVU87g7x+l4pCJwWcs5Tx10CbMYcJa47AWfUlqJnMrGQsvrlHTkxQ3LGkMqztvx5CYxw+vE= Received: from MWHPR18MB1054.namprd18.prod.outlook.com (2603:10b6:300:a1::21) by MW3PR18MB3690.namprd18.prod.outlook.com (2603:10b6:303:52::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.12; Tue, 26 Jan 2021 10:25:23 +0000 Received: from MWHPR18MB1054.namprd18.prod.outlook.com ([fe80::8555:a671:5894:5102]) by MWHPR18MB1054.namprd18.prod.outlook.com ([fe80::8555:a671:5894:5102%4]) with mapi id 15.20.3784.019; Tue, 26 Jan 2021 10:25:23 +0000 From: "Barr.ellirodriguelawhouz" Subject: Please I need your urgent response. Thread-Topic: Please I need your urgent response. Thread-Index: AQHW881x4Y3WKiRB8UmECxxfUmzFHg== Date: Tue, 26 Jan 2021 10:25:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: pacific.net.sg; dkim=none (message not signed) header.d=none;pacific.net.sg; dmarc=none action=none header.from=cdnleak.com; x-originating-ip: [196.170.63.2] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eaf6ea48-1359-4e0c-8130-08d8c1e4b0b4 x-ms-traffictypediagnostic: MW3PR18MB3690: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3276; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1UJ7zV7G7KaOkTtlgokGK3HjXeLiWvOfE2v9Gyn59LnFVbK6e2kq1hYep1Sk1KHCtkxArVmO8bCF19dv7/GQZwMarX8uAi6FJD+c7jtCHIbSPqjxgokXiCcCoicY05zgTiU+IcTIoPnW4v4G6wVGmVwK3S9qY2j2HL8NViTQgGOOvoNTFb9TTQIq7dI8j0sErByW00I1pTA+iah35y9vmN0wDCRd6RUKYrQT/xFoCQRprzCnQ8NEtLPp3P4t+EXb0G8rdtd9gsbVaptc/IjVpOOxznxokNXt4bz/bTxw+4x9ejmTCC0g/OY6RxWRsG4wP0lQPUmOiR3UzD4/rIhMBAk5G4+SJMLT8XK369J6p1ACB0uws9t/+u28z9rKvlJF2JiiGgUQXkpBox4uq3M/ZrP6wCegURF4VzFTdZ0ZKJCzI2xj0xpBQmA5lpQhkNUY x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR18MB1054.namprd18.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(39850400004)(396003)(136003)(376002)(366004)(316002)(7366002)(7406005)(7336002)(8936002)(91956017)(76116006)(7416002)(7276002)(33656002)(71200400001)(558084003)(64756008)(86362001)(66556008)(66946007)(66446008)(66476007)(2906002)(8676002)(109986005)(5660300002)(55016002)(7696005)(478600001)(89122003)(52536014)(76576003)(88732003)(186003)(6506007)(26005)(83380400001)(9686003)(19627405001)(13710500001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?9svz3N3OE2a64jPzG5ZG1fNIF34XnvDvG6A2l+eHtPbvLYE0CgdgMUlnAb?= =?iso-8859-1?Q?EFp5qdpSWjKoonUoqz8JehClTKDXtxjn+E2bNmqGkIcMLEGx62Z34Bu+fH?= =?iso-8859-1?Q?XQKdnUyfBlZxRlqExa7ThczgayJaOEEaJjeQ66V66W83mTfP0gxhpQtwQq?= =?iso-8859-1?Q?0weFYObEQpKHb657c+PznwVw/+ZIX372w45QzFYef27SHJOJLPhCD5PQfj?= =?iso-8859-1?Q?ZGVG7GYirmNzeFQkKkvbLpG6ucWvzWYco84QiLNoQ7HFCEs0Sxq+TTLyK5?= =?iso-8859-1?Q?usKlXs8f3qfUVa7fckXujl/Xo9jW0tS9IhjehZgfxqZ9yCMVCNU5D3dHDK?= =?iso-8859-1?Q?Sw9KeEYtp7PIZJoRzrQTTZs66PCR+xxlQJxxVEF4OjKCq1QN8rrQ72jCG7?= =?iso-8859-1?Q?xY0oCqATwDgJSky2hEwr1NjcHc92OwoJbdx2GyoELTihMz2TWq+VclLpGZ?= =?iso-8859-1?Q?EVYqYApKeTzqr0U6d+tiQgDOG0Oh9BnOsnoxfwT1RqwKabYTWoxNArRCGq?= =?iso-8859-1?Q?MN/AtbwgMa1X7+/Uheldy2mFkWX5L9Dl/wECTQstf0TYxcdeyfaZtFN4q0?= =?iso-8859-1?Q?BkSaA/e6rTHlLfj2gyuZaRIvPkck8acZKf63hgcaAxfEqE6777keBSpWWM?= =?iso-8859-1?Q?rL01bLlcqULbI0IR+UmIJH4nnZDbkLLUbzRSkgx/ngWpzb5UarEt4CgLJC?= =?iso-8859-1?Q?y4oogaq7WcA5OlABeUZgiJ4XbNMRgxtbKbOOe5zzchqfe7po+YzX1oGIq5?= =?iso-8859-1?Q?nEW9TGx/MVVXTA2I9/w/9y/wEFcqfo6HJfwC/bCp2d03LV707iuElwcZRn?= =?iso-8859-1?Q?RfpuKajSGrLEl1oIFF4RswsBqj68/CJtQTQkAZd7BfT4Ck+4eN1mD3zRJi?= =?iso-8859-1?Q?dSqs7vs+/S8RoJXtbf+8Qm3dOMvZ1aS3M92Z7ZeGhHuLoVPeZz9six5hvg?= =?iso-8859-1?Q?QeSXDjWWLTcrwh8s2RC4y6icwRxAv7tBBu6bA34bHh/AimaqYRfjNsnHgR?= =?iso-8859-1?Q?Y279ku8oUg8YQY30thDpk7nV9/Pz8VYzC5JzjLXGXonjiNZir7jzUk4sTa?= =?iso-8859-1?Q?T7sas3vXWsedQYgmR7VrmfQ=3D?= x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_MWHPR18MB1054ECB518BDE2A3EBE13F67B5BC9MWHPR18MB1054namp_" MIME-Version: 1.0 X-OriginatorOrg: cdnleak.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR18MB1054.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: eaf6ea48-1359-4e0c-8130-08d8c1e4b0b4 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2021 10:25:22.5772 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 374fc1df-1dbc-4379-a44e-e61328eb3923 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Xn8o2ikmcm0TbQSYj4wNp7o/QZrqQzUx69zKQRtsKlrTNxLkwT1ui+9cLb9NJg/SK4tFQwvFG3NbCJt35gx9pQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR18MB3690 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Jan 2021 04:25:43 -0600 (CST) for IP:'40.107.243.136' DOMAIN:'mail-dm6nam12on2136.outbound.protection.outlook.com' HELO:'NAM12-DM6-obe.outbound.protection.outlook.com' FROM:'cdnleak@cdnleak.com' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Jan 2021 04:25:43 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 39 Content-Length: 1997 --_000_MWHPR18MB1054ECB518BDE2A3EBE13F67B5BC9MWHPR18MB1054namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello dear friend. I am Attorney Elli Raymond, A legal adviser/financial co= nsultant to your late relative. I want to talk with you regarding his asset= s in my possession, please get back to me as soon as possible, Thank you. Regards, Attorney. Elli Raymond. --_000_MWHPR18MB1054ECB518BDE2A3EBE13F67B5BC9MWHPR18MB1054namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable


Hello dear friend. I am Attorney Ell= i Raymond, A legal adviser/financial consultant to your late relative. I wa= nt to talk with you regarding his assets in my possession, please get back to me as soon as possible, Thank = you.

Regards,
Attorney. Elli Raymond.

--_000_MWHPR18MB1054ECB518BDE2A3EBE13F67B5BC9MWHPR18MB1054namp_-- From jp@frb.com Wed Jan 27 00:13:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FROM_MISSP_XPRIO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,LOTS_OF_MONEY,MISSING_HEADERS, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_PSBL,RELAY_COUNTRY_VN,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_NONE,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [139.99.135.4 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [139.99.135.4 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.8 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.6 MONEY_NOHTML Lots of money in plain text * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: AU VN Received: from vps-ae327aa8.vps.ovh.ca (vps-ae327aa8.vps.ovh.ca [139.99.135.4]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10R6DLRp004402 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 27 Jan 2021 00:13:37 -0600 Message-Id: <202101270613.10R6DLRp004402@ga.impsec.org> Received: from User (unknown [103.207.37.240]) by vps-ae327aa8.vps.ovh.ca (Postfix) with ESMTPA id 9038216F4B09; Sun, 24 Jan 2021 12:37:50 +0000 (UTC) Reply-To: From: "federal reserve[JEROME POWELL]" Subject: [SPAM] Re-Affirm[]o Date: Sun, 24 Jan 2021 04:37:56 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 27 Jan 2021 00:13:37 -0600 (CST) for IP:'139.99.135.4' DOMAIN:'vps-ae327aa8.vps.ovh.ca' HELO:'vps-ae327aa8.vps.ovh.ca' FROM:'jp@frb.com' RCPT:'' X-Greylist: Delayed for 41:49:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 27 Jan 2021 00:13:37 -0600 (CST) X-Spam-Prev-Subject: Re-Affirm[]o Status: R X-Status: X-Keywords: X-UID: 40 Content-Length: 1749 The Federal Reserve just received confirmation this morning that your inheritance funds($25millionusd) from Central Bank of Malaysia which was put on hold by the United States Treasury Department has just been released for transfer to your nominated account. However,we received a certified payment instrument from the Office of Foreign Asset Control(OFAC) in your favor containing your personal details and a new receiving account in the name and favor of your financial representative and partner, Mr. Robert Brown claiming to have document signed by you prior to your demise for him to receive the funds($25millionusd)on your behalf. Please kindly confirm if the account information are correct to receive the funds, Bank Name: U.S Bank Trust, N.A, MN; Swift Code: USBKUS4TCOR; Routing #: 121122676; Account Number: 153459581457; Account Beneficiary Name: Robert Brown; Beneficiary Address: 5021 Laguna Blvd, Elk Grove, CA 95758. As a matter of fact,the has made commitment to pay the $2,500usd cost of transfer(C.O.T) this week to complete the transfer of the funds. Please if you are alive,respond so that we can stop this man,your long silence has allowed the bank to believe you are indeed dead but i am sure you are alive and well,please don't loose this opportunity to get your funds. Ensure to confirm your information to the Federal Reserve for onward transfer of your funds($25millionusd) immediately at my private email below. emailto: jmpowellfr@gmail.com Contact person:Mr Jerome Powell Its important to state that our devotion and obligation remains to facilitate quick transfer of your funds so we will appreciate your affirmative response. Yours Sincerely Mr Jerome Powell Under-secretary Financial Surveillance From jhardin@impsec.org Wed Jan 27 16:51:58 2021 -0800 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 14927 invoked by uid 99); 28 Jan 2021 00:53:38 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jan 2021 00:53:38 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id B37611FF0EB for ; Thu, 28 Jan 2021 00:53:37 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 2.561 X-Spam-Level: ** X-Spam-Status: No, score=2.561 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, LOTS_OF_MONEY=0.001, MONEY_FRAUD_3=2.499, MSGID_FROM_MTA_HEADER=0.001, SPF_PASS=-0.001, T_HK_NAME_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=mendoza.gov.ar Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id ulkOV2X4TtRg for ; Thu, 28 Jan 2021 00:53:37 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=181.13.51.5; helo=smtp5.mendoza.gov.ar; envelope-from=hjozami@mendoza.gov.ar; receiver= Received: from smtp5.mendoza.gov.ar (smtp5.mendoza.gov.ar [181.13.51.5]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 8C45EBC957 for ; Thu, 28 Jan 2021 00:53:35 +0000 (UTC) Received: from mail04.mendoza.gov.ar (mail04.mendoza.gov.ar [192.168.128.33]) by mail02.mendoza.gov.ar (8.14.4/8.14.4) with ESMTP id 10S0qei8027721 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 27 Jan 2021 21:52:40 -0300 Authentication-Results: mail02.mendoza.gov.ar; dkim=pass (1024-bit key) header.d=mendoza.gov.ar header.i=@mendoza.gov.ar header.b="V4T/EjtZ" Message-Id: <202101280052.10S0qei8027721@mail02.mendoza.gov.ar> Received: from [91.224.92.190] (unknown [91.224.92.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail04.mendoza.gov.ar (Postfix) with ESMTPSA id D55B358634; Wed, 27 Jan 2021 21:52:10 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mendoza.gov.ar; s=2015022000; t=1611795140; bh=68mXNQiZLvR1UmijqgZUbqRZ9JwW+MT3rtPfJ0fBSsg=; h=Subject:To:From:Date:Reply-To; b=V4T/EjtZq9ZvTWxPa0UvozzmpAQClAZmhQU27ZJMJSYL51HYQk/wDZT4GrgBl9Wwq DgWw+KTjPQV6H1rOarBvAFQczEmrRt8ffKp+dt2iz+0vjbGIyHb+ENcnpIUYa2hHOL Me3vd7wJVUkkiYngB1rrSDAQbRf6S6tcNsm2fT7k= Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Lucky winner To: Recipients From: "Mr. Warren E Buffett" Date: Wed, 27 Jan 2021 16:51:58 -0800 Reply-To: buffettwarrene21@gmail.com Status: X-Status: X-Keywords: X-UID: 41 Lucky winner, My name is Warren E. Buffett, an American businessman Investor and Philanthropist. I am the most successful investor in the world= and CEO of Berkshire Hathaway. I firmly believe that I had an idea that never changed. that your assets to help people, and I deci= ded {3,500,000.00} three million euros to 10 randomly selected people in Eu= rope to donate worldwide. If after receiving this email you for You should = donate to charity in European countries refer to as a happy person. Your em= ail address was with the selected random search online. Please contact me l= ike this as soon as possible so that I know that your email address is vali= d is. Visit this page: https://en.wikipedia.org/wiki/Warren_Buffett or google my name for more information: (Warren Buffett). Waiting for your answer. With best regards, Mr. Warren Buffett Billionaire investor Managing Director: Berkshire Hathaway From no_reply@bond10.com Fri Jan 29 01:50:48 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************** X-Spam-Status: Yes, score=20.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_60,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FROM_MISSP_XPRIO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_PASS, TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6996] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [38.146.57.21 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [38.146.57.21 listed in bl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: US US Received: from vm.bond10.com ([38.146.57.21]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10T7og9A006761 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 29 Jan 2021 01:50:48 -0600 Message-Id: <202101290750.10T7og9A006761@ga.impsec.org> Received: from User (ec2-3-131-153-16.us-east-2.compute.amazonaws.com [3.131.153.16]) by vm.bond10.com (Postfix) with ESMTPA id C27CB4837C96; Wed, 27 Jan 2021 20:15:46 -0500 (EST) Reply-To: From: "Prof. T.S Hemmo Msc" Subject: [SPAM] Breaking News: Business & Personal Tax Refund Date: Thu, 28 Jan 2021 01:15:48 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 29 Jan 2021 01:50:48 -0600 (CST) for IP:'38.146.57.21' DOMAIN:'[38.146.57.21]' HELO:'vm.bond10.com' FROM:'no_reply@bond10.com' RCPT:'' X-Greylist: Delayed for 23:54:23 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 29 Jan 2021 01:50:48 -0600 (CST) X-Spam-Prev-Subject: Breaking News: Business & Personal Tax Refund Status: R X-Status: X-Keywords: X-UID: 42 Content-Length: 1844 International Taxation Community (Territorial & Worldwide Taxation) Office E-Mail: recovered-tax@daum.net Whatsapp: +1 (706) 688-9714 P.0 Box 16031 Dear Esteemed Applicant, It has been called to our attention by the refunds department, that over the years you have incurred an accumulation of over-paid tax record which has not been acknowledged. We would like you to note that it is in our policy to refund all over-paid tax to its respective beneficiary, which is done annually. We realized that over the years you have not been able to claim your refunds due to errors from the administration. The Commission on the 16th of April, 2018 mandated the office to payback all over-paid tax to her applicant and non applicant who are not aware that over paid taxes must be refunded, which has been done serially, till it got to your turn because it's done alphabetically. Kindly get back to us with a proof of your identity, so it would be merged it to our database for the calculation and refund of your over-paid tax back to you, through your preferred medium which includes payment by cheque or cashier cheque, debit or credit card issuance, direct bank deposit, and bank wire transfer. We wait for your kind response and also inform us if you pay Personal Tax or Business Tax and also state if you pay the both or not, so we could take the necessary actions to ensure your refunds are released to you as soon as possible. We really apologize for the inconveniences this might have caused you. We are looking forward to hearing from you soon. Thanks and God bless us all. Sincerely Yours Dr. Mrs. D.A McGuiness (FRCP) E-mail: dr.deborahmcguiness@gmail.com Phone & SMS: +1 (706) 688-9714 Sectional Tax Refund Taskforce Supervisor Also a Frontliner on Tax Refund Awareness Signed and Approval By: International Taxation Refund Council. From infoms929@gmail.com Fri Jan 29 16:50:40 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.6 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,DKIM_ADSP_CUSTOM_MED, FILL_THIS_FORM,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_LOTTO, HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM, MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_WEB, RDNS_NONE,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC,SPF_HELO_PASS, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_LOAN, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9784] * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [37.49.225.131 listed in dnsbl.sorbs.net] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [111.20.159.210 listed in psbl.surriel.com] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [111.20.159.210 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [111.20.159.210 listed in bl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [infoms929[at]gmail.com] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [infoms929[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 HK_LOTTO No description available. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 1.5 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.3 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 2.7 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: CN NL Received: from email.hanshin.com.cn ([111.20.159.210]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 10TMoa05040807 for ; Fri, 29 Jan 2021 16:50:39 -0600 Message-Id: <202101292250.10TMoa05040807@ga.impsec.org> Received: from User (unknown [37.49.225.131]) by email.hanshin.com.cn (Postfix) with ESMTPA id D8D83144EBF; Fri, 29 Jan 2021 07:26:51 +0800 (CST) Reply-To: From: "Covid-19 Lottery Department" Subject: [SPAM] Public Relation Facebook Covid-19 Lottery Department! Date: Fri, 29 Jan 2021 00:27:11 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 29 Jan 2021 16:50:40 -0600 (CST) for IP:'111.20.159.210' DOMAIN:'[111.20.159.210]' HELO:'email.hanshin.com.cn' FROM:'infoms929@gmail.com' RCPT:'' X-Greylist: Delayed for 09:50:39 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 29 Jan 2021 16:50:40 -0600 (CST) X-Spam-Prev-Subject: Public Relation Facebook Covid-19 Lottery Department! Status: R X-Status: X-Keywords: X-UID: 43
Congratulations your Facebook account has won $2.500,000,00 in the on-going facebook Covid-19 start of the year relief lottery promotion 2021. Contact E- mail :mrsrose.hill@rediffmail.com or Mrs Rose Hill via Phone +1 567-959-1890 with your reference number (FB-225-2020)
 
Kindly reconfirm to him the following below information:
 
Your full name_________________________
Your address__________________________
Your country___________________________
Your age______________________________
Your occupation________________________
Your Phone number______________________
 
Public Relation Facebook Covid-19 Lottery Department
 From infoms929@gmail.com Mon Feb 1 02:41:14 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.2 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED, FILL_THIS_FORM,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_TO_UNDISC,FROM_MISSP_USER,FROM_MISSP_XPRIO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_LOTTO,HTML_MESSAGE, LOTS_OF_MONEY,MIME_HTML_ONLY,MONEY_FORM,MONEY_FRAUD_3, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_WEB, RDNS_NONE,REPTO_419_FRAUD,SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_LOAN, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [59.152.229.114 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [59.152.229.114 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [59.152.229.114 listed in bl.score.senderscore.com] * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [37.49.225.131 listed in dnsbl.sorbs.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [infoms929[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [infoms929[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 HK_LOTTO No description available. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 1.9 SPOOFED_FREEMAIL No description available. * 2.1 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 2.4 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 2.8 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: HK NL Received: from ftp.pakkai.com.hk ([59.152.229.114]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1118f9HL010349 for ; Mon, 1 Feb 2021 02:41:14 -0600 Received: from User (unknown [37.49.225.131]) by ftp.pakkai.com.hk (Postfix) with ESMTP id 7BFB15FD3BCC; Fri, 29 Jan 2021 08:09:05 +0800 (HKT) Reply-To: From: "Covid-19 Lottery Department" Subject: [SPAM] Public Relation Facebook Covid-19 Lottery Department! Date: Fri, 29 Jan 2021 01:09:25 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210129000905.7BFB15FD3BCC@ftp.pakkai.com.hk> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Feb 2021 02:41:14 -0600 (CST) for IP:'59.152.229.114' DOMAIN:'[59.152.229.114]' HELO:'ftp.pakkai.com.hk' FROM:'infoms929@gmail.com' RCPT:'' X-Greylist: Delayed for 68:48:10 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Feb 2021 02:41:14 -0600 (CST) X-Spam-Prev-Subject: Public Relation Facebook Covid-19 Lottery Department! Status: R X-Status: X-Keywords: X-UID: 44
Congratulations your Facebook account has won $2.500,000,00 in the on-going facebook Covid-19 start of the year relief lottery promotion 2021. Contact E- mail :mrsrose.hill@rediffmail.com or Mrs Rose Hill via Phone +1 567-959-1890 with your reference number (FB-225-2020)
 
Kindly reconfirm to him the following below information:
 
Your full name_________________________
Your address__________________________
Your country___________________________
Your age______________________________
Your occupation________________________
Your Phone number______________________
 
Public Relation Facebook Covid-19 Lottery Department
 From Lorraine@us.org Tue Feb 2 20:21:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.9 required=5.0 tests=ADVANCE_FEE_5_NEW,BAYES_99, BAYES_999,FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_PSBL,RCVD_IN_RP_RNBL,REPTO_419_FRAUD_AOL,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_NONE,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_AOL Reply-To is known advance fee fraud * collector mailbox * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [181.48.91.190 listed in psbl.surriel.com] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [181.48.91.190 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [181.48.91.190 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.9 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: CO ** ** ** ** ** Received: from mail1.cobyser01.com (mail1.cobyser01.com [181.48.91.190]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1132LqiI031894 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 2 Feb 2021 20:21:56 -0600 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id 9F7C21C64285; Tue, 2 Feb 2021 18:42:25 -0500 (COT) Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id KDHQkb37d2dy; Tue, 2 Feb 2021 18:42:25 -0500 (COT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail1.cobyser01.com (Postfix) with ESMTP id E46871C636A3; Tue, 2 Feb 2021 18:39:33 -0500 (COT) X-Virus-Scanned: amavisd-new at cobyser01.com Received: from mail1.cobyser01.com ([127.0.0.1]) by localhost (mail1.cobyser01.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UlVomdYi69_S; Tue, 2 Feb 2021 18:39:33 -0500 (COT) Received: from [196.196.116.91] (unknown [192.168.0.2]) by mail1.cobyser01.com (Postfix) with ESMTP id D69121C62DB7; Tue, 2 Feb 2021 18:38:52 -0500 (COT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Greetings from Lorraine, To: Recipients From: "Miss. Lorraine" Date: Tue, 02 Feb 2021 15:38:49 -0800 Reply-To: lorrainewirangee@aol.com Message-Id: <20210202233853.D69121C62DB7@mail1.cobyser01.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Feb 2021 20:21:56 -0600 (CST) for IP:'181.48.91.190' DOMAIN:'mail1.cobyser01.com' HELO:'mail1.cobyser01.com' FROM:'Lorraine@us.org' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Feb 2021 20:21:56 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1132LqiI031894 X-Spam-Prev-Subject: Greetings from Lorraine, Status: R X-Status: X-Keywords: X-UID: 45 My name is Lorraine Wirangee; I am 24 years old female from Romania. I seek for your assistance to be my partner and adviser for an investment in your country, money that I inherited from my late mother I wish to relocate to your country and I will give you more details after I hear from you. I await your urgent reply and May God bless you. Lorraine Wirangee From esther2020js@gmail.com Tue Feb 2 23:09:54 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.7 required=5.0 tests=BAYES_99,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, MONEY_NOHTML,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9982] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [esther2020js[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.181 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.208.181 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [graceobia001[at]gmail.com] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.1 MONEY_NOHTML Lots of money in plain text * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11359lDi045950 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 2 Feb 2021 23:09:53 -0600 Received: by mail-lj1-f181.google.com with SMTP id l12so26836882ljc.3 for ; Tue, 02 Feb 2021 21:09:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=3dAY8YO6G9p6ngSgiNgV4nCMNx3x+FV26+F75ZS1ED8=; b=GUTbkPAqoHX2nOQS6m8ZHbKBoD/juPciVpPrJcMyejoj5FE4ABIOlkBrc4lghOPJMe PFEDD356DA0UoACvLed7e6uJEqAiTASk44nI1eMxa7zuDTVLadPgC+36ge0F0Nua9Ouf W1FZEsvt7Yd/vNeqM2ou5fomz9/cPD3GK3Za7Ik2EsFolFu+Ai0c3DbTBmzhEas9x5nC 07JyU6K3Sdx7tEVSGKJJMuvPO8No091a+bkXpHruHs9EYUxJWuPmXlff8hUHJl0xbekn flD/8yEQY3asFXYga6NkxQZJvV+/BjmIcaFsnaHWga2ZiW60hDaxsj7MkEsg3LQw4kAM 7R3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=3dAY8YO6G9p6ngSgiNgV4nCMNx3x+FV26+F75ZS1ED8=; b=IkooA+8VCFikVvdbm8P89wrVbdQlVcH/V51fe+ms29ionBFIEwrZxMTXhwcsyy7wbj +Vi4PJX2m289asnOyO34qJMAOUptmE66ifj8JI4h9rdvT74dXg/W8XTcss9kJP1hwlUu PlNw3LgumJhxWvyx0eNBvCFo4s/fT4I48j8snMfeC7MmdTj1y20uZMwBqXJ5H/Vh0GTb YRcNg1g5hFiPSA6l+wvNCgXIuY0DqFdImABGqkX04FQR1XC1Z3PmS2Z1SoAOq0NoMJll VNPmoFhehVnga7Fr0nQagLm31V6QpY7Ygul4B3v7jt051UIXxkfXsv6nHFA9QFAK2hL5 ukxA== X-Gm-Message-State: AOAM531a8BGTjX0D1eS9PjgsSa+NRmfnx6gtzPemSI2IEnlCVbsXAto9 R9H9kn4skqUURze+MhxvotKxZ4wlnhpfIUNq0Ys= X-Google-Smtp-Source: ABdhPJwepviAUsfwUMMv+h+YV+wWxhdVmuA/k9kjcR7ytIlHNGnPrfkyf7zKffKRG35LeFHPxEfJXq/QrbalOUgPhiI= X-Received: by 2002:a2e:b8d3:: with SMTP id s19mr732558ljp.97.1612328984744; Tue, 02 Feb 2021 21:09:44 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a19:c20a:0:0:0:0:0 with HTTP; Tue, 2 Feb 2021 21:09:43 -0800 (PST) Reply-To: graceobia001@gmail.com From: Grace Obia Date: Wed, 3 Feb 2021 05:09:43 +0000 Message-ID: Subject: [SPAM] Alasan saya yang jelas untuk menghubungi Anda To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Feb 2021 23:09:54 -0600 (CST) for IP:'209.85.208.181' DOMAIN:'mail-lj1-f181.google.com' HELO:'mail-lj1-f181.google.com' FROM:'esther2020js@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Feb 2021 23:09:54 -0600 (CST) X-Spam-Prev-Subject: Alasan saya yang jelas untuk menghubungi Anda Status: R X-Status: X-Keywords: X-UID: 46 Content-Length: 1645 -- Alasan saya yang jelas untuk menghubungi Anda Halo, nama saya Grace Obia, profil Anda benar-benar membuat saya terkesan dan saya ingin tahu dan mempelajari lebih lanjut tentang Anda, mungkin Anda dapat menghubungi saya di id email saya (graceobia001@gmail.com) sehingga saya dapat mengirimi Anda foto-foto saya untuk Anda tahu dengan siapa Anda berbicara. Alasan saya yang jelas untuk menghubungi Anda Saya adalah seorang gadis berusia 22 tahun yatim piatu, Orang tua saya baru saja meninggal karena COVID 19, tetapi saya memiliki perusahaan keamanan swasta di sini $ 7,500.000.00 (Tujuh Juta Lima Ratus Ribu US dollar) yang saya warisi dari almarhum ayah saya Rafael Obia. Uang ini disimpan di perusahaan keuangan di Pantai Gading; Saya ingin menginvestasikan dana di negara Anda dengan persetujuan, kerja sama, bantuan, saran, dan Tolong. Bagaimanapun saya senang untuk membuka komunikasi dengan Anda, untuk mengantisipasi komitmen murni Anda untuk mewujudkan impian saya mentransfer uang ini kepada Anda. negara. Kedua, atas penerimaan penuh Anda untuk bekerja dengan saya mengenai tujuan ini, mohon tunjukkan minat Anda dengan membalas saya sehingga saya akan memberi Anda informasi yang diperlukan dan detail tentang cara melangkah lebih jauh. Saya siap menawarkan 25% jumlah total uang kepada Anda pada transfer akhir uang ke rekening bank Anda. Saya menunggu tanggapan mendesak Anda termasuk detail berikut. 1) Nama lengkap Anda 2) Alamat lengkap 3) Nomor telepon 4) Alamat Anda 5) Pekerjaan 6) Usia Salam terbaik saya untuk Anda dan seluruh keluarga Anda. Saya membutuhkan bimbingan Anda. Terima kasih Grace Obia From MAILER-DAEMON@mail.bilgilendirme.mikromax.com.tr Fri Feb 5 16:29:49 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************** X-Spam-Status: Yes, score=20.7 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE, KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MAY_BE_FORGED,MIME_HTML_ONLY, MONEY_FROM_MISSP,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_TR, SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 1.1 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [212.58.14.178 listed in bl.score.senderscore.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.151.124.247 listed in zen.spamhaus.org] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [212.58.14.178 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.4 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.5 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TR XX Received: from mail.bilgilendirme.mikromax.com.tr (bilgilendirme.mikromax.com.tr [212.58.14.178] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 115MTiN9021877 for ; Fri, 5 Feb 2021 16:29:48 -0600 Received: from [103.151.124.247] (account postmaster@mail.bilgilendirme.mikromax.com.tr HELO User) by mail.bilgilendirme.mikromax.com.tr (CommuniGate Pro SMTP 6.2.12 _community_) with ESMTPA id 21714036 for jhardin@impsec.org; Thu, 04 Feb 2021 04:10:04 +0300 Reply-To: From: "Mohammed - .178" To: jhardin@impsec.org Subject: [SPAM] qA-partnership | N - 4.1m Date: Wed, 3 Feb 2021 17:10:03 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 05 Feb 2021 16:29:49 -0600 (CST) for IP:'212.58.14.178' DOMAIN:'[212.58.14.178]' HELO:'mail.bilgilendirme.mikromax.com.tr' FROM:'MAILER-DAEMON@mail.bilgilendirme.mikromax.com.tr' RCPT:'' X-Greylist: Delayed for 43:34:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 05 Feb 2021 16:29:49 -0600 (CST) X-Spam-Prev-Subject: qA-partnership | N - 4.1m Status: R X-Status: X-Keywords: X-UID: 47 Content-Length: 1927
Greetings.
 
I am looking to work with you to engage in profit oriented Investment ventures in your country and perhaps with your assistance, we could get a good Return on Investment (ROI).
 
I have the directive of Sheikh Mubarak AL-Thani to source for a partner abroad who can accommodate 200M USD for Investment. The sum was derived from a Supply Contract executed by a foreign company with Qatar Petroleum Company in Doha - Qatar.
 
We shall execute the transaction under a legitimate arrangement without breaking the law to ensure funds are transferred to you as the lawful beneficiary.
 
More details will follow upon your reply.
 
Regards,
 
Mohammed.
 
--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 
 From afdb.frd.bf@accountant.com Sun Feb 7 01:36:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.9 required=5.0 tests=AC_FROM_MANY_DOTS, ADVANCE_FEE_4_NEW,AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL,FROM_MISSP_USER, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_SCAM, MISSING_HEADERS,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,RCVD_IN_PSBL, RCVD_IN_RP_RNBL,RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_YJ,SPF_FAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, T_SPF_HELO_TEMPERROR autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [61.127.191.157 listed in bl.score.senderscore.com] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [61.127.191.157 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_YJ Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 NSL_RCVD_FROM_USER Received from User * 1.7 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [61.127.191.157 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [afdb.frd.bf[at]accountant.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed * (temperror) * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=afdb.frd.bf%40accountant.com;ip=61.127.191.157;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.1 FROM_MISSP_SPF_FAIL No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 HK_SCAM No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 3.0 AC_FROM_MANY_DOTS Multiple periods in From user name * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: JP GB Received: from mail.edu.town.motobu.okinawa.jp (mail.edu.town.motobu.okinawa.jp [61.127.191.157]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1177a34I044813 for ; Sun, 7 Feb 2021 01:36:07 -0600 Message-Id: <202102070736.1177a34I044813@ga.impsec.org> Received: from User (unknown [2.31.130.255]) by mail.edu.town.motobu.okinawa.jp (Postfix) with ESMTPA id B99001CC582; Sat, 6 Feb 2021 12:28:31 +0900 (JST) Reply-To: From: "Dr Raymond Chien Hang Seng Ltd, Hong Kong" Subject: [SPAM] REPLY AS SOON AS POSSIBLE Date: Sat, 6 Feb 2021 03:25:14 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Feb 2021 01:36:07 -0600 (CST) for IP:'61.127.191.157' DOMAIN:'mail.edu.town.motobu.okinawa.jp' HELO:'mail.edu.town.motobu.okinawa.jp' FROM:'afdb.frd.bf@accountant.com' RCPT:'' X-Greylist: Delayed for 19:39:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Feb 2021 01:36:07 -0600 (CST) X-Spam-Prev-Subject: REPLY AS SOON AS POSSIBLE Status: R X-Status: X-Keywords: X-UID: 48 I am Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client. Died without a NEXT OF KIN. Send me your private email for full details information. email me at E-Mail: dr29876dr@gmail.com Regards Mr.Fung From lilliyben11@gmail.com Mon Feb 8 05:45:01 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 118Dj1ce018497 for ; Mon, 8 Feb 2021 05:45:01 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******** X-Spam-Status: Yes, score=8.3 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5776] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [lilliyben11[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.68 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.68 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [benjaminsarah195[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [lilliyben11[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Mon, 08 Feb 2021 05:45:01 -0800 (PST) Received: from mail-lf1-f68.google.com (mail-lf1-f68.google.com [209.85.167.68]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 118Dgs4Z042579 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 8 Feb 2021 07:43:01 -0600 Received: by mail-lf1-f68.google.com with SMTP id f23so5184946lfk.9 for ; Mon, 08 Feb 2021 05:42:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=TdyWYUhpZqqRyWEvVwdcZRYJwXkw7HlGoEzkH7cB2eE=; b=AGfffu3jIWpsAKstSPDFy8jOrwAoURX4JCm9Q/nq1oKqdSmi3kfbc/2UJt4Vo4HYJn rggRpfDOptd15wJ3mc4ZMmO8BNi+KSmjV6+rp7vPTYMIEcPWxhEssyOKRIGTzuxuoKsu wnxndurBH1tkC0nqT0MdOptk97Vjro7FoYdrPc32aNGW4jfjJQSe5y73DQqKcYS2MGDp ghBviz21FHiG04IHhMSsy0UUHwvFV4DEOCAz6p/ZNK9c+U9Y5scTst0MqnNb/ae0wpTl AU1qdT792GRyv7I5ezQLKe4xnLgleisN0hnmdUmuyv1TslkdUhZA/fJ8+fsdOPKv4QoH 9d5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=TdyWYUhpZqqRyWEvVwdcZRYJwXkw7HlGoEzkH7cB2eE=; b=GDXlg+roUo6OSoT8jlK+b548WczHaOUo9/LraOa3+J/O8C+JBac5dhlUKrqTnX48TQ 0Q7IldhcWw4mU0zeUdNobTciA9OAjKrAirQ2635sequsjJDu7pyrWzX+EDzFnG09tVP2 JuadLeP8YYwG4lKHflz2qmfhMKb/6Q4ik1toiKqzUuqFR9JmM4cVBwo8Zh93Y/bUQac5 oWwVqgIdQ26BEe/s2kkfxrvPmlGor4tSxfB4Vekxq3ii5Y+NGpwigWKqlM5FsUso5Td1 izTV17TxMF4Ft6yW3dLDWmPCzBhU4uuWI9FMTh22PAgOQEQSYyCaCF7w2JJMMqb4p1cp Q25Q== X-Gm-Message-State: AOAM531YiCXEEYUL6EHagZps21NQH8V05juzspHJXfRQcdveBkBJDP9T WQXyQ8tWaYYGQAyz8eLM078KikWQpPlf4c5DCHI= X-Google-Smtp-Source: ABdhPJxq8VtwwukL2sZ8qSpklI++Py4qi6nRCrJZUzA+R4CVrFr90n1lCFgDQRtMfee8xNqUTkvL8CXmsZNLQsudg98= X-Received: by 2002:a05:6512:2182:: with SMTP id b2mr6409544lft.342.1612791769525; Mon, 08 Feb 2021 05:42:49 -0800 (PST) MIME-Version: 1.0 Reply-To: benjaminsarah195@gmail.com From: benjamin sarah Date: Mon, 8 Feb 2021 13:45:02 +0000 Message-ID: Subject: [SPAM] I need your urgent help To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="00000000000084f47d05bad358f9" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 08 Feb 2021 07:43:01 -0600 (CST) for IP:'209.85.167.68' DOMAIN:'mail-lf1-f68.google.com' HELO:'mail-lf1-f68.google.com' FROM:'lilliyben11@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 08 Feb 2021 07:43:01 -0600 (CST) X-Spam-Prev-Subject: I need your urgent help Status: R X-Status: X-Keywords: X-UID: 49 Content-Length: 4899 --00000000000084f47d05bad358f9 Content-Type: text/plain; charset="UTF-8" Hello Please excuse this humble email if it offends your sensibilities; I am Mrs sarah benjamin, I have been diagnosed with cancer. It has defied all forms of medical treatment, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone (not even myself) but my business. Though I am very rich, I was never generous. I was always hostile to People and only focused on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. I would want to have a Personal and Trustworthy Relationship with you, as I intend and willing to empower the change of ownership for the transfer of my Deposits to your personal possession for Charity Disbursement to the Less Privilege and Homeless. I want this fund to be used in liberation work Activities like, help to Orphanages, and Christian schools, helping widows and up keeping of the Churches and propagating the word of God and to endeavor that the house of God is maintained. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 vs 14 says that the lord will fight my case and I shall hold my peace. Because of my health condition when i try to speak it leads to a serious coughing out of blood. I will send you the photos of me, As soon as I receive your reply I shall give you the details on how to contact the bank directly for onward transfer. I will also issue you an authority letter that will prove you as the present beneficiary of my funds. I want you and your family to always pray for me but the lord is my shepherd. Get back to me for more details thanks God bless you . Thank you for your due consideration. God be with you Yours Sister in the Lord. pls you can contact me with this Email address benjaminsarah195@gmail.com. --00000000000084f47d05bad358f9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello
=C2=A0Please excuse this humble email if it offen= ds your sensibilities;

=C2=A0I am Mrs sarah benjamin, I have been di= agnosed with cancer. It has defied
=C2=A0all forms of medical treatment,= and right now I have only about a few
=C2=A0months to live, according t= o medical experts. I have not particularly lived
=C2=A0my life so well, = as I never really cared for anyone (not even myself) but
=C2=A0my busine= ss. Though I am very rich, I was never generous. I was always
=C2=A0host= ile to People and only focused on my business as that was the only
=C2= =A0thing I cared for. But now I regret all this as I now know that there is=
=C2=A0more to life than just wanting to have or make all the money in t= he world.
I believe when God gives me a second chance to come to this wo= rld I would
=C2=A0live my life a different way from how I have lived it.=

=C2=A0I would want to have a Personal and Trustworthy Relationship = with you, as I intend and willing to empower the change of ownership for th= e transfer of
=C2=A0my Deposits to your personal possession for Charity = Disbursement to the
=C2=A0Less Privilege and Homeless. I want this fund = to be used in liberation work
=C2=A0Activities like, help to Orphanages,= and Christian schools, helping widows
and up keeping of the Churches an= d propagating the word of God and to
=C2=A0endeavor that the house of Go= d is maintained. I am not afraid of death
=C2=A0hence I know where I am = going. I know that I am going to be in the bosom of
=C2=A0the Lord. Exod= us 14 vs 14 says that the lord will fight my case and I shall
=C2=A0hold= my peace.

=C2=A0Because of my health condition when i try to speak = it leads to a serious
=C2=A0coughing out of blood. I will send you the p= hotos of me,

As soon as I receive your reply I shall give you the de= tails on how to
=C2=A0contact the bank directly for onward transfer. I w= ill also issue you an
=C2=A0authority letter that will prove you as the = present beneficiary of my
=C2=A0funds. I want you and your family to alw= ays pray for me but the lord is my
=C2=A0shepherd.

=C2=A0Get back= to me for more details thanks God bless you .

=C2=A0Thank you for y= our due consideration. God be with you

=C2=A0Yours Sister in the Lor= d.
=C2=A0pls you can contact me with this Email address benjaminsarah195@gmail.com.
--00000000000084f47d05bad358f9-- From jhardin@impsec.org Tue Feb 9 19:16:24 2021 -0800 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 75774 invoked by uid 99); 10 Feb 2021 08:37:12 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Feb 2021 08:37:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id DC72CC03FA for ; Wed, 10 Feb 2021 08:37:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 4.317 X-Spam-Level: **** X-Spam-Status: No, score=4.317 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LOTS_OF_MONEY=0.001, MONEY_FROM_MISSP=1.814, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L3=0.001, RCVD_IN_PSBL=2.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=aelita.ua Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id Akf33hUUm8Dj for ; Wed, 10 Feb 2021 08:37:11 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=212.3.100.254; helo=mail.aelita.ua; envelope-from=v.djerikh@aelita.ua; receiver= Received: from mail.aelita.ua (mail.aelita.ua [212.3.100.254]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id BB14DBCD86 for ; Wed, 10 Feb 2021 08:37:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.aelita.ua (Postfix) with ESMTP id 69EEA1E7792E; Wed, 10 Feb 2021 05:00:34 +0200 (EET) Received: from mail.aelita.ua ([127.0.0.1]) by localhost (mail.aelita.ua [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id prGJUC8kItS3; Wed, 10 Feb 2021 05:00:33 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by mail.aelita.ua (Postfix) with ESMTP id 845791E76BAA; Wed, 10 Feb 2021 04:47:10 +0200 (EET) DKIM-Filter: OpenDKIM Filter v2.9.2 mail.aelita.ua 845791E76BAA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aelita.ua; s=mail; t=1612925230; bh=19iibQ65/dx8mi5lLNN8tPTQ2FC7IH/irbgaHp7Ok2Q=; h=Content-Type:MIME-Version:Content-Transfer-Encoding:Subject:To: From:Date:Reply-To:Message-Id; b=JwuRA6h8NHWkUT5f96cWPbRg4jdGYs9f7pAcbSZaUZ6zu56qrQnlcXi5OSXxUaANW oKL6yXSSCYTSUXk34daJ/XLJ/8SAyahKxjXF/zEDg1w1voTWpMjJWnBLliDgFrsimu fBnbB88sSRqwmicp5Q1TPLmB/ofa8lllZlHJuecs= X-Virus-Scanned: amavisd-new at aelita.ua Received: from mail.aelita.ua ([127.0.0.1]) by localhost (mail.aelita.ua [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id R1-g8tA6dDL2; Wed, 10 Feb 2021 04:47:10 +0200 (EET) Received: from [10.35.153.166] (unknown [105.4.3.47]) by mail.aelita.ua (Postfix) with ESMTPSA id 093281E6E6AE; Wed, 10 Feb 2021 04:06:25 +0200 (EET) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: =?utf-8?b?UmU6IOKCrCAyLDAwMCwwMDAuMDAgRXVybw==?= To: Recipients From: "Richard Wahl" Date: Tue, 09 Feb 2021 19:16:24 -0800 Reply-To: liezlnatashavanessa@gmail.com Message-Id: <20210210020627.093281E6E6AE@mail.aelita.ua> Status: X-Status: X-Keywords: X-UID: 50 Lieber Freund, Ich bin Herr Richard Wahl der Mega-Gewinner von $ 533M In Mega Millions Jac= kpot spende ich an 5 zuf=C3=A4llige Personen, wenn Sie diese E-Mail erhalte= n, dann wurde Ihre E-Mail nach einem Spinball ausgew=C3=A4hlt. Ich habe den= gr=C3=B6=C3=9Ften Teil meines Verm=C3=B6gens auf eine Reihe von Wohlt=C3= =A4tigkeitsorganisationen und Organisationen verteilt. Ich habe mich freiwi= llig dazu entschieden, Ihnen den Betrag von =E2=82=AC 2.000.000,00 zu spend= en eine der ausgew=C3=A4hlten 5, um meine Gewinne zu =C3=BCberpr=C3=BCfen, = finden Sie auf meiner You Tube Seite unten. UHR MICH HIER: https://www.youtube.com/watch?v=3Dtne02ExNDrw Das ist dein Spendencode: [DF00430342018] Antworten Sie mit dem Spendencode auf diese E-Mail: info@wahlfoundation.org Ich hoffe, Sie und Ihre Familie gl=C3=BCcklich zu machen. Gr=C3=BC=C3=9Fe Herr Richard Wahl From jchoi@free.de Thu Feb 11 13:02:35 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.4 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_60,FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS, HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,MONEY_FORM_SHORT, MONEY_FREEMAIL_REPTO,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT, T_LOTTO_AGENT_RPLY,T_LOTTO_URI autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6151] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [45.157.141.43 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [45.157.141.43 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 T_LOTTO_URI URI: Claims Department URL * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 T_LOTTO_AGENT_RPLY Claims Agent * 0.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 2.9 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 0.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: XX ** Received: from postex.email (postex.email [45.157.141.43]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11BJ2VwI031047 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 11 Feb 2021 13:02:35 -0600 X-Footer: cHVzaGV4LnB3 Received: from localhost ([127.0.0.1]) by postex.email with ESMTPA for jhardin@impsec.org; Thu, 11 Feb 2021 21:57:04 +0300 Reply-To: bclaimdept@aol.com From: "Mrs.Lito" To: jhardin@impsec.org Subject: [SPAM] Re-: Spatial Attention.. Date: 11 Feb 2021 10:57:02 -0800 Message-ID: <20210211105702.DC9737FA694CFD82@free.de> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Feb 2021 13:02:35 -0600 (CST) for IP:'45.157.141.43' DOMAIN:'postex.email' HELO:'postex.email' FROM:'jchoi@free.de' RCPT:'' X-Greylist: Delayed for 00:05:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Feb 2021 13:02:35 -0600 (CST) X-Spam-Prev-Subject: Re-: Spatial Attention.. Status: R X-Status: X-Keywords: X-UID: 51

Dear jhardin, Congratulations! 

Your e= mail ID jhardin@impsec.org has been selected in our r= andom compensation program of 850,000 Euros, due to Global pandemic.
To claim your Compensated Funds.

Send your Full Name:....Age.... Ph= one Nº...., and Country:.., To: bclaimdept@aol.com immedia= tely for payment.

Sincerely.
Mrs. María Lito.
Reply To:  bclaimdept@aol.com From test@clo.com.pk Fri Feb 12 02:18:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.0 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DKIM_INVALID, DKIM_SIGNED,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_MSFT, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,LOTS_OF_MONEY, MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_YH_LOOSE,SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_PASS, TO_NO_BRKTS_FROM_MSSP,US_DOLLARS_3,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [kimleang90[at]yahoo.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 2.0 REPTO_419_FRAUD_YH_LOOSE Ends-in-digits Reply-To is similar to * known advance fee fraud collector mailbox * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.6 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US LT Received: from server.clo.com.pk ([165.22.58.77]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11C8IqkO008209 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 02:18:59 -0600 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=clo.com.pk; s=mail; h=Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version: Date:Subject:From:Reply-To:Sender:To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TWGuL029YFpI5JUNkdTT+pX7ICTXX1auuPHwXMCc5co=; b=CKW5FUEiF/21/QrQT0fLy8Gktc ovrsx8hVhYmaDk0MnZ6R6T2WqRQSn7wUTsavBLdLOF/xGzbW2W1LRncDhJEGFstXhtgLzZ0JZF4pS rMS8ZzQKg0Pa+EhPieKWhbWMOLjFkFhttwG0M2jdZKVnSkmogbxXjOj657hJovIzkBzk=; Received: from [91.224.92.186] (helo=User) by server.clo.com.pk with esmtpa (Exim 4.93) (envelope-from ) id 1l9D8O-0008P4-Di; Tue, 09 Feb 2021 01:27:48 +0500 Reply-To: From: " Kim Leang" Subject: [SPAM] Good day ? Date: Mon, 8 Feb 2021 12:27:48 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 02:18:59 -0600 (CST) for IP:'165.22.58.77' DOMAIN:'[165.22.58.77]' HELO:'server.clo.com.pk' FROM:'test@clo.com.pk' RCPT:'' X-Greylist: Delayed for 83:47:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 02:18:59 -0600 (CST) X-Spam-Prev-Subject: Good day ? Status: R X-Status: X-Keywords: X-UID: 52 Greeting! I am contacting you to receive and share with me an abandoned fund ( $21,537.000.00 ) left in our bank by a deceased customer. I was going through the Internet search when I found your email address. My name is Mr. Kim Leang. I want to utilize this opportunity and make use of this fund if I should present your name to the bank to stand as his business associate/ trustee for the fund to be released to you via Visa card for easy withdrawals in any VISA ATM machine anywhere in the World. The bank will also give you international online transfer options. With these you can transfer the funds without any risk. Should you be interested in working with me in this project? Please reply back and let's benefit from this golden opportunity.You are my first contact.. I shall wait a few days and if I do not hear from you, I shall look for another person. Thanks and have a nice day, Mr. Kim Leang From contact@gmail.com Thu Feb 11 19:25:43 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=12.0 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_80,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,LOTS_OF_MONEY, LOTTO_AGENT,MAY_BE_FORGED,MILLION_USD,MONEY_NOHTML,NML_ADSP_CUSTOM_MED, RCVD_IN_SBL_CSS,SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,THIS_AD,US_DOLLARS_3 autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8880] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [37.49.225.253 listed in zen.spamhaus.org] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 MILLION_USD BODY: Talks about millions of dollars * 0.0 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 THIS_AD "This ad" and variants * 1.6 MONEY_NOHTML Lots of money in plain text * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.2 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 LOTTO_AGENT Claims Agent * 0.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US NL Received: from raven-engineering.com (hdd.yf7he8.cn [192.3.255.134] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11C1Pejt018160 for ; Thu, 11 Feb 2021 19:25:43 -0600 Received: from gmail.com (unknown [37.49.225.253]) (Authenticated sender: info) by raven-engineering.com (Postfix) with ESMTPA id 0FA3842659 for ; Thu, 11 Feb 2021 19:17:16 -0600 (CST) Reply-To: office@admntline.ml From: "World Health Organization" To: jhardin@impsec.org Subject: [SPAM] Covid 19 benefit Winner Date: 12 Feb 2021 02:17:15 +0100 Message-ID: <20210212021714.C3973DF4094FF6D7@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Feb 2021 19:25:43 -0600 (CST) for IP:'192.3.255.134' DOMAIN:'[192.3.255.134]' HELO:'raven-engineering.com' FROM:'contact@gmail.com' RCPT:'' X-Greylist: Delayed for 00:08:22 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Feb 2021 19:25:43 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11C1Pejt018160 X-Spam-Prev-Subject: Covid 19 benefit Winner Status: R X-Status: X-Keywords: X-UID: 53 Content-Length: 1747 World Health Organization Awards Department – Covid 19 Splash/Benefit Promotions 1 Dag Hammarskjold Plaza 885 Second Avenue, 26th floor New York, N.Y. 10017 United States of America BATCH REF: COVID/2020/836278263 This is to inform you that you have won a prize money of Two Million United States Dollars ($2,000,000.00) for the Covid 19, Prize Promotion which is Organized by Miller Foundation and WHO. WHO collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo, Aol, Gmail and Hotmail and few from other email providers because Miller Foundation want to give out funds to small business companies to benefit from there foundation project. Fifty people are randomly selected monthly to benefit from this promotion and you are one of the Selected Winners. PAYMENT OF PRIZE AND CLAIM Winners shall be paid in accordance with his/her Settlement Center. WHO Covid 19 Award must be claimed not later than 60 days from date of Draw Notification. Any Prize not claimed within this period will be forfeited. Stated below are your identification numbers: Depositor: Miller Foundation. BATCH NUMBER: Covid/07-436716. REFERENCE NUMBER: 20207493100. PIN: 9060. These numbers fall within your Location file, you are requested to contact our fiduciary agent in New York and send your winning identification numbers to him; He shall immediately commence the process that will facilitate the release of your fund to you. Note that after verification of your funds with the processing officer, he will appoint an officer to meet with you in person for the release of your funds Congratulations!! Once again. Yours in service Dr. Martin Bay (Publicity Secretary) From kasimachma@gmail.com Fri Feb 12 10:56:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) * [161.35.232.202 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11CGuJdd026865 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 10:56:22 -0600 Received: from 89-200-45-179.mobile.kpn.net ([89.200.45.179] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAbjA-0000Y6-43; Fri, 12 Feb 2021 16:55:32 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Fri, 12 Feb 2021 17:55:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210211-4, 11/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 10:56:22 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 08:21:49 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 10:56:22 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11CGuJdd026865 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 54 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Fri Feb 12 10:56:43 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) * [161.35.232.202 listed in wl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11CGuda4026880 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 10:56:43 -0600 Received: from 89-200-45-179.mobile.kpn.net ([89.200.45.179] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAbjO-0000aH-LB; Fri, 12 Feb 2021 16:55:46 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Fri, 12 Feb 2021 17:55:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210211-4, 11/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 10:56:43 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 08:22:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 10:56:43 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11CGuda4026880 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 55 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Fri Feb 12 12:10:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) * [161.35.232.202 listed in wl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11CIADTR035105 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 12:10:17 -0600 Received: from 89-200-45-179.mobile.kpn.net ([89.200.45.179] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAcsj-0004TL-Pa; Fri, 12 Feb 2021 18:09:29 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Fri, 12 Feb 2021 19:09:29 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210211-4, 11/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 12:10:17 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 08:01:18 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 12:10:17 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11CIADTR035105 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 56 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Fri Feb 12 14:01:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) * [161.35.232.202 listed in wl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11CK1IAj043981 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 14:01:22 -0600 Received: from 89-200-45-179.mobile.kpn.net ([89.200.45.179] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAecV-0006rp-MQ; Fri, 12 Feb 2021 20:00:51 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Fri, 12 Feb 2021 21:00:50 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210212-16, 12/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 14:01:22 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 07:21:55 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 14:01:22 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11CK1IAj043981 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 57 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Fri Feb 12 20:16:41 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_RNBL, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) * [161.35.232.202 listed in wl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11D2Gbmt032167 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 20:16:41 -0600 Received: from 31-161-150-247.mobile.kpn.net ([31.161.150.247] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAkT9-0005Bh-C5; Sat, 13 Feb 2021 02:15:35 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Sat, 13 Feb 2021 03:15:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210212-16, 12/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 20:16:41 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 20:16:41 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11D2Gbmt032167 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 58 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Fri Feb 12 23:10:12 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [161.35.232.202 listed in wl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11D5A4i6001548 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Feb 2021 23:10:12 -0600 Received: from 31-161-150-247.mobile.kpn.net ([31.161.150.247] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAn5Z-0001KL-Cx; Sat, 13 Feb 2021 05:03:25 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Sat, 13 Feb 2021 06:03:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210212-16, 12/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 23:10:12 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Feb 2021 23:10:12 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11D5A4i6001548 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 59 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sat Feb 13 02:32:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.5 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11D8WAhD019119 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 13 Feb 2021 02:32:17 -0600 Received: from 31-161-150-247.mobile.kpn.net ([31.161.150.247] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAqLB-0005WI-KY; Sat, 13 Feb 2021 08:31:45 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Sat, 13 Feb 2021 09:31:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210212-16, 12/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Feb 2021 02:32:17 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Feb 2021 02:32:17 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11D8WAhD019119 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 60 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sat Feb 13 02:32:19 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.232.202 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.5 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yanghoseok5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from sonjokomz.com ([161.35.232.202]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11D8WFfw019122 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 13 Feb 2021 02:32:19 -0600 Received: from 31-161-150-247.mobile.kpn.net ([31.161.150.247] helo=User) by sonjokomz.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lAqL6-0005VE-7m; Sat, 13 Feb 2021 08:31:40 +0000 Reply-To: From: "MR Ho-Seok Yang" Subject: [SPAM] working together Date: Sat, 13 Feb 2021 09:31:38 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210212-16, 12/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Feb 2021 02:32:19 -0600 (CST) for IP:'161.35.232.202' DOMAIN:'[161.35.232.202]' HELO:'sonjokomz.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Feb 2021 02:32:19 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11D8WFfw019122 X-Spam-Prev-Subject: working together Status: R X-Status: X-Keywords: X-UID: 61 Good Day I am Ho-Seok Yang,my principals wish, to make huge financial investment in your home country Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick response yanghoseok5@gmail.com Best Regards, Ho-Seok Yang. -- This email has been checked for viruses by AVG. https://www.avg.com From jhardin@impsec.org Sat Feb 13 20:29:56 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 13057 invoked by uid 99); 13 Feb 2021 23:29:45 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Feb 2021 23:29:45 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id D9F2DC0116 for ; Sat, 13 Feb 2021 23:29:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.562 X-Spam-Level: *** X-Spam-Status: No, score=3.562 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HK_NAME_MR_MRS=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.2, MIME_HTML_ONLY=0.3, RDNS_NONE=3, SPF_PASS=-0.001, T_EMRCP=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=vhhost.com.br Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id PsCnwKgE_gSr for ; Sat, 13 Feb 2021 23:29:44 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=162.241.90.169; helo=vps.vhhost.com.br; envelope-from=sistemas@vhhost.com.br; receiver= Received: from vps.vhhost.com.br (unknown [162.241.90.169]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id E22D97F7A4 for ; Sat, 13 Feb 2021 23:29:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=vhhost.com.br; s=default; h=MIME-Version:Date:Content-Transfer-Encoding: Message-ID:Subject:Reply-To:To:From:Content-Type:Sender:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=HxvPcoX26hilvKObnB+FZQk5Qjx9J8N2I3RfRgr56YM=; b=MqRZ7vPhH+Ko59/p/Y+nsDAoVi Ml6ZAES2uj6IIKaHXLHdEZ2SKdbdGbgjbnscptW3q/DOME954Jxd81psqbaid7J3YpP/53QPDur8z gOoqmYEy90UyhON4RzujoyDAQP2Xj+jfpyyy6SVIQGfGQWHoTwA9VNRAz6driJIII0E1osph4zLUo oLw37de2DfIgcWhaxCmOa5O5PYrmtTivje/HVhrnXKQz/gQYNXlXcXg5oVB1hkNOcStfwvOzEe2zy ZcgXrND/sWUFh3txSjfUJRTaJ9W9Opg36ZMqJ7UUQX58OtwnFFFsQAt47eQcMZPPxiZNMaxOcFi3g XvUbI6lA==; Received: from [185.111.157.64] (port=37664 helo=mail.vhhost.com.br) by vps.vhhost.com.br with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1lB4M7-0004bJ-IL for users@spamassassin.apache.org; Sat, 13 Feb 2021 20:29:39 -0300 Content-Type: text/html Replyto: ydoo974@gmail.com From: "Mr. Yusin 956592533470" To: users@spamassassin.apache.org Reply-To: ydoo974@gmail.com Subject: =?utf-8?B?UGFydG5lcnNoaXAgcmVxdWVzdC4gLSBSZWY6IDkwNTI1MDg2NDcyMSAtOiBTYXR1cmRheSwgRmVicnVhcnkgMTMsIDIwMjEgMjA6Mjg6Mjc=?= Message-ID: X-Priority: 1 (Highest) X-Msmail-Priority: High Importance: High Content-Transfer-Encoding: quoted-printable Date: Sat, 13 Feb 2021 20:29:56 +0000 MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.vhhost.com.br X-AntiAbuse: Original Domain - spamassassin.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - vhhost.com.br X-Get-Message-Sender-Via: vps.vhhost.com.br: authenticated_id: sistemas@vhhost.com.br X-Authenticated-Sender: vps.vhhost.com.br: sistemas@vhhost.com.br X-Source: X-Source-Args: X-Source-Dir: Status: X-Status: X-Keywords: X-UID: 62 Content-Length: 2753


##- 4vWXF3637DMdtjJ4svJEZ Please 4vWXF3637DMdtjJ4svJEZ type your = 4vWXF3637DMdtjJ4svJEZ reply above 4vWXF3637DMdtjJ4svJEZ this = 4vWXF3637DMdtjJ4svJEZ line -##

Hello,=


At Fidelity Investment International;

The World's Largest Fund Management Company with over USD 1.2 Trillion = Capital Investment Fund. Nevertheless, as The Fidelity Fund Manager,

I handle all our Investor's Direct Capital Funds and secretly extracted = 1.2% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the = Investor's Marginal Capital Fund. As an expert, I have made substantial = profit from the Investor's EMRCP and hereby looking for a trust company or = an agent who will stand as an investor to receive the fund as annual = investment proceeds from Fidelity Marginal Capital Fund.

It is good to know that I have worked out the modalities and = technicalities whereby the fund can be requested for in any of our 6 = clearing houses without any hitches. All confirm-able documents to = ascertain our request (should the clearing house ask for them) will be made= available to you.

Waiting for your reply,
Yusin

www.fidelity.co.uk Fidelity = Brokerage Services LLC
Best ISAs, SIPPs and Funds - Fidelity Worldwide = Investment
www.fidelity.co.= uk

From office2@gmail.com Tue Feb 16 12:40:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************** X-Spam-Status: Yes, score=20.3 required=5.0 tests=BAYES_80, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_NOHTML, NML_ADSP_CUSTOM_MED,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_TW, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOF_GMAIL_MID autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8585] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_TW Relayed via Taiwan * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [37.49.225.253 listed in zen.spamhaus.org] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [59.124.102.190 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [office2[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [office2[at]gmail.com] * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.2 MONEY_NOHTML Lots of money in plain text * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... X-Spam-Relay-Country: TW NL Received: from msa.tungya.com.tw (mail.tungya.com [59.124.102.190]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11GIefkN013008 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 16 Feb 2021 12:40:46 -0600 Received: from gmail.com ([37.49.225.253]) (authenticated bits=0) by msa.tungya.com.tw (8.14.7/8.14.7) with ESMTP id 11GHBYNV028109 for ; Wed, 17 Feb 2021 01:11:53 +0800 Reply-To: office@admntline.ml From: "FWS BHC" To: jhardin@impsec.org Subject: [SPAM] Can we discuss? Date: 16 Feb 2021 18:11:52 +0100 Message-ID: <20210216181151.D725BF21E83C7166@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Feb 2021 12:40:46 -0600 (CST) for IP:'59.124.102.190' DOMAIN:'mail.tungya.com' HELO:'msa.tungya.com.tw' FROM:'office2@gmail.com' RCPT:'' X-Greylist: Delayed for 01:28:39 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Feb 2021 12:40:46 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11GIefkN013008 X-Spam-Prev-Subject: Can we discuss? Status: R X-Status: X-Keywords: X-UID: 63 I want to discuss a business with you. I am having your business complementary card. Can we discuss? I have a sick politician partner by Name Mr.Miller from czech republic, he is having alot of money to invest for the future of his little kids and i don't know anything about investment. we are willing to invest $50 million in area of Investment interest: Oil & Gas, Agriculture, Aviation, Tourism, Retail, Real Estate & Construction, IT & Communications, Engineering, Utilities, Telecoms, Mining, Maritime Sector and Entertainment industries. Purpose of Funds: LONG TERM INVESTMENT ( at least for a period of 10 years ) Thanks Afeez From mrs.jacqueline_mars021@mail.com Wed Feb 17 19:15:36 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************************** X-Spam-Status: Yes, score=39.7 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_OUTLOOK_TAGS,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL,FROM_MISSP_XPRIO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,MALFORMED_FREEMAIL,MIME_HTML_ONLY, MISSING_HEADERS,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_FAIL, SPF_HELO_NONE,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [210.87.250.171 listed in bl.score.senderscore.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [220.246.37.164 listed in zen.spamhaus.org] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [210.87.250.171 listed in bl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [210.87.250.171 listed in list.dnswl.org] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrs.jacqueline_mars021[at]mail.com] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [revfrankjackson91[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=mrs.jacqueline_mars021%40mail.com;ip=210.87.250.171;r=ga.impsec.org] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mrs.jacqueline_mars021[at]mail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.5 HK_NAME_FM_MR_MRS No description available. * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 2.0 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML * tag * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.6 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: HK HK HK Received: from imsantv71.netvigator.com (imsantv71.netvigator.com [210.87.250.171]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11I1FVXF008279 for ; Wed, 17 Feb 2021 19:15:35 -0600 Received: from ybironout1a.netvigator.com (ybironout1a.netvigator.com [210.87.250.16]) by imsantv71.netvigator.com (8.14.4/8.14.4) with ESMTP id 11I10i0d032369; Thu, 18 Feb 2021 09:00:44 +0800 Message-Id: <202102180100.11I10i0d032369@imsantv71.netvigator.com> X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D//wD6ui1g/6Ql9txigRCBSjwDE2CBU?= =?us-ascii?q?IEbEhuDWTiLcw2CNTqCJAFKAYhDggaGZ4EDBAGBDAKHRBOBaAsBAQEUASsBAgQ?= =?us-ascii?q?BAVE1g2cFgWkBFBFLEgIFAwIBBgRxhW5DFgGFYgMQBAEBAQIXBwoCIAEFJwIIA?= =?us-ascii?q?gEGAQYDDgYiFwEEEQUBAwsBOwECAgEBSoIRglQBAS8GAZtIkR2BcoExDQ2FLII?= =?us-ascii?q?eEhEECoEcAYI/mR8BEgGDOBIBJYImg3WBdxqBSQEBAYVNlitXm3IBBgEBAoJ1B?= =?us-ascii?q?odxl3CKSYE4hCMDg0wOASWBN4oihjyKLaJhg3qBIwxncHCBbgolgVsRhUKXbCN?= =?us-ascii?q?9CXQIEgEKAYcfgnxeAQ?= X-IronPort-AV: E=Sophos;i="5.81,185,1610380800"; d="scan'208";a="226917157" Received: from unknown (HELO User) ([220.246.37.164]) by ybironout1v2.netvigator.com with SMTP; 18 Feb 2021 09:00:29 +0800 Reply-To: From: "Mrs. Jacqueline Mars" Subject: [SPAM] Attention Good Friend Date: Wed, 17 Feb 2021 17:00:34 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 17 Feb 2021 19:15:36 -0600 (CST) for IP:'210.87.250.171' DOMAIN:'imsantv71.netvigator.com' HELO:'imsantv71.netvigator.com' FROM:'mrs.jacqueline_mars021@mail.com' RCPT:'' X-Greylist: Delayed for 00:13:08 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 17 Feb 2021 19:15:36 -0600 (CST) X-Spam-Prev-Subject: Attention Good Friend Status: R X-Status: X-Keywords: X-UID: 64 Good day , Did you receive my previous email ? I have been waiting for your reply but none came through . I await your response regarding my previous email . Please Reply Mrs. Jacqueline Mars From noreply@seawardems-dev.com Thu Feb 18 09:17:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.5 required=5.0 tests=BAYES_80,DATE_IN_PAST_06_12, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HELO_DYNAMIC_SPLIT_IP,HK_NAME_MR_MRS,HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_PSBL,RDNS_DYNAMIC,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_PASS, TVD_RCVD_IP,T_EMRCP,URIBL_DBL_SPAM autolearn=disabled version=3.4.4 X-Spam-Report: * 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL * blocklist * [URIs: seawardems-dev.com] * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8618] * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname * (Split IP) * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 TVD_RCVD_IP Message was received from an IP address * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [94.229.167.116 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [94.229.167.116 listed in bl.mailspike.net] * 1.5 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ydoo974[at]gmail.com] * 0.0 T_EMRCP BODY: "Excess Maximum Return Capital Profit" scam * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or * identical to background * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: GB US Received: from 94.229.167.116.srvlist.ukfast.net (94.229.167.116.srvlist.ukfast.net [94.229.167.116]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11IFHhMD007594 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Feb 2021 09:17:47 -0600 Received: from seawardems-dev.com (unknown [74.208.31.47]) by 94.229.167.116.srvlist.ukfast.net (Postfix) with ESMTPSA id 750998AEE8 for ; Thu, 18 Feb 2021 08:57:05 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seawardems-dev.com; s=default; t=1613638634; bh=rJvB6Ys5kfJZ/GnIh9FTu597umdliYxDPpKWzF+KGAY=; l=2672; h=From:To:Subject; b=FREvDYHN6zFrHwYqYlu0i9SrjHblREyyMIfPgOyRDgf3zqIls7djrCuHla47VVwNv vUvuGtc8KHeX+kNklbdll0v8bb233SC8jya3s8plgYSL4ouXLnkcOwj9deIP3PBxRb ekr07mIfLK8Xe4xK7RkrtILbPDCRtdFJffgnn/g0= Authentication-Results: 94.229.167.116.srvlist.ukfast.net; spf=pass (sender IP is 74.208.31.47) smtp.mailfrom=noreply@seawardems-dev.com smtp.helo=seawardems-dev.com Received-SPF: pass (94.229.167.116.srvlist.ukfast.net: connection is authenticated) Content-Type: text/html Replyto: ydoo974@gmail.com From: "Mr. Yusin 259501943000" To: jhardin@impsec.org Reply-To: ydoo974@gmail.com Subject: [SPAM] =?utf-8?B?UGFydG5lcnNoaXAgcmVxdWVzdC4gLSBSZWY6IDc5MzMxOTEwOTcwNSAtOiBUaHVyc2RheSwgRmVicnVhcnkgMTgsIDIwMjEgMjoyODo4?= Message-ID: <3d0ec775-4c30-9084-ff92-662d9db52541@seawardems-dev.com> X-Priority: 1 (Highest) X-Msmail-Priority: High Importance: High Content-Transfer-Encoding: quoted-printable Date: Thu, 18 Feb 2021 02:29:33 +0000 MIME-Version: 1.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 09:17:47 -0600 (CST) for IP:'94.229.167.116' DOMAIN:'94.229.167.116.srvlist.ukfast.net' HELO:'94.229.167.116.srvlist.ukfast.net' FROM:'noreply@seawardems-dev.com' RCPT:'' X-Greylist: Delayed for 05:11:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 09:17:47 -0600 (CST) X-Spam-Prev-Subject: Status: R X-Status: X-Keywords: X-UID: 65 Content-Length: 2730

##- T5lKACJoWthVSVhMQRYwG Please T5lKACJoWthVSVhMQRYwG type your = T5lKACJoWthVSVhMQRYwG reply above T5lKACJoWthVSVhMQRYwG this = T5lKACJoWthVSVhMQRYwG line -##

Hello,=


At Fidelity Investment International;

The World's Largest Fund Management Company with over USD 1.2 Trillion = Capital Investment Fund. Nevertheless, as The Fidelity Fund Manager,

I handle all our Investor's Direct Capital Funds and secretly extracted = 1.2% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the = Investor's Marginal Capital Fund. As an expert, I have made substantial = profit from the Investor's EMRCP and hereby looking for a trust company or = an agent who will stand as an investor to receive the fund as annual = investment proceeds from Fidelity Marginal Capital Fund.

It is good to know that I have worked out the modalities and = technicalities whereby the fund can be requested for in any of our 6 = clearing houses without any hitches. All confirm-able documents to = ascertain our request (should the clearing house ask for them) will be made= available to you.

Waiting for your reply,
Yusin

www.fidelity.co.uk Fidelity = Brokerage Services LLC
Best ISAs, SIPPs and Funds - Fidelity Worldwide = Investment
www.fidelity.co.= uk

From noreply@seawardems-dev.com Thu Feb 18 13:17:16 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.9 required=5.0 tests=BAYES_80,DATE_IN_PAST_03_06, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HELO_DYNAMIC_SPLIT_IP,HK_NAME_MR_MRS,HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RDNS_DYNAMIC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP,T_EMRCP,URIBL_DBL_SPAM, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL * blocklist * [URIs: seawardems-dev.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9327] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [94.229.167.116 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [94.229.167.116 listed in bl.mailspike.net] * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname * (Split IP) * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 TVD_RCVD_IP Message was received from an IP address * -0.0 SPF_PASS SPF: sender matches SPF record * 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ydoo974[at]gmail.com] * 0.0 T_EMRCP BODY: "Excess Maximum Return Capital Profit" scam * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or * identical to background * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: GB US Received: from 94.229.167.116.srvlist.ukfast.net (94.229.167.116.srvlist.ukfast.net [94.229.167.116]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11IJHCEt027966 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Feb 2021 13:17:16 -0600 Received: from seawardems-dev.com (unknown [74.208.31.47]) by 94.229.167.116.srvlist.ukfast.net (Postfix) with ESMTPSA id 9F3DB1464D for ; Thu, 18 Feb 2021 06:39:12 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seawardems-dev.com; s=default; t=1613630352; bh=kND2+a4bmthGhNKxG8otDuhaU0r/lPUkuydXeYDMgbQ=; l=2672; h=From:To:Subject; b=ZYhbrFddc4OmewdJm4BjbM5IPQNAggR7/Xtk10cf4M0Vpph6X7y0sDuj2Lwec//oB U4zyuBnnN4HLuKPZ/ZiZGXd8cRIST6B/cjXjDvCYiJEyCgPOXJNy3r0zEJPzhuttuv 4TUxzlsRK/RNQs/i3DHPt8E5rpIjXUZ8jQ6DU4yU= Authentication-Results: 94.229.167.116.srvlist.ukfast.net; spf=pass (sender IP is 74.208.31.47) smtp.mailfrom=noreply@seawardems-dev.com smtp.helo=seawardems-dev.com Received-SPF: pass (94.229.167.116.srvlist.ukfast.net: connection is authenticated) Content-Type: text/html Replyto: ydoo974@gmail.com From: "Mr. Yusin 455662619990" To: esa-l-request@impsec.org Reply-To: ydoo974@gmail.com Subject: [SPAM] =?utf-8?B?UGFydG5lcnNoaXAgcmVxdWVzdC4gLSBSZWY6IDcwNzczODM0MjAzNiAtOiBUaHVyc2RheSwgRmVicnVhcnkgMTgsIDIwMjEgMjoyNzo1MQ==?= Message-ID: <89d1e4a9-8c96-d6a8-929f-5e8405c47ac9@seawardems-dev.com> X-Priority: 1 (Highest) X-Msmail-Priority: High Importance: High Content-Transfer-Encoding: quoted-printable Date: Thu, 18 Feb 2021 02:29:26 +0000 MIME-Version: 1.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 13:17:16 -0600 (CST) for IP:'94.229.167.116' DOMAIN:'94.229.167.116.srvlist.ukfast.net' HELO:'94.229.167.116.srvlist.ukfast.net' FROM:'noreply@seawardems-dev.com' RCPT:'' X-Greylist: Delayed for 11:24:37 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 13:17:16 -0600 (CST) X-Spam-Prev-Subject: Status: R X-Status: X-Keywords: X-UID: 66 Content-Length: 2730

##- RrwgJk7dtOMsPDo06MSoW Please RrwgJk7dtOMsPDo06MSoW type your = RrwgJk7dtOMsPDo06MSoW reply above RrwgJk7dtOMsPDo06MSoW this = RrwgJk7dtOMsPDo06MSoW line -##

Hello,=


At Fidelity Investment International;

The World's Largest Fund Management Company with over USD 1.2 Trillion = Capital Investment Fund. Nevertheless, as The Fidelity Fund Manager,

I handle all our Investor's Direct Capital Funds and secretly extracted = 1.2% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the = Investor's Marginal Capital Fund. As an expert, I have made substantial = profit from the Investor's EMRCP and hereby looking for a trust company or = an agent who will stand as an investor to receive the fund as annual = investment proceeds from Fidelity Marginal Capital Fund.

It is good to know that I have worked out the modalities and = technicalities whereby the fund can be requested for in any of our 6 = clearing houses without any hitches. All confirm-able documents to = ascertain our request (should the clearing house ask for them) will be made= available to you.

Waiting for your reply,
Yusin

www.fidelity.co.uk Fidelity = Brokerage Services LLC
Best ISAs, SIPPs and Funds - Fidelity Worldwide = Investment
www.fidelity.co.= uk

From noreply@seawardems-dev.com Thu Feb 18 14:17:28 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.3 required=5.0 tests=BAYES_80,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HELO_DYNAMIC_SPLIT_IP,HK_NAME_MR_MRS, HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RDNS_DYNAMIC,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_PASS, TVD_RCVD_IP,T_EMRCP,URIBL_DBL_SPAM autolearn=disabled version=3.4.4 X-Spam-Report: * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [94.229.167.116 listed in psbl.surriel.com] * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9312] * 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL * blocklist * [URIs: seawardems-dev.com] * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname * (Split IP) * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 TVD_RCVD_IP Message was received from an IP address * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ydoo974[at]gmail.com] * 0.0 T_EMRCP BODY: "Excess Maximum Return Capital Profit" scam * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [94.229.167.116 listed in bl.mailspike.net] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or * identical to background * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: GB US Received: from 94.229.167.116.srvlist.ukfast.net (94.229.167.116.srvlist.ukfast.net [94.229.167.116]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11IKHO4W033036 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Feb 2021 14:17:28 -0600 Received: from seawardems-dev.com (unknown [74.208.31.47]) by 94.229.167.116.srvlist.ukfast.net (Postfix) with ESMTPSA id 471AC2C7DE for ; Thu, 18 Feb 2021 03:36:39 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seawardems-dev.com; s=default; t=1613619400; bh=gbaWcGfQVdQK+LOp/AjyRPbzpaRx6ZV6FoHiOZwWvdU=; l=2672; h=From:To:Subject; b=snnSqCRbej2razQdJTdR/k4Rkrk/ASsN8zC33tT5t73Wyd1l73KgbsPB+LEtkckMJ LywbnO69SlcQ0YLq4cFrBID0VbgxXNnXA1oXeikgt8VhKyYCFbHT7SssWO5pjGwl+C gJGHJ6REsgzGIvhG7bhsI7Z+ag+k+Pr906eMyq7M= Authentication-Results: 94.229.167.116.srvlist.ukfast.net; spf=pass (sender IP is 74.208.31.47) smtp.mailfrom=noreply@seawardems-dev.com smtp.helo=seawardems-dev.com Received-SPF: pass (94.229.167.116.srvlist.ukfast.net: connection is authenticated) Content-Type: text/html Replyto: ydoo974@gmail.com From: "Mr. Yusin 405502706603" To: postmaster@impsec.org Reply-To: ydoo974@gmail.com Subject: [SPAM] =?utf-8?B?UGFydG5lcnNoaXAgcmVxdWVzdC4gLSBSZWY6IDkxMzk4ODIwNDc4MSAtOiBUaHVyc2RheSwgRmVicnVhcnkgMTgsIDIwMjEgMjoyNzoxOQ==?= Message-ID: <342b2fed-fd5c-a61a-6350-6aa6c9680721@seawardems-dev.com> X-Priority: 1 (Highest) X-Msmail-Priority: High Importance: High Content-Transfer-Encoding: quoted-printable Date: Thu, 18 Feb 2021 02:29:14 +0000 MIME-Version: 1.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 14:17:28 -0600 (CST) for IP:'94.229.167.116' DOMAIN:'94.229.167.116.srvlist.ukfast.net' HELO:'94.229.167.116.srvlist.ukfast.net' FROM:'noreply@seawardems-dev.com' RCPT:'' X-Greylist: Delayed for 16:15:15 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 14:17:28 -0600 (CST) X-Spam-Prev-Subject: Status: R X-Status: X-Keywords: X-UID: 67 Content-Length: 2730

##- aJashemtjUAT2OZrIdLBc Please aJashemtjUAT2OZrIdLBc type your = aJashemtjUAT2OZrIdLBc reply above aJashemtjUAT2OZrIdLBc this = aJashemtjUAT2OZrIdLBc line -##

Hello,=


At Fidelity Investment International;

The World's Largest Fund Management Company with over USD 1.2 Trillion = Capital Investment Fund. Nevertheless, as The Fidelity Fund Manager,

I handle all our Investor's Direct Capital Funds and secretly extracted = 1.2% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the = Investor's Marginal Capital Fund. As an expert, I have made substantial = profit from the Investor's EMRCP and hereby looking for a trust company or = an agent who will stand as an investor to receive the fund as annual = investment proceeds from Fidelity Marginal Capital Fund.

It is good to know that I have worked out the modalities and = technicalities whereby the fund can be requested for in any of our 6 = clearing houses without any hitches. All confirm-able documents to = ascertain our request (should the clearing house ask for them) will be made= available to you.

Waiting for your reply,
Yusin

www.fidelity.co.uk Fidelity = Brokerage Services LLC
Best ISAs, SIPPs and Funds - Fidelity Worldwide = Investment
www.fidelity.co.= uk

From noreply@seawardems-dev.com Thu Feb 18 19:01:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.9 required=5.0 tests=BAYES_80,DATE_IN_PAST_03_06, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HELO_DYNAMIC_SPLIT_IP,HK_NAME_MR_MRS,HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RDNS_DYNAMIC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP,T_EMRCP,URIBL_DBL_SPAM, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL * blocklist * [URIs: seawardems-dev.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9327] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [94.229.167.116 listed in psbl.surriel.com] * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname * (Split IP) * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [94.229.167.116 listed in bl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ydoo974[at]gmail.com] * 0.0 T_EMRCP BODY: "Excess Maximum Return Capital Profit" scam * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or * identical to background * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: GB US Received: from 94.229.167.116.srvlist.ukfast.net (94.229.167.116.srvlist.ukfast.net [94.229.167.116]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11J10rpn010483 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Feb 2021 19:01:00 -0600 Received: from seawardems-dev.com (unknown [74.208.31.47]) by 94.229.167.116.srvlist.ukfast.net (Postfix) with ESMTPSA id 836B314789 for ; Thu, 18 Feb 2021 06:39:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seawardems-dev.com; s=default; t=1613630362; bh=QjY5uNY6m/QGEvdZMRw2KraPH8M9o2pdwKPLaMxJot8=; l=2672; h=From:To:Subject; b=gaeOjCz8cBFLAfQCKTqoZTNHd4PqxQKvDGML+rjs4nl7S14GZF8RjhXTyVrvUJAOa 8a+dT6HoYcb1OewCD3cdaSOsSblxFj/bNlJ+TEtPf7aJYMOH8K3Y0nh+vrDkSR1Vvq nI9aHS0rZw7aWNPSvDK87rn/SWG00jFpQsIoEVO0= Authentication-Results: 94.229.167.116.srvlist.ukfast.net; spf=pass (sender IP is 74.208.31.47) smtp.mailfrom=noreply@seawardems-dev.com smtp.helo=seawardems-dev.com Received-SPF: pass (94.229.167.116.srvlist.ukfast.net: connection is authenticated) Content-Type: text/html Replyto: ydoo974@gmail.com From: "Mr. Yusin 341057888491" To: esd-l-request@impsec.org Reply-To: ydoo974@gmail.com Subject: [SPAM] =?utf-8?B?UGFydG5lcnNoaXAgcmVxdWVzdC4gLSBSZWY6IDcyMjA3NTA4MjE4NSAtOiBUaHVyc2RheSwgRmVicnVhcnkgMTgsIDIwMjEgMjoyNzo1MQ==?= Message-ID: X-Priority: 1 (Highest) X-Msmail-Priority: High Importance: High Content-Transfer-Encoding: quoted-printable Date: Thu, 18 Feb 2021 02:29:26 +0000 MIME-Version: 1.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 19:01:01 -0600 (CST) for IP:'94.229.167.116' DOMAIN:'94.229.167.116.srvlist.ukfast.net' HELO:'94.229.167.116.srvlist.ukfast.net' FROM:'noreply@seawardems-dev.com' RCPT:'' X-Greylist: Delayed for 17:37:08 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 19:01:01 -0600 (CST) X-Spam-Prev-Subject: Status: R X-Status: X-Keywords: X-UID: 68 Content-Length: 2730

##- u74rZeAj42FD6NssozGbs Please u74rZeAj42FD6NssozGbs type your = u74rZeAj42FD6NssozGbs reply above u74rZeAj42FD6NssozGbs this = u74rZeAj42FD6NssozGbs line -##

Hello,=


At Fidelity Investment International;

The World's Largest Fund Management Company with over USD 1.2 Trillion = Capital Investment Fund. Nevertheless, as The Fidelity Fund Manager,

I handle all our Investor's Direct Capital Funds and secretly extracted = 1.2% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the = Investor's Marginal Capital Fund. As an expert, I have made substantial = profit from the Investor's EMRCP and hereby looking for a trust company or = an agent who will stand as an investor to receive the fund as annual = investment proceeds from Fidelity Marginal Capital Fund.

It is good to know that I have worked out the modalities and = technicalities whereby the fund can be requested for in any of our 6 = clearing houses without any hitches. All confirm-able documents to = ascertain our request (should the clearing house ask for them) will be made= available to you.

Waiting for your reply,
Yusin

www.fidelity.co.uk Fidelity = Brokerage Services LLC
Best ISAs, SIPPs and Funds - Fidelity Worldwide = Investment
www.fidelity.co.= uk

From soporte@beton.cat Thu Feb 18 23:42:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.4 required=5.0 tests=ADVANCE_FEE_4_NEW_FRM_MNY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,BIGNUM_EMAILS_FREEM, DEAR_BENEFICIARY,FILL_THIS_FORM,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_OUTLOOK_TAGS,FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_SPF_FAIL,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,LOTTO_DEPT,MIME_HTML_ONLY, MISSING_HEADERS,MONEY_FORM,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL, RDNS_NONE,RELAY_COUNTRY_BR,RELAY_COUNTRY_KR,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_FILL_THIS_FORM_LOAN autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP * address * [218.38.170.50 listed in dnsbl.sorbs.net] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.5 RELAY_COUNTRY_KR Relayed via Korea * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [218.38.170.50 listed in bl.score.senderscore.com] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [218.38.170.50 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [218.38.170.50 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=soporte%40beton.cat;ip=218.38.170.50;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.7 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.0 BIGNUM_EMAILS_FREEM Lots of email addresses/leads, free email * account * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 LOTTO_DEPT Claims Department * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 1.4 MONEY_FORM Lots of money if you fill out a form * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 1.1 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 2.8 MONEY_FRAUD_5 Lots of money and many fraud phrases * 2.8 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: KR BR Received: from xvl.senwd.com ([218.38.170.50]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11J5ggxf035435 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 18 Feb 2021 23:42:46 -0600 Message-Id: <202102190542.11J5ggxf035435@ga.impsec.org> Received: from User (unknown [45.229.102.56]) by xvl.senwd.com (Postfix) with SMTP id A7F4A30623D0E; Fri, 19 Feb 2021 05:57:09 +0900 (KST) Reply-To: From: "BMW LOTTERY HEAD QUARTER." Subject: [SPAM] Dear Beneficiary, Date: Thu, 18 Feb 2021 17:57:33 -0300 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 23:42:46 -0600 (CST) for IP:'218.38.170.50' DOMAIN:'[218.38.170.50]' HELO:'xvl.senwd.com' FROM:'soporte@beton.cat' RCPT:'' X-Greylist: Delayed for 06:18:38 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Feb 2021 23:42:46 -0600 (CST) X-Spam-Prev-Subject: Dear Beneficiary, Status: R X-Status: X-Keywords: X-UID: 69 Content-Length: 2411
BMW LOTTERY HEAD QUARTER.
4011 20TH STREET E
TACOMA, WA 98424
UNITED STATES OF AMERICA.
EMAIL:  brandy.heavenscenttt@gmail.com
 
 
Dear Beneficiary,
 
This is to inform you that you have been selected for a prize of a brand new 2020 Model BMW Hydrogen 7 Series Car, Apple laptop and a Check of $1.500 000.00 USD from the international balloting programs held on the 1st section 2020 in UNITED STATE OF AMERICA.
 
The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250 000 email addresses drawn from all the continents of the world which you were selected.
 
 
The BMW Lottery is approved by the British Gaming Board and also licensed by the International Association of Gaming Regulators (IAGR). To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to the claim of your prize.
BMW LOTTERY HEAD QUARTER.
Emaila: lbrandy.heavenscenttt@gmail.com
 
Contact him by providing him with your secret pin code Number BMW: 0011185003/25. You are also advised to provide him with the under listed information as soon as possible:
 
1. Name in Full:
2. Residential Address:
3. Nationality:
4. Age:
5. Occupation:
6. Direct Phone:
7. Present Country:
8. Email address:
9. Pin code Number BMW: 0011185003/25
 
THE DIRECTOR PROMOTIONS
BMW LOTTERY HEAD QUARTER.
UNITED STATES OF AMERICA
NOTE: If you received this message in your SPAM/BULK folder that is because of the restrictions implemented by your Internet Service Provider we (BMW) urge you to treat it genuinely and kindly move it to your inbox.
 From tougao@xilu.com Fri Feb 19 12:58:25 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************** X-Spam-Status: Yes, score=38.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RDNS_NONE,RELAY_COUNTRY_CN, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_YN,SPAM_BOOSTER_13,SPF_HELO_NONE, SPF_NONE,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_YN Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_CN Relayed via China * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [64.235.38.47 listed in zen.spamhaus.org] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [139.196.22.199 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN US Received: from mail.chinadim.com ([139.196.22.199]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 11JIwIsS030012 for ; Fri, 19 Feb 2021 12:58:24 -0600 Message-Id: <202102191858.11JIwIsS030012@ga.impsec.org> X-scanvirus: By EQAVSE AntiVirus Engine X-scanresult: NOREP X-MAILFROM: X-RCPTTO: X-FROMIP: 64.235.38.47 X-EQManager-Scaned: 1 X-EQAUTHUSER: tougao X-Received:santaclara-ca-datacenter.serverpoint.com,64.235.38.47,20210219205830 Received: from santaclara-ca-datacenter.serverpoint.com (HELO user) (tougao@64.235.38.47) by localhost with SMTP; 19 Feb 2021 12:58:30 -0000 Reply-To: From: "Mariacarmen Gutierrez" Subject: [SPAM] PLEASE TAKE NOTE! Date: Fri, 19 Feb 2021 04:58:31 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Feb 2021 12:58:25 -0600 (CST) for IP:'139.196.22.199' DOMAIN:'[139.196.22.199]' HELO:'mail.chinadim.com' FROM:'tougao@xilu.com' RCPT:'' X-Greylist: Delayed for 04:04:34 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Feb 2021 12:58:25 -0600 (CST) X-Spam-Prev-Subject: PLEASE TAKE NOTE! Status: R X-Status: X-Keywords: X-UID: 70 Hello friend! I would like to contact you personally for an important proposal that could of interest to you. I send this email only to know if this email address is functional. I have something very important to discuss with you. Contact me for details by: Email: fernrodyup1215@aol.com with your direct contacts. Kind regards. Maria Carmen Gutierrez From raywandyg@gmail.com Sat Feb 20 07:30:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KDU29f007994 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 07:30:06 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDSKe-000155-By; Sat, 20 Feb 2021 13:30:00 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 14:29:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-0, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 07:30:06 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 05:53:00 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 07:30:06 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KDU29f007994 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: X-UID: 71 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 07:30:31 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KDURJL008046 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 07:30:31 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDSKf-00015I-Js; Sat, 20 Feb 2021 13:30:01 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 14:30:00 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-0, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 07:30:31 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 05:53:02 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 07:30:31 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KDURJL008046 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: X-UID: 72 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 08:20:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KEJxYH012047 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 08:20:02 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDT6d-0006YQ-BO; Sat, 20 Feb 2021 14:19:35 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 15:19:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-0, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 08:20:02 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 05:24:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 08:20:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KEJxYH012047 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: X-UID: 73 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From tougao@xilu.com Sat Feb 20 09:27:54 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.2 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_RP_RNBL,RDNS_NONE,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_YN,SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_YN Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_CN Relayed via China * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [139.196.22.199 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN US Received: from mail.chinadim.com ([139.196.22.199]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 11KFRlfC017954 for ; Sat, 20 Feb 2021 09:27:54 -0600 Message-Id: <202102201527.11KFRlfC017954@ga.impsec.org> X-scanvirus: By EQAVSE AntiVirus Engine X-scanresult: NOREP X-MAILFROM: X-RCPTTO: X-FROMIP: 64.235.38.47 X-EQManager-Scaned: 1 X-EQAUTHUSER: tougao X-Received:santaclara-ca-datacenter.serverpoint.com,64.235.38.47,20210220225942 Received: from santaclara-ca-datacenter.serverpoint.com (HELO user) (tougao@64.235.38.47) by localhost with SMTP; 20 Feb 2021 14:59:42 -0000 Reply-To: From: "Mariacarmen Gutierrez" Subject: [SPAM] PLEASE TAKE NOTE! Date: Sat, 20 Feb 2021 06:59:42 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 09:27:54 -0600 (CST) for IP:'139.196.22.199' DOMAIN:'[139.196.22.199]' HELO:'mail.chinadim.com' FROM:'tougao@xilu.com' RCPT:'' X-Greylist: Delayed for 00:20:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 09:27:54 -0600 (CST) X-Spam-Prev-Subject: PLEASE TAKE NOTE! Status: R X-Status: X-Keywords: X-UID: 74 Hello friend! I would like to contact you personally for an important proposal that could of interest to you. I send this email only to know if this email address is functional. I have something very important to discuss with you. Contact me for details by: Email: fernrodyup1215@aol.com with your direct contacts. Kind regards. Maria Carmen Gutierrez From raywandyg@gmail.com Sat Feb 20 09:40:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KFeJmo019184 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 09:40:23 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDUDJ-0000nt-Pg; Sat, 20 Feb 2021 15:30:33 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 16:30:32 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 09:40:23 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: Delayed for 04:50:44 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 09:40:23 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KFeJmo019184 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: X-UID: 75 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 12:35:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************************** X-Spam-Status: Yes, score=47.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KIZiOl034573 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 12:35:47 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDX58-0005hC-Nj; Sat, 20 Feb 2021 18:34:18 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 19:34:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 12:35:47 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 12:35:47 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KIZiOl034573 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 76 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 12:35:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************************** X-Spam-Status: Yes, score=47.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KIZrS6034588 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 12:35:56 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDX51-0005f6-Tr; Sat, 20 Feb 2021 18:34:12 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 19:34:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 12:35:56 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 12:35:56 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KIZrS6034588 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 77 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 14:00:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************* X-Spam-Status: Yes, score=37.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KJxts7040961 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 14:00:02 -0600 Received: from 31-161-138-182.mobile.kpn.net ([31.161.138.182] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDYPp-0005SG-L0; Sat, 20 Feb 2021 19:59:45 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 20:59:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 14:00:02 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 14:00:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KJxts7040961 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 78 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 15:55:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************* X-Spam-Status: Yes, score=37.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11KLtoeQ004855 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 15:55:53 -0600 Received: from 188-206-101-16.mobile.kpn.net ([188.206.101.16] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDa8o-0007ms-67; Sat, 20 Feb 2021 21:50:18 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 22:50:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 15:55:53 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 15:55:53 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11KLtoeQ004855 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 79 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sat Feb 20 21:30:32 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************************** X-Spam-Status: Yes, score=47.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.6 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.1 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11L3ULEp035823 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 20 Feb 2021 21:30:32 -0600 Received: from 31-161-231-166.mobile.kpn.net ([31.161.231.166] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDMp0-0000Kr-Lb; Sat, 20 Feb 2021 07:36:58 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sat, 20 Feb 2021 08:36:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210219-10, 19/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 21:30:32 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Feb 2021 21:30:32 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11L3ULEp035823 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: X-UID: 80 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 02:13:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11L8DCF4015342 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 02:13:23 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDjrO-0006r4-7E; Sun, 21 Feb 2021 08:12:58 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 09:12:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 02:13:23 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 02:13:23 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11L8DCF4015342 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 81 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 02:13:29 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11L8DPob015357 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 02:13:29 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDjrU-0006t1-Ko; Sun, 21 Feb 2021 08:13:04 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 09:13:03 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 02:13:29 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 02:13:29 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11L8DPob015357 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 82 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 03:17:45 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11L9Hdb4041724 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 03:17:45 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDkrn-0000eF-Fe; Sun, 21 Feb 2021 09:17:27 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 10:17:26 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210220-4, 20/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 03:17:45 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 03:17:45 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11L9Hdb4041724 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 83 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 05:01:40 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LB1TKP001948 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 05:01:40 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDmUE-0006bx-6f; Sun, 21 Feb 2021 11:01:14 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 12:01:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-0, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 05:01:40 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 05:01:40 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11LB1TKP001948 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 84 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 08:19:35 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LEJWCp015637 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 08:19:35 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDpZi-0002pg-FP; Sun, 21 Feb 2021 14:19:06 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 15:19:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-0, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 08:19:35 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 08:19:35 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11LEJWCp015637 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 85 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 08:20:32 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LEKSAg016063 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 08:20:32 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDpZo-0002rB-59; Sun, 21 Feb 2021 14:19:12 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 15:19:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-0, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 08:20:32 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 08:20:32 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11LEKSAg016063 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 86 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 09:46:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LFk0Ws021398 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 09:46:07 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDqvj-0004gf-F1; Sun, 21 Feb 2021 15:45:55 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 16:45:54 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-0, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 09:46:07 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 09:46:07 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11LFk0Ws021398 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 87 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From raywandyg@gmail.com Sun Feb 21 11:31:09 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [raywandyg[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LHV3jg029466 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 11:31:09 -0600 Received: from 31-161-225-232.mobile.kpn.net ([31.161.225.232] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDsVi-0008GI-JK; Sun, 21 Feb 2021 17:27:10 +0000 Reply-To: From: "MR James Mcgregor" Subject: [SPAM] Working Together Date: Sun, 21 Feb 2021 18:27:09 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-0, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 11:31:09 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'raywandyg@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 11:31:09 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11LHV3jg029466 X-Spam-Prev-Subject: Working Together Status: R X-Status: X-Keywords: $Forwarded X-UID: 88 Greeting to you I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 17:24:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LNNs5t008464 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 17:24:00 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDy4o-0003Au-Eh; Sun, 21 Feb 2021 23:23:46 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 00:23:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 17:24:00 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 03:24:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 17:24:00 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 89 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 17:24:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11LNOAdw008487 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 17:24:13 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDy4u-0003Cm-UQ; Sun, 21 Feb 2021 23:23:53 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 00:23:51 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 17:24:13 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 03:24:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 17:24:13 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 90 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 18:12:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M0CJDD012439 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 18:12:23 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDypa-0000Yn-C0; Mon, 22 Feb 2021 00:12:06 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 01:12:04 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 18:12:23 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 03:41:58 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 18:12:23 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 91 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 19:30:55 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M1UpJl018030 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 19:30:54 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lDzuX-0003ax-8l; Mon, 22 Feb 2021 01:21:17 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 02:21:15 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 19:30:55 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 04:15:11 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 19:30:55 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 92 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 22:50:15 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M4o97n032161 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 22:50:15 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lE3AX-0008Hu-68; Mon, 22 Feb 2021 04:50:01 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 05:50:00 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 22:50:15 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 22:50:15 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 93 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 21 22:50:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M4omIp032183 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 21 Feb 2021 22:50:51 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lE3AS-0008GF-8i; Mon, 22 Feb 2021 04:49:56 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 05:49:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 22:50:51 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Feb 2021 22:50:51 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 94 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 00:09:03 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M68vUQ038208 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 00:09:03 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lE4OO-0005qD-5A; Mon, 22 Feb 2021 06:08:24 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 07:08:23 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 00:09:03 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 00:09:03 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 95 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 02:25:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11M8P3Cm001924 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 02:25:10 -0600 Received: from 188-206-108-120.mobile.kpn.net ([188.206.108.120] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lE6Tz-0007gK-FR; Mon, 22 Feb 2021 08:22:19 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 09:22:18 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210221-6, 21/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 02:25:10 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 02:25:10 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 96 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 07:23:28 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MDNOWQ044010 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 07:23:28 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEBB1-0000Gd-BA; Mon, 22 Feb 2021 13:23:03 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 14:23:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-0, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 07:23:28 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 07:23:28 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 97 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 07:23:29 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MDNQZN044013 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 07:23:29 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEBAm-0000Bz-IW; Mon, 22 Feb 2021 13:22:48 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 14:22:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-0, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 07:23:29 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 07:23:29 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 98 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 08:40:36 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MEeSuv002616 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 08:40:36 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lECN9-0005NU-1j; Mon, 22 Feb 2021 14:39:39 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 15:39:37 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 08:40:36 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 08:40:36 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 99 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From jhardin@impsec.org Sun Feb 21 23:18:12 2021 -0800 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 7590 invoked by uid 99); 22 Feb 2021 07:19:46 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2021 07:19:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id A6744C02DF for ; Mon, 22 Feb 2021 07:19:45 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.545 X-Spam-Level: *** X-Spam-Status: No, score=3.545 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, MONEY_FREEMAIL_REPTO=0.38, MONEY_NOHTML=1.853, SPF_FAIL=0.919, TO_EQ_FM_DOM_SPF_FAIL=0.001, TO_EQ_FM_SPF_FAIL=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id oKdi0vQZsq88 for ; Mon, 22 Feb 2021 07:19:45 +0000 (UTC) Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=116.202.113.34; helo=ivy.zsthost.com; envelope-from=test@zsthost.com; receiver= Received: from ivy.zsthost.com (ivy.zsthost.com [116.202.113.34]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 31CD67FC6B for ; Mon, 22 Feb 2021 07:19:45 +0000 (UTC) Received: from [185.169.196.110] (port=63983 helo=[45.153.203.200]) by ivy.zsthost.com with esmtp (Exim 4.93) (envelope-from ) id 1lE5U1-00089r-7n; Mon, 22 Feb 2021 08:18:17 +0100 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Nice to meet you, To: Recipients From: "Ronald Morris" Date: Sun, 21 Feb 2021 23:18:12 -0800 Reply-To: ronaldmorris786@gmail.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ivy.zsthost.com X-AntiAbuse: Original Domain - spamassassin.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - zsthost.com X-Get-Message-Sender-Via: ivy.zsthost.com: mailgid no entry from get_recent_authed_mail_ips_entry X-Authenticated-Sender: ivy.zsthost.com: X-Source: X-Source-Args: X-Source-Dir: Status: X-Status: X-Keywords: X-UID: 100 Hello Good Day, I am wondering if you will be needing new funding. My firm, has just signed= a memorandum of understanding with new investors looking to discreetly inv= est in Europe, North America and Asia. These Investors are looking to chan= nel out capital as discreet as possible. They are looking for people with r= eal viable projects that needs a minimum of US$20M and a maximum of US$500M= in exchange for 2% yearly interest for a maximum duration of 10 to 15 year= s. NOTE: We also do provide BG/SBLC for lease 6% and purchase 35%.Please Confi= rm if your Company is looking to raise project funds and send me an email f= or details. Mr.Ronald Morris Email:ronaldmorris786@gmail.com From aellenvera@gmail.com Mon Feb 22 10:48:57 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************************** X-Spam-Status: Yes, score=39.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MGmrab011611 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 10:48:57 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEEFt-0005io-Vr; Mon, 22 Feb 2021 16:40:18 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 17:40:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 10:48:57 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 10:48:57 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 101 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 14:04:35 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MK4WTo027226 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 14:04:35 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEHRO-0006X3-0H; Mon, 22 Feb 2021 20:04:22 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 21:04:20 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:04:35 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:04:35 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 102 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 14:04:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MK4Ysm027229 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 14:04:38 -0600 Received: from 188-206-74-202.mobile.kpn.net ([188.206.74.202] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEHRL-0006Wg-O5; Mon, 22 Feb 2021 20:04:19 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 21:04:18 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:04:38 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:04:38 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 103 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 14:42:20 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MKgGf9029977 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 14:42:20 -0600 Received: from 89-200-2-84.mobile.kpn.net ([89.200.2.84] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEI0t-00064z-SF; Mon, 22 Feb 2021 20:41:04 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 21:41:02 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:42:20 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 14:42:20 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 104 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Mon Feb 22 15:24:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_RP_RNBL,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [198.199.89.93 listed in bl.score.senderscore.com] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.7 NSL_RCVD_HELO_USER Received from HELO User * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [198.199.89.93 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.4 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from nicxduimko.com ([198.199.89.93]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11MLOJYf033544 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Feb 2021 15:24:23 -0600 Received: from 89-200-2-84.mobile.kpn.net ([89.200.2.84] helo=User) by nicxduimko.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lEIgV-00016a-8Y; Mon, 22 Feb 2021 21:24:03 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Hello Date: Mon, 22 Feb 2021 22:24:01 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210222-2, 22/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 15:24:23 -0600 (CST) for IP:'198.199.89.93' DOMAIN:'[198.199.89.93]' HELO:'nicxduimko.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 22 Feb 2021 15:24:23 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 105 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From info@hansprogroup.com Tue Feb 23 00:30:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,FORGED_MUA_OUTLOOK,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FROM_MISSP, MONEY_NOHTML,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,RCVD_IN_RP_RNBL, RDNS_NONE,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE, SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,US_DOLLARS_3 autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9960] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [146.56.224.155 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [146.56.224.155 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.5 MONEY_NOHTML Lots of money in plain text * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: CN XX Received: from tesyrjt11.club ([146.56.224.155]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 11N6UkoQ028879 for ; Tue, 23 Feb 2021 00:30:55 -0600 Message-Id: <202102230630.11N6UkoQ028879@ga.impsec.org> Received: from User ([193.169.253.131]) (envelope-sender ) by 10.206.0.8 with ESMTP for ; Tue, 23 Feb 2021 09:23:07 +0800 Reply-To: From: "Charles W. Jackson Jr" Subject: [SPAM] Congratulations Date: Mon, 22 Feb 2021 17:23:06 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 00:30:56 -0600 (CST) for IP:'146.56.224.155' DOMAIN:'[146.56.224.155]' HELO:'tesyrjt11.club' FROM:'info@hansprogroup.com' RCPT:'' X-Greylist: Delayed for 05:05:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 00:30:56 -0600 (CST) X-Spam-Prev-Subject: Congratulations Status: R X-Status: X-Keywords: X-UID: 106 Congratulations, My name is Charles W. Jackson Jr, winner of the $ 344.6 million maximum jackpot on June 1, 2019. I intend to use the winning funds to pursue a variety of passions and make some charitable donations to humanity. I am currently giving out a donation in the amount of $2,000,000 for you to gain your financial power. Regards, Charles W. Jackson Jr From aellenvera@gmail.com Tue Feb 23 21:35:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.1 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.9 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: PE NL Received: from mail.munisanisidro.gob.pe (mail.munisanisidro.gob.pe [200.123.25.211]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11O3ZBGC005787 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 23 Feb 2021 21:35:16 -0600 Received: from User (unknown [83.232.56.39]) (Authenticated sender: prueba) by mail.munisanisidro.gob.pe (Postfix) with ESMTPA id CB6CC48E7A2C; Tue, 23 Feb 2021 18:16:24 -0500 (-05) Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Wed, 24 Feb 2021 00:13:15 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210223-8, 23/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: <20210223231624.CB6CC48E7A2C@mail.munisanisidro.gob.pe> X-MSI-MailScanner-Information: Please contact the ISP for more information X-MSI-MailScanner-ID: CB6CC48E7A2C.A0554 X-MSI-MailScanner: Found to be clean X-MSI-MailScanner-From: aellenvera@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 21:35:17 -0600 (CST) for IP:'200.123.25.211' DOMAIN:'mail.munisanisidro.gob.pe' HELO:'mail.munisanisidro.gob.pe' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 03:16:42 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 21:35:17 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 107 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Tue Feb 23 21:36:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.1 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.9 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: PE NL Received: from mail.munisanisidro.gob.pe (mail.munisanisidro.gob.pe [200.123.25.211]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11O3Zwo0005813 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 23 Feb 2021 21:36:01 -0600 Received: from User (unknown [83.232.56.39]) (Authenticated sender: prueba) by mail.munisanisidro.gob.pe (Postfix) with ESMTPA id 5B76548E7A1C; Tue, 23 Feb 2021 18:16:09 -0500 (-05) Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Wed, 24 Feb 2021 00:13:00 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210223-8, 23/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: <20210223231609.5B76548E7A1C@mail.munisanisidro.gob.pe> X-MSI-MailScanner-Information: Please contact the ISP for more information X-MSI-MailScanner-ID: 5B76548E7A1C.AD42C X-MSI-MailScanner: Found to be clean X-MSI-MailScanner-From: aellenvera@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 21:36:01 -0600 (CST) for IP:'200.123.25.211' DOMAIN:'mail.munisanisidro.gob.pe' HELO:'mail.munisanisidro.gob.pe' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 03:17:40 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Feb 2021 21:36:01 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 108 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From noreply@bmw.com Wed Feb 24 07:29:45 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_95,BIGNUM_EMAILS_FREEM,DEAR_BENEFICIARY,FORM_FRAUD_5, FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY,LOTTO_AGENT, MAY_BE_FORGED,MIME_HTML_ONLY,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_RP_RNBL,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9758] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [161.35.124.108 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 BIGNUM_EMAILS_FREEM Lots of email addresses/leads, free email * account * 0.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 LOTTO_AGENT Claims Agent * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.4 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US ** Received: from bizcloud-server1.fradhogoles.net (bizcloud-server1.fradhogoles.net [161.35.124.108] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11ODTf2F026044 for ; Wed, 24 Feb 2021 07:29:45 -0600 Received: from bmw.com (bizcloud-server1.fradhogoles.net [IPv6:::1]) by bizcloud-server1.fradhogoles.net (Postfix) with ESMTP id 6ABEE1260D4B for ; Wed, 24 Feb 2021 08:32:51 +0000 (UTC) Reply-To: bmwofficeline@gmail.com From: BMW To: jhardin@impsec.org Subject: [SPAM] Read Carefully Date: 24 Feb 2021 03:32:13 -0800 Message-ID: <20210224033213.27FAFB52A35209BD@bmw.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 07:29:45 -0600 (CST) for IP:'161.35.124.108' DOMAIN:'[161.35.124.108]' HELO:'bizcloud-server1.fradhogoles.net' FROM:'noreply@bmw.com' RCPT:'' X-Greylist: Delayed for 04:32:04 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 07:29:45 -0600 (CST) X-Spam-Prev-Subject: Read Carefully Status: R X-Status: X-Keywords: X-UID: 109 Content-Length: 2902

BMW of North America, LLC
300 Chestnut Ridge Road.
Woodcliff Lake<= BR>NJ 07677-7731, USA.


NOTE: If you received this message in you= r SPAM/BULK folder, that is because there are restrictions implemented by y= our Internet Service Provider, we urge that you treat it genuinely.

= Dear Beneficiary (jhardin@impsec.org)

This is to inform you that you have been automatically selected by our rand= om Computerized Email Selection System as a beneficiary of our ongoing prom= otional program winning you the prize of a brand new BMW 7 Series Car and a= Check of $1.5 million.

Description of prize vehicle;
Model: BMW = X7 xDrive40i All Wheel Drive SUV
Body: SUV
HWY: 24 MPG †
Cit= y: 19 MPG †
Exterior: Mineral White Metallic
Interior: CognacEngine: 3.0L Straight 6-Cyl Engine
Trans: Automatic.

The selection process, carried out by our Computer= ized Email Selection System for verifiably random results to follow through= with the Promotional Marketing code which ensures that prizes are awarded = following the laws of chance. The raffle draw random email selection proces= s was initiated with a database of over 250,000 email addresses drawn from = the internet, with your email (jhardin@impsec.org) selected as the number 7= th winner.

The BMW Promotional Marketing Lottery Program is authorized and supported b= y the International Chamber of Commerce(ICC), also Licensed by the Internat= ional Association of Gaming Regulators (IAGR).

Winners case file ref= erence registration number is assigned to a specific fiduciary claims offic= er. For more information as regards certifying the claims process of your p= rize, kindly be advised to contact your assigned fiduciary officer with det= ails seen below.

Name: Stefan Richmann
Email: bmwofficeline@gmail.com

Contact him by providing him with your Reg. pin code Number: 0011= 185003/25

To certify your claims, fill out the requested identifiabl= e information:

Name:
Address :
Nationality :
DOB :
Phone= :
Drivers license number:
Reg pin code Number:

Initiation of case file authorization process for clearance would only comm= ence upon confirmation of the above requested identifiable information.
=
Congratulations! To You, from all our staffs.

Regards,
Bernha= rd Kuhnt
CEO and President
BMW of North America
BMW GROUP
Unite= d States of America
©2021

From tougao@xilu.com Wed Feb 24 11:58:16 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_RP_RNBL,RDNS_NONE,RELAY_COUNTRY_CN, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_YN,SPAM_BOOSTER_04, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_YN Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_CN Relayed via China * 1.9 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [139.196.22.199 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN US Received: from mail.chinadim.com ([139.196.22.199]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 11OHwBIi000823 for ; Wed, 24 Feb 2021 11:58:15 -0600 Message-Id: <202102241758.11OHwBIi000823@ga.impsec.org> X-scanvirus: By EQAVSE AntiVirus Engine X-scanresult: NOREP X-MAILFROM: X-RCPTTO: X-FROMIP: 64.235.38.47 X-EQManager-Scaned: 1 X-EQAUTHUSER: tougao X-Received:santaclara-ca-datacenter.serverpoint.com,64.235.38.47,20210225014304 Received: from santaclara-ca-datacenter.serverpoint.com (HELO user) (tougao@64.235.38.47) by localhost with SMTP; 24 Feb 2021 17:43:04 -0000 Reply-To: From: "Mariacarmen Gutierrez" Subject: [SPAM] PLEASE TAKE NOTE! Date: Wed, 24 Feb 2021 09:43:05 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 11:58:16 -0600 (CST) for IP:'139.196.22.199' DOMAIN:'[139.196.22.199]' HELO:'mail.chinadim.com' FROM:'tougao@xilu.com' RCPT:'' X-Greylist: Delayed for 00:14:27 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 11:58:16 -0600 (CST) X-Spam-Prev-Subject: PLEASE TAKE NOTE! Status: R X-Status: X-Keywords: X-UID: 110 Hello friend! I would like to contact you personally for an important proposal that could of interest to you. I send this email only to know if this email address is functional. I have something very important to discuss with you. Contact me for details by: Email: fernrodyup1215@aol.com with your direct contacts. Kind regards. Maria Carmen Gutierrez From greant3l1@gmail.com Wed Feb 24 22:44:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************** X-Spam-Status: Yes, score=38.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY, MALFORMED_FREEMAIL,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS, RCVD_IN_SORBS_WEB,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPAM_BOOSTER_13,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [218.56.155.106 listed in dnsbl.sorbs.net] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [218.56.155.106 listed in zen.spamhaus.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [greant3l1[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [178.62.127.17 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [178.62.127.17 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [greant311[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [greant3l1[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.1 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: GB CN Received: from mail.mailingme.tech (mail.mailingme.tech [178.62.127.17]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11P4hn19007130 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 24 Feb 2021 22:44:01 -0600 Message-Id: <202102250444.11P4hn19007130@ga.impsec.org> Received: from User (unknown [218.56.155.106]) by mail.mailingme.tech (Postfix) with ESMTPA id D6993C5F67; Wed, 24 Feb 2021 18:17:35 +0000 (UTC) Reply-To: From: "Gabriel Arthur" Subject: [SPAM] You were recommended, Date: Wed, 24 Feb 2021 19:18:04 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 22:44:01 -0600 (CST) for IP:'178.62.127.17' DOMAIN:'mail.mailingme.tech' HELO:'mail.mailingme.tech' FROM:'greant3l1@gmail.com' RCPT:'' X-Greylist: Delayed for 06:36:24 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 22:44:01 -0600 (CST) X-Spam-Prev-Subject: You were recommended, Status: R X-Status: X-Keywords: X-UID: 111 Content-Length: 1042
Good day,
Somebody  recommended you by a mutual associate. I write you regarding an investment of bearer bonds I made on behalf of a client. The investment was made in 2010 and has been under my management.
 
The said investor is deceased. The window is now available to assign these bonds to any name or company of my choice. I have all the necessary information to achieve this within 10 banking days.
 
The total value of the bond is 50 million pounds sterling, in a million pound denominations.
 
If you can handle this, do contact me at your earliest convenience via my Email: mgabrielarthurr@gmail.com
 
Thanks
Gabriel  Arthur
 From greant3l1@gmail.com Wed Feb 24 23:49:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY, MALFORMED_FREEMAIL,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_RP_RNBL, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [greant3l1[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [178.62.127.17 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [greant311[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [greant3l1[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [178.62.127.17 listed in bl.score.senderscore.com] * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.1 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: GB XX Received: from mail.mailingme.tech (mail.mailingme.tech [178.62.127.17]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11P5n35l012146 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 24 Feb 2021 23:49:07 -0600 Message-Id: <202102250549.11P5n35l012146@ga.impsec.org> Received: from User (unknown [77.247.110.132]) by mail.mailingme.tech (Postfix) with ESMTPA id C1ED0C776D; Wed, 24 Feb 2021 23:33:16 +0000 (UTC) Reply-To: From: "Gabriel Arthur" Subject: [SPAM] You were recommended, Date: Thu, 25 Feb 2021 00:33:17 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 23:49:07 -0600 (CST) for IP:'178.62.127.17' DOMAIN:'mail.mailingme.tech' HELO:'mail.mailingme.tech' FROM:'greant3l1@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Feb 2021 23:49:07 -0600 (CST) X-Spam-Prev-Subject: You were recommended, Status: R X-Status: X-Keywords: X-UID: 112
Good day,
Somebody  recommended you by a mutual associate. I write you regarding an investment of bearer bonds I made on behalf of a client. The investment was made in 2010 and has been under my management.
 
The said investor is deceased. The window is now available to assign these bonds to any name or company of my choice. I have all the necessary information to achieve this within 10 banking days.
 
The total value of the bond is 50 million pounds sterling, in a million pound denominations.
If you c
an handle this, do contact me at your earliest convenience via my Email: mgabrielarthurr@gmail.com
 
Thanks
Gabriel  Arthur
 From jhardin@impsec.org Fri Feb 26 14:52:18 2021 +0530 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 69332 invoked by uid 99); 26 Feb 2021 09:22:27 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 Feb 2021 09:22:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 775BE1FF3A1 for ; Fri, 26 Feb 2021 09:22:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 6.195 X-Spam-Level: ****** X-Spam-Status: No, score=6.195 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_3_NEW=1.609, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, SPF_PASS=-0.001, UNDISC_MONEY=3.196, URG_BIZ=0.941] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id ogDkvodmWf5j for ; Fri, 26 Feb 2021 09:22:26 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=132.229.214.2; helo=strwmail.strw.leidenuniv.nl; envelope-from=tychoniec@strw.leidenuniv.nl; receiver= Received: from strwmail.strw.leidenuniv.nl (strwmail.strw.leidenuniv.nl [132.229.214.2]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id B5BC0BCF3E for ; Fri, 26 Feb 2021 09:22:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by strwmail.strw.leidenuniv.nl (Postfix) with ESMTP id 946631441C9; Fri, 26 Feb 2021 10:22:24 +0100 (CET) X-Virus-Scanned: amavisd-new at strw.leidenuniv.nl Received: from strwmail.strw.leidenuniv.nl ([127.0.0.1]) by localhost (strwmail.strw.leidenuniv.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cZk01j8WZgdA; Fri, 26 Feb 2021 10:22:24 +0100 (CET) Received: from strwmail.strw.leidenuniv.nl (localhost [127.0.0.1]) by strwmail.strw.leidenuniv.nl (Postfix) with ESMTP id 6EE5B144156; Fri, 26 Feb 2021 10:22:18 +0100 (CET) Received: from [223.225.63.53] by strwmail.strw.leidenuniv.nl with HTTP (HTTP/1.1 POST); Fri, 26 Feb 2021 10:22:18 +0100 MIME-Version: 1.0 Date: Fri, 26 Feb 2021 14:52:18 +0530 From: tychoniec To: undisclosed-recipients:; Subject: please contact me directly on this email id: khalidbuhazza99@gmail.com Reply-To: khalidbuhazza99@gmail.com User-Agent: Roundcube Webmail/1.4.11 Message-ID: X-Sender: tychoniec@mail.strw.leidenuniv.nl X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_271f7c0941119ec46d8a4329bfecf67d" Status: X-Status: X-Keywords: X-UID: 113 --=_271f7c0941119ec46d8a4329bfecf67d Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit I am Khalid Buhazza from Bahrain I am contacting you for an urgent business proposal that will benefit both of us and change the lives of our family in future. please contact me directly on this email id: khalidbuhazza99@gmail.com --=_271f7c0941119ec46d8a4329bfecf67d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I am Khalid Buhazza from Bahrain I am contacting you for an urgent busin= ess proposal that will benefit both of us and change the lives of our famil= y in future. please contact me directly on this email id: khalidbuhazza99@g= mail.com

--=_271f7c0941119ec46d8a4329bfecf67d-- From Deborah.Machefer@ac-orleans-tours.fr Fri Feb 26 05:50:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.3 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DNSWL_NONE,RELAY_COUNTRY_FR,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_PASS,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_FR Relayed via France * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [195.83.90.164 listed in list.dnswl.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [marie_avis12[at]yahoo.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: FR ** ** ** ** ** ** Received: from smtp-y.ac-orleans-tours.fr (smtp-a.ac-orleans-tours.fr [195.83.90.164]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11QBo6tM015820 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 26 Feb 2021 05:50:11 -0600 Received: from smtp-y.ac-orleans-tours.fr (scan1.ac-orleans-tours.fr [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 83754248B0; Fri, 26 Feb 2021 12:19:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ac-orleans-tours.fr; s=dkim1; t=1614338352; bh=bNSH1hLTJ3iAwIBFjYhkhFTD+tbF39E3PMPfkoqaZTo=; h=From:Date:To; b=HjxFtqmXifvUN/FE68mySrNMdHGp19mQUATCaH3CSFIXMbivr2KosCbNpAvlms4Z2 pmp2lxvljc5Lj3ZBOT8ihGYmSem1UjU5I+yUfi68FSWO/g0QwCwQhYWkIRVyXBRIn5 zTfh3h6cyE7Z03DaqbqN/k70LB+QTf13PNru3YbM= Received: from scan1.ac-orleans-tours.fr (scan1.ac-orleans-tours.fr [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BCA15248C5; Fri, 26 Feb 2021 12:19:10 +0100 (CET) Received: from haproxy-pdmz.in.ac-orleans-tours.fr (haproxy-pdmz.in.ac-orleans-tours.fr [192.168.68.22]) by scan1.ac-orleans-tours.fr (Postfix) with ESMTPS; Fri, 26 Feb 2021 12:19:10 +0100 (CET) Received: from smtp-relai-webmail.in.ac-orleans-tours.fr (unknown [192.168.68.23]) by haproxy-pdmz.in.ac-orleans-tours.fr (Postfix) with ESMTP id 5EF8D5F7BA; Fri, 26 Feb 2021 12:19:10 +0100 (CET) Received: from ac-orleans-tours.fr (mta-1.in.ac-orleans-tours.fr [172.30.144.159]) by smtp-relai-webmail.in.ac-orleans-tours.fr (Postfix) with ESMTP id C67E680550D; Fri, 26 Feb 2021 12:19:09 +0100 (CET) Received: from [192.168.68.22] (Forwarded-For: 192.168.68.26) by mta-1.in.ac-orleans-tours.fr (mshttpd); Fri, 26 Feb 2021 11:19:09 GMT From: "Machefer Deborah" Reply-To: marie_avis12@yahoo.com Message-ID: Date: Fri, 26 Feb 2021 11:19:09 GMT X-Mailer: Oracle Communications Messenger Express 8.0.1.0.0 64bit (built Sep 4 2015) MIME-Version: 1.0 Content-Language: en Subject: [SPAM] Greetings X-Accept-Language: en Priority: normal Content-Type: multipart/alternative; boundary="--9ac558e327f6580f4704380f1ea02fc0" To: undisclosed-recipients:; X-TM-AS-GCONF: 11111111 X-TM-AS-SMTP: 1.0 aGFwcm94eS1wZG16LmluLmFjLW9ybGVhbnMtdG91cnMuZnI= RGVib3JhaC5NYWNoZWZlckBhYy1vcmxlYW5zLXRvdXJzLmZy X-TM-AS-ERS: 192.168.68.22-127.9.0.1 X-TM-AS-Product-Ver: IMSVA-9.1.0.2025-8.6.0.1013-25996.006 X-TMASE-Version: IMSVA-9.1.0.2025-8.6.1013-25996.006 X-TMASE-Result: 11-12.436800-10.000000 X-TMASE-MatchedRID: JHxbVIbxF1HgcI95jTPqbfQajs/Ywumppnx3aOUcbheIOmeNscrLpHv3 EJJrdBuxs+R1ThtG4sf8deRGOD4hQKDjhPBgRYg9PwZlFG3IA51yLSXVh5u2E969SHaBFcrnAuc 9cUfAPJfYVLWm+UZnYTM6EhhLAiz44QsjLzswuv4wLYDBrGTwKPNkoMDX+kiudaSwWNZJcBi4AZ GsGrqX8f6q7EHPZqf6rvsZif7dAlfVE7HmVnVGHtTHX+rg7MGtgrKH5FQ/xFYmdTiuLELZs18vM u11r33KavP8b9lJtWq1VfZrX9mxWIAa+/FMJJzijqd9CmisgNjih2fRyvqVA4GIxJLf920sZ9fA q5Aa2yVYcywU8PueEESZ66/yIruA6TMNQqINt7KTeN/TfYabbw== X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 26 Feb 2021 05:50:11 -0600 (CST) for IP:'195.83.90.164' DOMAIN:'smtp-a.ac-orleans-tours.fr' HELO:'smtp-y.ac-orleans-tours.fr' FROM:'Deborah.Machefer@ac-orleans-tours.fr' RCPT:'' X-Greylist: Delayed for 00:26:02 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 26 Feb 2021 05:50:11 -0600 (CST) X-Spam-Prev-Subject: Greetings Status: R X-Status: X-Keywords: X-UID: 114 Content-Length: 1646 This is a multi-part message in MIME format. ----9ac558e327f6580f4704380f1ea02fc0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit -- Greetings to you my dear, My name is Mrs Marie Evis I have a donation of ($10.500.000.00) for you. Please I will like you to get back to me if you will help on this donation to help the poor. I will give you more details on how you can help to invest this money to help the poor because of my poor health condition which I will let you know as soon as I hear from you. I sending you this message through the help of the nurse taking care of me, do reply me with my direct email address below for more details. God bless you as I wait for your reply. Your sister. Miss Marie Evis. marie_avis12@yahoo.com ----9ac558e327f6580f4704380f1ea02fc0 Content-Type: text/html; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit

--
Greetings to you my dear,
My name is Mrs Marie Evis I have a donation of ($10.500.000.00) for you. Please I will like you to get back to me if you will help on this donation to help the poor. I will give you more details on how you can help to invest this money to help the poor because of my poor health condition which I will let you know as soon as I hear from you. I sending you this message through the help of the nurse taking care of me, do reply me with my direct email address below for more details.
God bless you as I wait for your reply.
Your sister.
Miss Marie Evis.
marie_avis12@yahoo.com ----9ac558e327f6580f4704380f1ea02fc0-- From aellenvera@gmail.com Sat Feb 27 17:58:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_FREEMAIL, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [162.214.169.243 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.3 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11RNvr6X020664 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 27 Feb 2021 17:58:00 -0600 Message-Id: <202102272358.11RNvr6X020664@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=5R1iuKxaAIWdrJMfn5RXA6G3TQ7KT1xtlqjghhWDr8g=; b=t39n72r5J60SwKhsAIg98lRXs hJcVpl9ImyyWvq8vabrNi1K2gXojdSsFuIy99Tttcu9+DFjGvR0LIFnjowOGRB6Zy4YBlKDBFxmwI FPmYMuTIhmi+TrjFsZXH20WhAhX2RpIWuQU+f4EVByHBFh4auwi1YAiYrUt/GEe2Uyte0UCCtqKOX eqZjVlQAhg+3srmucLjWj0MF5k9/wpjKZnfU+FTlzzunw7Mudit8AwxIO9P1Ydaan3dnuAvFIaD2Y 09lpuLLpNBgedfWRFipT0WSPVHhwI+7SX8brw/X//ehjBUjlwwMbrGFKITk3YiS2lStXYBlrSDpwX efjK2SDnA==; Received: from [188.206.108.230] (port=8003 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lFwVJ-0007Gf-Ep; Sat, 27 Feb 2021 15:37:17 +0530 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Sat, 27 Feb 2021 11:07:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210226-8, 26/02/2021), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 17:58:00 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 06:41:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 17:58:00 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 115 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sat Feb 27 20:08:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_FREEMAIL, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04, SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [162.214.169.243 listed in bl.mailspike.net] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.3 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11S28ZY2032046 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 27 Feb 2021 20:08:38 -0600 Message-Id: <202102280208.11S28ZY2032046@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=5R1iuKxaAIWdrJMfn5RXA6G3TQ7KT1xtlqjghhWDr8g=; b=CrEodJfUtIY361SSUle0FDmh/ KlzfjxLw0qsm+uB/ZkaxikkIcHTSodl9Kl6Hs9ga4hJwP0U//0SI+GAmMKqqRlPtCjHRbfnjFkuxC b+lgFE/cf/dlZkFDJnacG+pPTfWXAUyxUpqbUBjPovHCDTO6DRQRg4QxGg+DB4ZN7imzNxdbm/0Ha 4in/s6vFP8a+W2BTr/LGhSpsQRJFjuz7YqHjJhm73jjbZ+5RBLJXU+YYSNbmmcGXLt5zq4re+ybEe b3VcEhtXYHn4vRxScO9MTUdkwGtwrrVzXJ7HCMvxX0h+s9lFPcKUmI5uHRyMwckotr/T5sqMppsDW cSE3gw4IA==; Received: from 188-206-65-132.mobile.kpn.net ([188.206.65.132]:22005 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lFprj-0006Qm-NN; Sat, 27 Feb 2021 08:31:59 +0530 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Sat, 27 Feb 2021 04:01:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210226-8, 26/02/2021), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 20:08:38 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 23:04:37 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 20:08:38 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 116 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sat Feb 27 22:35:20 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.3 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11S4ZD1i044275 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 27 Feb 2021 22:35:20 -0600 Received: from 89-200-32-164.mobile.kpn.net ([89.200.32.164] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lG9YH-000653-FQ; Sun, 28 Feb 2021 00:03:14 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Greeting Date: Sun, 28 Feb 2021 01:03:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 22:35:20 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 04:31:47 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 27 Feb 2021 22:35:20 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11S4ZD1i044275 X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 117 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 00:11:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 2.3 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.3 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.3 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11S6B3Nu006243 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 00:11:06 -0600 Received: from 89-200-32-164.mobile.kpn.net ([89.200.32.164] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGFHN-0003PF-Im; Sun, 28 Feb 2021 06:10:09 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Greeting Date: Sun, 28 Feb 2021 07:10:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 00:11:06 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 00:11:06 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11S6B3Nu006243 X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 118 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 01:34:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11S7Yi64012349 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 01:34:51 -0600 Received: from 89-200-32-164.mobile.kpn.net ([89.200.32.164] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGGMw-00038P-0p; Sun, 28 Feb 2021 07:19:58 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Greeting Date: Sun, 28 Feb 2021 08:19:56 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 01:34:51 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 05:44:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 01:34:51 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11S7Yi64012349 X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 119 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 04:22:44 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SAMf2e046366 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 04:22:44 -0600 Received: from 188-206-100-209.mobile.kpn.net ([188.206.100.209] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGJDJ-0006h7-U4; Sun, 28 Feb 2021 10:22:14 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 11:22:12 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 04:22:44 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 05:00:15 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 04:22:44 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SAMf2e046366 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 120 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 04:22:44 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SAMaOa046363 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 04:22:44 -0600 Received: from 188-206-100-209.mobile.kpn.net ([188.206.100.209] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGJDL-0006hk-JL; Sun, 28 Feb 2021 10:22:15 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 11:22:14 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 04:22:44 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: Delayed for 05:01:07 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 04:22:44 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SAMaOa046363 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 121 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 06:34:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SCYIOw007175 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 06:34:24 -0600 Received: from 188-206-99-226.mobile.kpn.net ([188.206.99.226] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGLGe-0000Kn-98; Sun, 28 Feb 2021 12:33:48 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 13:33:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 06:34:24 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 06:34:24 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SCYIOw007175 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 122 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 06:36:52 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SCamtc007228 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 06:36:51 -0600 Received: from 188-206-99-226.mobile.kpn.net ([188.206.99.226] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGLGc-0000Kc-J4; Sun, 28 Feb 2021 12:33:46 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 13:33:45 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 06:36:52 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 06:36:52 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SCamtc007228 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 123 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 07:07:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SD7Eih009129 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 07:07:17 -0600 Received: from 188-206-99-226.mobile.kpn.net ([188.206.99.226] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGLmS-0001Dp-LU; Sun, 28 Feb 2021 13:06:40 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 14:06:39 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 07:07:17 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 07:07:17 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SD7Eih009129 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 124 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From kasimachma@gmail.com Sun Feb 28 09:49:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kasimachma[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrjamesmc6[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SFmxr4019156 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 09:49:02 -0600 Received: from 188-206-99-226.mobile.kpn.net ([188.206.99.226] helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGO8d-0006Ar-OM; Sun, 28 Feb 2021 15:37:43 +0000 Reply-To: From: "Mr. James Mcgregor" Subject: [SPAM] Working together Date: Sun, 28 Feb 2021 16:37:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210227-8, 27/02/2021), Outbound message X-Antivirus-Status: Clean Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 09:49:02 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'kasimachma@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 09:49:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 11SFmxr4019156 X-Spam-Prev-Subject: Working together Status: R X-Status: X-Keywords: X-UID: 125 Good Day I am James Mcgregor,my principals wish, to make huge financial investment in your home country . Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role, I shall be expecting your quick response mrjamesmc6@gmail.com Best Regards, James Mcgregor -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 28 15:19:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************* X-Spam-Status: Yes, score=49.2 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_FREEMAIL, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS, MALFORMED_FREEMAIL,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04, SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [162.214.169.243 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US NL Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 11SLJdGF042552 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 15:19:47 -0600 Message-Id: <202102282119.11SLJdGF042552@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=5R1iuKxaAIWdrJMfn5RXA6G3TQ7KT1xtlqjghhWDr8g=; b=pJ5/HHfiTgqD8NwA7cBMTFjmG cfmeJA8lRRxFOaHQNArCKi7CaWpPq3c4DnUc/AjzyITPL89JWOjrt8kOajGXcZvz/1+ER05F/p5VY J1wIy/IoVwCcMds2mZys7b+AOFKpJ+AWHCMvSJKYWPdX24OYQ8wvxFHfvqGD+WlRhpU+IDKz93x+9 uJlLTShzxdl/Kwh13XRCfZknZPsoIfCVItP49Cs7GMK1bIBw1Mxa96uqJq6byYjQ7xP+HEbr3xpyE XomhOD//i7NXOfeYyXgatsJNH6OIt/HWx1DtpP4JjAjyP/WhrzYykqJhvPqsCpRWqPFpMU7J07p6q Ci9M0QPnA==; Received: from 188-206-108-230.mobile.kpn.net ([188.206.108.230]:8006 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lFwV6-0007IR-EA; Sat, 27 Feb 2021 15:37:04 +0530 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Sat, 27 Feb 2021 11:07:03 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210226-8, 26/02/2021), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 15:19:47 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 10:51:54 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 15:19:47 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 126 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen -- This email has been checked for viruses by AVG. https://www.avg.com From aellenvera@gmail.com Sun Feb 28 21:39:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1213di7e021400 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 21:39:47 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGZP6-0002jl-Vf; Mon, 01 Mar 2021 03:39:29 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 04:39:27 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 21:39:47 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 09:58:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 21:39:47 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 127 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Sun Feb 28 21:40:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1213eKAj021774 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 21:40:23 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGZOy-0002hm-C7; Mon, 01 Mar 2021 03:39:20 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 04:39:19 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 21:40:23 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 09:56:30 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 21:40:23 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 128 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Sun Feb 28 22:47:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1214lfFS026092 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 28 Feb 2021 22:47:50 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGaSI-0001DM-QE; Mon, 01 Mar 2021 04:46:51 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 05:46:49 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 22:47:51 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 10:33:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 28 Feb 2021 22:47:51 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 129 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Mon Mar 1 00:37:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.8 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.9 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [161.35.15.117 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1216b4cg034094 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 1 Mar 2021 00:37:11 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGbzE-0005gi-So; Mon, 01 Mar 2021 06:24:57 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 07:24:55 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 00:37:11 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: Delayed for 05:46:14 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 00:37:11 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 130 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Mon Mar 1 04:49:43 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.4 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [161.35.15.117 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.3 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 121AndIs025293 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 1 Mar 2021 04:49:43 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGg7J-00080S-Gr; Mon, 01 Mar 2021 10:49:33 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 11:49:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 04:49:43 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 04:49:43 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 131 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Mon Mar 1 04:49:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************* X-Spam-Status: Yes, score=45.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,RDNS_NONE, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.4 NSL_RCVD_HELO_USER Received from HELO User * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [161.35.15.117 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.3 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 121Anlp9025308 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 1 Mar 2021 04:49:51 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGg7J-00080X-8n; Mon, 01 Mar 2021 10:49:33 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 11:49:31 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 04:49:51 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 04:49:51 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 132 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Mon Mar 1 06:42:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************************** X-Spam-Status: Yes, score=39.2 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_SBL_CSS,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.4 NSL_RCVD_HELO_USER Received from HELO User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [64.145.65.238 listed in zen.spamhaus.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [161.35.15.117 listed in bl.mailspike.net] * 1.3 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 121Cg3v5032942 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 1 Mar 2021 06:42:10 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGhs7-0006wt-A2; Mon, 01 Mar 2021 12:41:59 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 13:41:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 06:42:10 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 06:42:10 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 133 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From aellenvera@gmail.com Mon Mar 1 09:21:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************************** X-Spam-Status: Yes, score=39.2 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_SBL_CSS,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.4 NSL_RCVD_HELO_USER Received from HELO User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [64.145.65.238 listed in zen.spamhaus.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [161.35.15.117 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [veraaellen7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 1.3 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from cunjimwen.com ([161.35.15.117]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 121FLl69044272 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 1 Mar 2021 09:21:53 -0600 Received: from [64.145.65.238] (helo=User) by cunjimwen.com with esmtpa (Exim 4.86_2) (envelope-from ) id 1lGkDP-0003K5-Js; Mon, 01 Mar 2021 15:12:07 +0000 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Mon, 1 Mar 2021 16:12:07 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 09:21:53 -0600 (CST) for IP:'161.35.15.117' DOMAIN:'[161.35.15.117]' HELO:'cunjimwen.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 01 Mar 2021 09:21:53 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: $Forwarded X-UID: 134 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response veraaellen7@gmail.com Best Regards, Mrs. Vera Aellen From jhardin@impsec.org Tue Mar 2 05:35:00 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 94008 invoked by uid 99); 2 Mar 2021 09:00:41 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Mar 2021 09:00:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id EF68DC0349 for ; Tue, 2 Mar 2021 09:00:33 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.545 X-Spam-Level: *** X-Spam-Status: No, score=3.545 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, MONEY_FREEMAIL_REPTO=0.38, MONEY_NOHTML=1.853, SPF_FAIL=0.919, TO_EQ_FM_DOM_SPF_FAIL=0.001, TO_EQ_FM_SPF_FAIL=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id gI1dJDkX_yGu for ; Tue, 2 Mar 2021 09:00:33 +0000 (UTC) Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=163.13.201.222; helo=mail.im.tku.edu.tw; envelope-from=rudakova.ganna@kntu.net.ua; receiver= Received: from mail.im.tku.edu.tw (mail.im.tku.edu.tw [163.13.201.222]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTP id A2CE37FCC3 for ; Tue, 2 Mar 2021 09:00:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.im.tku.edu.tw (Postfix) with ESMTP id 84C24214503; Tue, 2 Mar 2021 16:46:58 +0800 (CST) X-Virus-Scanned: amavisd-new at mail.im.tku.edu.tw Received: from mail.im.tku.edu.tw ([127.0.0.1]) by localhost (mail.im.tku.edu.tw [127.0.0.1]) (amavisd-new, port 10024) with LMTP id dsGo4gBguUg1; Tue, 2 Mar 2021 16:46:57 +0800 (CST) Received: from [192.168.0.106] (unknown [78.135.30.165]) by mail.im.tku.edu.tw (Postfix) with ESMTPA id 42B9A214507; Tue, 2 Mar 2021 11:35:17 +0800 (CST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Ich warte auf deine Antwort To: Recipients From: rudakova.ganna@kntu.net.ua Date: Tue, 02 Mar 2021 05:35:00 +0200 Reply-To: donationhelpercare5@gmail.com Status: X-Status: X-Keywords: X-UID: 135 Hallo Mein Name ist Warren E. Buffett, ein amerikanischer Gesch=E4ftsmagnat, Inve= stor und Philanthrop. Ich bin der erfolgreichste Investor und CEO der Welt,= Berkshire Hathaway. Ich glaube fest daran, "zu geben, w=E4hrend ich lebe".= Ich hatte eine Idee, die sich nie ge=E4ndert hat? dass Sie Ihr Verm=F6gen = nutzen sollten, um Menschen zu helfen, und ich habe beschlossen, {1.500.000= ,00 Euro} eine Million f=FCnfhunderttausend Euro an zuf=E4llig ausgew=E4hlt= e Personen weltweit zu geben. Nachdem Sie diese E-Mail erhalten haben, soll= ten Sie sich gl=FCcklich sch=E4tzen. Ihre E-Mail-Adresse wurde online w=E4h= rend der zuf=E4lligen Suche ausgew=E4hlt. Kontaktieren Sie mich unter donat= ionhelpercare5@gmail.com Ihre erste Annehmlichkeit, damit ich wei=DF, dass= Ihre E-Mail-Adresse g=FCltig ist. Ich warte auf deine Antwort From bx@chamber.uz Tue Mar 2 05:30:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 122DU2Dx028880 for ; Tue, 2 Mar 2021 05:30:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********* X-Spam-Status: Yes, score=9.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,HK_NAME_MR_MRS, RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, * low trust * [217.30.169.104 listed in list.dnswl.org] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 HK_NAME_MR_MRS No description available. * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails X-Spam-Relay-Country: UZ ** ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 02 Mar 2021 05:30:02 -0800 (PST) Received: from mail.chamber.uz (mail.chamber.uz [217.30.169.104]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 122DTDHe021098 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Tue, 2 Mar 2021 07:29:17 -0600 Received: from [77.247.110.14] (172.24.0.9) by mail.chamber.uz (172.24.0.254) with Microsoft SMTP Server (TLS) id 14.2.347.0; Tue, 2 Mar 2021 18:23:30 +0500 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Thanks To: Recipients From: Mrs Margarita Louis-Dreyfus Date: Tue, 2 Mar 2021 14:23:21 +0100 Reply-To: Message-ID: <32ef61d3-4181-416f-8d88-df36805e059c@MX2010.chamber.local> X-Originating-IP: [172.24.0.9] X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 07:29:18 -0600 (CST) for IP:'217.30.169.104' DOMAIN:'mail.chamber.uz' HELO:'mail.chamber.uz' FROM:'bx@chamber.uz' RCPT:'' X-Greylist: Delayed for 00:05:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 07:29:18 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 122DTDHe021098 X-Spam-Prev-Subject: Thanks Status: R X-Status: X-Keywords: X-UID: 136 From: Mrs Margarita Louis-Dreyfus. I am Mrs Margarita Louis-Dreyfus Chairperson of Louis-Dreyfus Commodities. I have decide to initiate this email conversation of a confidential humanitarian project that I would like to share with you in your country hoping you will respond back in reply. Email/;margaritalouisdreyfus@consultant.com Mrs Margarita Louis-Dreyfus. From aellenvera@gmail.com Tue Mar 2 01:07:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,MALFORMED_FREEMAIL,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_SBL_CSS, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [64.145.65.238 listed in zen.spamhaus.org] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [162.214.169.243 listed in bl.mailspike.net] * 0.4 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [aellenvera[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.3 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US US Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 122777kw018414 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 2 Mar 2021 01:07:11 -0600 Message-Id: <202103020707.122777kw018414@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=EmxB95JjvReKVk4WUu2y3o/zkh2heb5BcJQ7wcEO8e4=; b=WCWeSPBQsGKytycYexdJkC+PI cweIxKaBEM1uCraRUM8JkNc+MrjTpSEcRy4+fzVO3kLVI18SvkxXZiyp0BIRfNLsPYWsXjxYIuBJC Lorn+qYgZKFfgucVNZO9JdsE4XrUa6Wv94ZeWv2ePvp5M0gSi/paf0QBRgdpKoHfX8k+1NZoK97x0 laAtwQ1zqVnDEta1zQpkktwqUMCmy7B33DjAWRAFjMnQxe8ud/1WPbDmST87+7MjLEfiv89xPh+fQ Mo8XK00U4UtnL0QuB+L2jSWbW4USWtHD3PxNdsR1+u5BxF5h5V37WhakWqxaERtVWA0Z5r6G7V8s9 5dhpR9uug==; Received: from [64.145.65.238] (port=45215 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lGz5f-0006Ve-08; Tue, 02 Mar 2021 12:35:07 +0530 Reply-To: From: "Mrs. Vera Aellen" Subject: [SPAM] Greeting Date: Tue, 2 Mar 2021 08:05:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 01:07:11 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'aellenvera@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 01:07:11 -0600 (CST) X-Spam-Prev-Subject: Greeting Status: R X-Status: X-Keywords: X-UID: 137 Good day You have been selected to receive my grant donation. Please, contact me for further detail.I shall be expecting your quick response gveraallen@gmail.com Best Regards, Mrs. Vera Aellen From greant31l@gmail.com Tue Mar 2 23:03:45 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HTML_MESSAGE,LOTS_OF_MONEY,MALFORMED_FREEMAIL,MAY_BE_FORGED, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RCVD_IN_RP_RNBL,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,UNPARSEABLE_RELAY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [66.165.74.88 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [greant31l[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [greant311[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay * lines * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.0 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US Received: from server.interlockware.com (server.interlockware.com [66.165.74.88] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12353gKh001814 for ; Tue, 2 Mar 2021 23:03:45 -0600 Message-Id: <202103030503.12353gKh001814@ga.impsec.org> Received: from User (UnknownHost) by server.interlockware.com with SMTP; Tue, 2 Mar 2021 20:36:28 -0600 Reply-To: From: "Gabriel Arthur" Subject: [SPAM] You were recommended, Date: Wed, 3 Mar 2021 03:36:23 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 23:03:45 -0600 (CST) for IP:'66.165.74.88' DOMAIN:'[66.165.74.88]' HELO:'server.interlockware.com' FROM:'greant31l@gmail.com' RCPT:'' X-Greylist: Delayed for 00:59:47 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 02 Mar 2021 23:03:45 -0600 (CST) X-Spam-Prev-Subject: You were recommended, Status: R X-Status: X-Keywords: X-UID: 138 Content-Length: 1033
Good day,
Somebody  recommended you by a mutual associate. I write you regarding an investment of bearer bonds I made on behalf of a client. The investment was made in 2010 and has been under my management.
 
The said investor is deceased. The window is now available to assign these bonds to any name or company of my choice. I have all the necessary information to achieve this within 10 banking days.
 
The total value of the bond is 50 million pounds sterling, in a million pound denominations.
 
If you can handle this, do contact me at your earliest convenience via my Email: mgabrielarthurr@gmail.com
 
Thanks
 
Gabriel  Arthur
 From jhardin@impsec.org Fri Mar 5 05:47:43 2021 -0300 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 40469 invoked by uid 99); 5 Mar 2021 08:48:16 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Mar 2021 08:48:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 608F3C02DD for ; Fri, 5 Mar 2021 08:48:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.602 X-Spam-Level: *** X-Spam-Status: No, score=3.602 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id L8yaLPXq5XPc for ; Fri, 5 Mar 2021 08:48:14 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=164.73.128.21; helo=ku.seciu.edu.uy; envelope-from=contaduria@udelar.edu.uy; receiver= Received: from ku.seciu.edu.uy (mta.seciu.edu.uy [164.73.128.21]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 92022BD062 for ; Fri, 5 Mar 2021 08:48:13 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by ku.seciu.edu.uy (Postfix) with ESMTP id 3DE001E0CCB; Fri, 5 Mar 2021 05:48:00 -0300 (-03) Received: from ku.seciu.edu.uy ([127.0.0.1]) by localhost (ku.seciu.edu.uy [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8FeCWFHLpJeV; Fri, 5 Mar 2021 05:47:58 -0300 (-03) Received: from localhost (localhost.localdomain [127.0.0.1]) by ku.seciu.edu.uy (Postfix) with ESMTP id C4F651E0CA8; Fri, 5 Mar 2021 05:47:56 -0300 (-03) X-Virus-Scanned: amavisd-new at ku.seciu.edu.uy Received: from ku.seciu.edu.uy ([127.0.0.1]) by localhost (ku.seciu.edu.uy [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QOsX6gboAjxf; Fri, 5 Mar 2021 05:47:56 -0300 (-03) Received: from tumby.seciu.edu.uy (unknown [10.105.0.17]) by ku.seciu.edu.uy (Postfix) with ESMTP id F28721E0BF3; Fri, 5 Mar 2021 05:47:43 -0300 (-03) Date: Fri, 5 Mar 2021 05:47:43 -0300 (UYT) From: Mavis Reply-To: Mavis Message-ID: <926954650.7310155.1614934063677.JavaMail.zimbra@udelar.edu.uy> Subject: =?utf-8?Q?Vous_avez_un_don_de_5_800_000,00_=E2=82=AC?= MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_e2a43681-a2dc-47c7-abc2-6fa7d477fa1e" X-Originating-IP: [45.56.148.32] X-Mailer: Zimbra 8.8.15_GA_3975 (zclient/8.8.15_GA_3975) Thread-Index: EQVmEHjkwFyq067YpeUMPQgde3KPQg== Thread-Topic: Vous avez un don de 5 800 000,00 =?utf-8?B?4oKs?= Status: X-Status: X-Keywords: X-UID: 139 Content-Length: 1075 --=_e2a43681-a2dc-47c7-abc2-6fa7d477fa1e Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Vous avez un don de 5 800 000,00 =E2=82=AC. de Mavis Wanczyk r=C3=A9pondez = avec ce code [MW530342019] pour recevoir le don Sie haben eine Spende von =E2=82=AC 5.800.000,00. von Mavis Wanczyk antwort= en Sie mit diesem Code [MW530342019], um die Spende zu erhalten --=_e2a43681-a2dc-47c7-abc2-6fa7d477fa1e Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable


Vous avez un don de 5 800 000,00 = =E2=82=AC. de Mavis Wanczyk r=C3=A9pondez avec ce code [MW530342019] pour r= ecevoir le don

Sie haben eine Spende von =E2=82=AC= 5.800.000,00. von Mavis Wanczyk antworten Sie mit diesem Code [MW530342019= ], um die Spende zu erhalten
--=_e2a43681-a2dc-47c7-abc2-6fa7d477fa1e-- From mrssarabenjamain123@gmail.com Sun Mar 7 09:05:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.1 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_PASS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6379] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.219.174 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.219.174 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrssarabenjamain123[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [benjaminsarah195[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mrssarabenjamain123[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 127F5IFC046939 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 7 Mar 2021 09:05:24 -0600 Received: by mail-yb1-f174.google.com with SMTP id x19so7484398ybe.0 for ; Sun, 07 Mar 2021 07:05:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=cvjAFSZ3j7cNgC/JTD/zyOKKP4pi7/nXrzj0JhFk9gE=; b=TDU9tcm6NtvDAO6tP8q5nK+M0526dRb4NkeFBGZIdaMDYq6VoOr/iOTRInnAk6Qlbt 6wMSfRVvULyok7yKquIglq2/6oqdtOgtkVMfeyrV4gZqsI08vudVovTBg+2dbhumwg2r IVNbIhJjF8n+iYyMjXxxoA+oh8nmlkcc0q+8Y2edbnLfZltik+kj+iIiCsbJ5XzxXReV CT1aR1PUIYhFq13NlrKXq2uVFBXG/DQlX2ZL9+4paTQZDa4sDxYslUdgWFEatRflLQ/3 ylxA0RFALU8iLITfTX4iwzE6puaoQiFFVYKKhXMW+dqlN++L93B/OVJOywZxQlMYOOFX dyzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=cvjAFSZ3j7cNgC/JTD/zyOKKP4pi7/nXrzj0JhFk9gE=; b=HWvRaxsxRILKmL9QrNwmrI4uyL5mZjEcmoYLf1zt53+Qc/Nr4qq6JIsKEVrdqrA7/s X+qju7IAhJD7ilPctsnWteTW5g8XynpAn1DQ+CfP6v5chepXdR8I1pJ4gBHt0jB4L88W V/45VvqeHiL0UnEHJ1roo5fQ2NkqyTx8VMUn3OPmb1UQFkTlUAhLDZO5JLrgVspC21B1 qhyuQx5XZ6v1bBVnCPXrPk2Eic9ZujAoF7I2JfP9AfFNnWf9z5TTK3TaqswV3J+U6NJU mB796k9CKNYefnUh9GS7SJ20HcjoDKcQSaS7M6YmlaWMYb3CaJ3p3Zsgu7gNG7HZHhft yHDw== X-Gm-Message-State: AOAM530ozRKGtNeDKRJq87/Q0G50XtCWwtSbzfcPPhNykdUUCod5SsfZ cRiHU7B+U/HeaQjM1V779aIKrOve+OckSOQ7hAc= X-Google-Smtp-Source: ABdhPJwIsKYCZZAeN8w3v+gKX9cclIf4MDLGVW94M0tM3Jqu3rjV1w0B6E1mbFJ8MibQRiAA7Tbr0OchSVDun4MyfjY= X-Received: by 2002:a25:df15:: with SMTP id w21mr25134931ybg.241.1615129518107; Sun, 07 Mar 2021 07:05:18 -0800 (PST) MIME-Version: 1.0 Reply-To: benjaminsarah195@gmail.com From: benjamin sarah Date: Sun, 7 Mar 2021 15:08:11 +0000 Message-ID: Subject: [SPAM] Hello Beloved, To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="0000000000003170be05bcf3a56e" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Mar 2021 09:05:24 -0600 (CST) for IP:'209.85.219.174' DOMAIN:'mail-yb1-f174.google.com' HELO:'mail-yb1-f174.google.com' FROM:'mrssarabenjamain123@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Mar 2021 09:05:24 -0600 (CST) X-Spam-Prev-Subject: Hello Beloved, Status: R X-Status: X-Keywords: X-UID: 140 Content-Length: 1587 --0000000000003170be05bcf3a56e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Beloved, My name is Mrs benjamin sarah, 63 years old widow,I was diagnosed for cancer about 2 years ago AND have a few months to live as the tumor is spreading,as part of my legacy i have been touched by God to donate the last funds i inherited from my late husband to you for good work of God to charity/churches/ motherless babies/less privileged/widows... Please if you are ready to assist me distribute my funds of (=C2=A33.5, Million ) only ki= ndly reply me to my private email benjaminsarah195@gmail.com. so i can give you more details as this is real and true.. Yours truly benjamin sarah. --0000000000003170be05bcf3a56e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable --0000000000003170be05bcf3a56e-- From jhardin@impsec.org Sun Mar 7 10:20:50 2021 -1200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 90895 invoked by uid 99); 7 Mar 2021 22:45:37 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Mar 2021 22:45:37 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id AC8F0C034A for ; Sun, 7 Mar 2021 22:45:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 4.875 X-Spam-Level: **** X-Spam-Status: No, score=4.875 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FORGED_YAHOO_RCVD=1.022, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_BL_SPAMCOP_NET=2, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id bQ6hysDLT3lN for ; Sun, 7 Mar 2021 22:45:35 +0000 (UTC) Received-SPF: Neutral (mailfrom) identity=mailfrom; client-ip=84.205.223.158; helo=mail2.mindigital.gr; envelope-from=info@yahoo.com; receiver= Received: from mail2.mindigital.gr (mail2.mindigital.gr [84.205.223.158]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 1EA137FA31 for ; Sun, 7 Mar 2021 22:45:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail2.mindigital.gr (Postfix) with ESMTP id 5A19831AF2EA; Mon, 8 Mar 2021 00:21:40 +0200 (EET) Received: from mail2.mindigital.gr ([127.0.0.1]) by localhost (mail2.mindigital.gr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 4tEfFRChu_uA; Mon, 8 Mar 2021 00:21:40 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by mail2.mindigital.gr (Postfix) with ESMTP id 047AC31AF2E7; Mon, 8 Mar 2021 00:21:40 +0200 (EET) X-Virus-Scanned: amavisd-new at mindigital.gr Received: from mail2.mindigital.gr ([127.0.0.1]) by localhost (mail2.mindigital.gr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wMFFynoShOXU; Mon, 8 Mar 2021 00:21:39 +0200 (EET) Received: from [100.75.180.190] (unknown [106.210.33.186]) by mail2.mindigital.gr (Postfix) with ESMTPSA id B2C6931AF1D8; Mon, 8 Mar 2021 00:21:18 +0200 (EET) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: I am Sgt. Monica L. Brown i have a business proposal for you To: Recipients From: "Monica L" Date: Sun, 07 Mar 2021 10:20:50 -1200 Reply-To: st.monica@outlook.com Message-Id: <20210307222118.B2C6931AF1D8@mail2.mindigital.gr> Status: X-Status: X-Keywords: X-UID: 141 From zhangpeng@nucien.com Thu Mar 11 20:16:58 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.4 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FORGED_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HK_SCAM, HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,MONEY_FREEMAIL_REPTO, NSL_RCVD_FROM_USER,RCVD_IN_PSBL,RELAY_COUNTRY_CN,SPAM_BOOSTER_05, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [218.107.13.102 listed in psbl.surriel.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 HK_SCAM No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CN HK HK Received: from EXserver.nucien.com (EXSERVER.nucien.com [218.107.13.102]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12C2GrkV030609 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL) for ; Thu, 11 Mar 2021 20:16:58 -0600 Received: from User (45.249.91.166) by EXserver.nucien.com (172.16.29.2) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 12 Mar 2021 10:11:56 +0800 Reply-To: From: "Mr. Celic Erez" Subject: [SPAM] I NEED YOUR ASSISTANCE !!!! Date: Thu, 11 Mar 2021 18:11:07 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <330d7257bb35477984248c98eb33c689@EXserver.nucien.com> To: Undisclosed recipients:; X-Originating-IP: [45.249.91.166] X-ClientProxiedBy: EXserver.nucien.com (172.16.29.2) To EXserver.nucien.com (172.16.29.2) X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Mar 2021 20:16:58 -0600 (CST) for IP:'218.107.13.102' DOMAIN:'EXSERVER.nucien.com' HELO:'EXserver.nucien.com' FROM:'zhangpeng@nucien.com' RCPT:'' X-Greylist: Delayed for 00:05:33 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Mar 2021 20:16:58 -0600 (CST) X-Spam-Prev-Subject: I NEED YOUR ASSISTANCE !!!! Status: R X-Status: X-Keywords: X-UID: 142
Good day
    
My name is Celic Erez, a Board Member of ILBANK of Turkey.
    
A late investor of our bank died and left $13, 500,000.00 Million dollars in our bank some years ago and there was no any next of kin to claim this fund.
    
Please get back to me as soon as possible for more details if you are interested in my proposal.
    
    
Best Regards
    
Celic Erez
 From robert@gmail.com Thu Mar 11 20:32:39 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_95,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MALFORMED_FREEMAIL,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RDNS_NONE,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9591] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [robert[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.6 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN HK Received: from ydshf11.club ([119.45.201.212]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12C2WXmb031677 for ; Thu, 11 Mar 2021 20:32:38 -0600 Message-Id: <202103120232.12C2WXmb031677@ga.impsec.org> Received: from User ([45.249.91.185]) (envelope-sender ) by 10.206.0.3 with ESMTP for ; Fri, 12 Mar 2021 07:47:28 +0800 Reply-To: From: "Robert Cota" Subject: [SPAM] I AM SORRY TO ENCROACH IN TO YOUR PRIVACY Date: Thu, 11 Mar 2021 15:47:24 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Mar 2021 20:32:39 -0600 (CST) for IP:'119.45.201.212' DOMAIN:'[119.45.201.212]' HELO:'ydshf11.club' FROM:'robert@gmail.com' RCPT:'' X-Greylist: Delayed for 02:41:55 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 11 Mar 2021 20:32:39 -0600 (CST) X-Spam-Prev-Subject: I AM SORRY TO ENCROACH IN TO YOUR PRIVACY Status: R X-Status: X-Keywords: X-UID: 143 Hello Dear. I apologize if the content of my email is contrary to your moral ethics but I find it advantageous to offer you my partnership in business. I am CAPT Robert Cota, an officer in the US Army presently serving in the Military with the 82nd Airborne Division Peacekeeping Force here in Kabul. I need your help in assisting me with the safekeeping of Two Military Trunk Boxes. I hope you can be trusted? If you can be trusted, I will explain further when I get a response from you for further clarification. Nevertheless, please ensure to reply via my private email: (robertcota391@gmail.com). Thanks for your understanding and cooperation, God bless you and America!!! Best Regards, CPT Robert Cota US ARMY. From reply@spuredge.com Fri Mar 12 13:53:18 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.5 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,FORGED_SPF_HELO,HTML_MESSAGE,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_SBL,RDNS_DYNAMIC, SPAM_BOOSTER_05,SPAM_BOOSTER_08,SPF_HELO_PASS,SPF_SOFTFAIL, SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9996] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9996] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [216.38.7.243 listed in zen.spamhaus.org] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FORGED_SPF_HELO No description available. * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 2.6 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.1 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.9 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US US Received: from server.rogerhighseascontainers.com (162-241-211-105.unifiedlayer.com [162.241.211.105] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12CJrBmi038423 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 12 Mar 2021 13:53:18 -0600 Received: from [216.38.7.243] (port=54514 helo=spuredge.com) by server.rogerhighseascontainers.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1lKnqR-0006g0-22 for jhardin@impsec.org; Fri, 12 Mar 2021 19:53:11 +0000 From: Harald Paul To: jhardin@impsec.org Subject: [SPAM] BUSINESS PROPOSAL FOR MUTUAL BENEFITS! Date: 12 Mar 2021 11:53:09 -0800 Message-ID: <20210312115309.B67202AB311095A0@spuredge.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.rogerhighseascontainers.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - spuredge.com X-Get-Message-Sender-Via: server.rogerhighseascontainers.com: authenticated_id: info@sardsgroup.com X-Authenticated-Sender: server.rogerhighseascontainers.com: info@sardsgroup.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Mar 2021 13:53:18 -0600 (CST) for IP:'162.241.211.105' DOMAIN:'[162.241.211.105]' HELO:'server.rogerhighseascontainers.com' FROM:'reply@spuredge.com' RCPT:'' X-Greylist: Delayed for 29:37:07 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Mar 2021 13:53:18 -0600 (CST) X-Spam-Prev-Subject: BUSINESS PROPOSAL FOR MUTUAL BENEFITS! Status: R X-Status: X-Keywords: X-UID: 144 Content-Length: 5501

Hello,
 
I'm Harald Paul, working with Virtue Pro Pharmaceuticals and laboratories LLC as a&nbs= p;research consultant. Our company is one of the most respected and in= digenous multi-million dollar pharma company, manufacturing well over = hundreds of various lifesaving bio pharmaceutical products and medical cons= umables, in the light of this i have a business proposal for you which= is worth a reasonable amount. On receipt of your acknowledgement of this e= mail, I shall divulge in details the intent for=20 your consideration. Your reply should be directed to my private email at:= ( haraldpaul21@proton= mail.ch )

Please give me the opportunity to explain to you in details what the busin= ess is all about by replying back to my private email as stated above.
= Note: You have the right to quit at the end of my detailed explanation= s if you don't feel like moving forward with me. But Trust me, you won= 't regret it.

Thank you.
 
Harald= Paul,
Research Consultant<= br> Virtue Pro Pharmaceuticals & Laboratories LLC.


From robert@gmail.com Fri Mar 12 14:19:30 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_95,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MALFORMED_FREEMAIL,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RCVD_IN_SBL_CSS,RDNS_NONE,RELAY_COUNTRY_CN, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9590] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [45.249.91.185 listed in zen.spamhaus.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [robert[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.3 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN HK Received: from egsds1.club ([119.45.105.166]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12CKJQWo041038 for ; Fri, 12 Mar 2021 14:19:30 -0600 Message-Id: <202103122019.12CKJQWo041038@ga.impsec.org> Received: from User ([45.249.91.185]) (envelope-sender ) by 10.206.0.5 with ESMTP for ; Fri, 12 Mar 2021 22:49:42 +0800 Reply-To: From: "Robert Cota" Subject: [SPAM] I AM SORRY TO ENCROACH IN TO YOUR PRIVAC Date: Fri, 12 Mar 2021 04:50:00 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Mar 2021 14:19:30 -0600 (CST) for IP:'119.45.105.166' DOMAIN:'[119.45.105.166]' HELO:'egsds1.club' FROM:'robert@gmail.com' RCPT:'' X-Greylist: Delayed for 05:21:53 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Mar 2021 14:19:30 -0600 (CST) X-Spam-Prev-Subject: I AM SORRY TO ENCROACH IN TO YOUR PRIVAC Status: R X-Status: X-Keywords: X-UID: 145 Hello Dear. I apologize if the content of my email is contrary to your moral ethics but I find it advantageous to offer you my partnership in business. I am CAPT Robert Cota, an officer in the US Army presently serving in the Military with the 82nd Airborne Division Peacekeeping Force here in Kabul. I need your help in assisting me with the safekeeping of Two Military Trunk Boxes. I hope you can be trusted? If you can be trusted, I will explain further when I get a response from you for further clarification. Nevertheless, please ensure to reply via my private email: (robertcota391@gmail.com). Thanks for your understanding and cooperation, God bless you and America!!! Best Regards, CPT Robert Cota US ARMY. From Customercare@econet.co.zw Sat Mar 13 22:47:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.6 required=5.0 tests=ADVANCE_FEE_5_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, DEAR_FRIEND,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL, RCVD_IN_SBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_RU,SPAM_BOOSTER_04, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_PASS,UNDISC_FREEM,UNDISC_MONEY, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [77.246.51.158 listed in psbl.surriel.com] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [165.231.148.189 listed in zen.spamhaus.org] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [77.246.51.158 listed in bl.mailspike.net] * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [77.246.51.158 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem9999[at]naver.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.7 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: ZW ** ** ** RU Received: from ironportDMZ.econet.co.zw (smtp.econet.co.zw [77.246.51.158]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12E4lHIV026414 for ; Sat, 13 Mar 2021 22:47:22 -0600 IronPort-SDR: /fU6L5R8FYQOIFkGmrXVexGVMRaF6vVVhcAJ+xxoLBCEfhbdvSARtmEbrEhJkAVnSmQwtb7G28 fKsBZOfH+X8H7VT9BWLrfwpkacxv/UlZLXL3/o7nf0jjk2UizSQBuNaYhFsy2LumFPJA0lyjWl lKOxPECDSqEFoIX3hLs6Ij+7KbzJOBZiyQOES/sssRUJvNlqZ8R0n9lf+QPEHPBDzEzB7WHZSF Jy62/XY/G8DWrO/Ui++WOBj1tNVdAARQk50bi6dzHip59er79rcxPLpa7yCZQvnfjbgOzFsigI UUQ= IronPort-HdrOrdr: A9a23:PQw4s6OrqutgccBcTmGjsMiAIKoaSvp033AA0UdtRRtJNvGCn8 e1k/gBkTPygjAdWHYv8OrwWpWoa3Xa6JJz/M0tLa6vNTOW21eAAYl+4eLZogHINDb58odmup tIV4hbJJnOAUNhjcD8iTPZL/8FzMOc+K6lwcfypk0dND1CUK1r4wdnBgvzKCQfL2MqObMDGI OY9o57oVObFUg/VcinGmIDG9HKutyjruOcXTc9GxUl5AOS5AnH1JfGFXGjr28jegIK5Y0H+W jB1zXj5qO5s+yqoyWss1P73tBzkNvlxsArPr3qtuElbhHtjgqPQagJYczlgBkF5Ni16FAwkM Tdyi1QWvhO1w== X-IronPort-AV: E=Sophos;i="5.81,245,1610402400"; d="scan'208";a="3962859" Received: from unknown (HELO WVALE-MB-SVR-05.econetzw.local) ([192.168.101.173]) by ironportLAN.econet.co.zw with ESMTP; 14 Mar 2021 06:39:53 +0200 Received: from WVALE-MB-SVR-10.econetzw.local (192.168.101.149) by WVALE-MB-SVR-05.econetzw.local (192.168.101.173) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 14 Mar 2021 06:39:52 +0200 Received: from WVALE-CAS-SVR-9.econetzw.local (192.168.101.184) by wvale-mb-svr-10.econetzw.local (192.168.101.149) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 14 Mar 2021 06:39:48 +0200 Received: from User (165.231.148.189) by WVALE-CAS-SVR-9.econetzw.local (10.10.11.230) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Sun, 14 Mar 2021 06:40:00 +0200 Reply-To: From: "Reem E. A" Subject: [SPAM] Very Important!! Date: Sun, 14 Mar 2021 05:39:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <8ccfbfae8ee249be9d300458589cc5bd@WVALE-CAS-SVR-9.econetzw.local> To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Mar 2021 22:47:22 -0600 (CST) for IP:'77.246.51.158' DOMAIN:'smtp.econet.co.zw' HELO:'ironportDMZ.econet.co.zw' FROM:'Customercare@econet.co.zw' RCPT:'' X-Greylist: Delayed for 00:07:18 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Mar 2021 22:47:22 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12E4lHIV026414 X-Spam-Prev-Subject: Very Important!! Status: R X-Status: X-Keywords: $Forwarded X-UID: 146 Content-Length: 2784 Dear Friend My name is Ms. Reem Ebrahim Al-Hashimi, I am the "Minister of state for International Cooperation" in UAE. I write to you on behalf of my other "two (2) colleagues" who has Authorized me to solicit for your "partnership in claiming of {us$47=Million}" from a Financial Home on their behalf and for our "Mutual Benefits". The said Fund {us$47=Million} is our share from the (over-invoiced) Oil/Gas deal with Turkish Government within 2013/2014. Because of the nature of the deal we don't want our government to know about the fund that is why we decided to contact you. If this proposal interests you, let me know, by sending me an email and I will send to you detailed information on how this business would be successfully transacted. Be informed that nobody knows about the secret of this fund except us, and we know how to carry out the entire transaction. So I am compelled to ask, that you will stand on our behalf and receive this fund into any account that is solely controlled by you. We will compensate you with 15% of the total amount involved as gratification for being our partner in this transaction. Reply to: reem2744@yandex.com Regards, Ms. Reem. This mail was sent through Econet Wireless, a Global telecoms leader. DISCLAIMER The information in this message is confidential and is legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If received in error please accept our apologies and notify the sender immediately. You must also delete the original message from your machine. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken in reliance of it, is prohibited and may be unlawful. The information, attachments, opinions or advice contained in this email are not the views or opinions of Econet Wireless, its subsidiaries or affiliates. Econet Wireless therefore accepts no liability for claims, losses, or damages arising from the inaccuracy, incorrectness, or lack of integrity of such information. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/AgileBanner.png] WORK ISN'T A PLACE IT'S WHAT WE DO ________________________________ Customercare [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/telephone.png] [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/email.png] Customercare@econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/location.png] No. 2 Old Mutare Road, Msasa, Harare, Zimbabwe. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/website.png] www.econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/inspired.jpg] From Customercare@econet.co.zw Sat Mar 13 22:47:52 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=50.6 required=5.0 tests=ADVANCE_FEE_5_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, DEAR_FRIEND,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL, RCVD_IN_SBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_RU,SPAM_BOOSTER_04, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_PASS,UNDISC_FREEM,UNDISC_MONEY, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [77.246.51.158 listed in bl.mailspike.net] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [77.246.51.158 listed in psbl.surriel.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [165.231.148.189 listed in zen.spamhaus.org] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [77.246.51.158 listed in bl.score.senderscore.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem9999[at]naver.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.7 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: ZW ** ** ** RU Received: from ironportDMZ.econet.co.zw (smtp.econet.co.zw [77.246.51.158]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12E4llGg026429 for ; Sat, 13 Mar 2021 22:47:51 -0600 IronPort-SDR: LH9sUjWfAvwhqCFLSH3DWvWhXI8tAzk+XDxz7xvhvkmWWkpaZ8aZNueNj1sHjqVg8k2rfPervw D00ZuEhT3v5+E1xRURpJ82T3FiVZw576EUtjPVoBM6iR8IQexQOtepGmDPwCi0CS9wj2L02bkO zRWK3I+Eya+nNH0TAGQucxMFwuP7NKAV+5uoscvT/oXToINn+Oqfm6lC759hlXytUHFVZtStL3 YqbY4IReAV3dTStzr3mLSKpyWW9IDwbaCYTFnPYbuzY9Az5H/YnOmVkcm+QGVrv5SacpUcReW8 Wos= IronPort-HdrOrdr: A9a23:mkh8vKu/HLw5e9vtt57fZqyx7skD5tV00zAX/kB9WHVpW+afkN 2jm+le6A/shF8qKRYdsP2jGI3Fe3PT8pZp/ZIcVI3JYCDKsHalRbsO0aLM2DvlcheQysd51b 18N5R4EsH6F1Jgjc33iTPIduoI5Pmi3OSWifzFz3FrJDsaD51IywtiEA6UHglXaWB9ZaYRL5 aX6spZqzfIQx1+BfiTPXUdWviGmtujrvzbSCQbDB0q4hTmt1KVwYP9eiL14j4uFxdGwbIv6g H+4m7Ez5Tmiuq6zATdyn+71eU0pOfc X-IronPort-AV: E=Sophos;i="5.81,245,1610402400"; d="scan'208";a="3963420" Received: from unknown (HELO WVALE-MB-SVR-05.econetzw.local) ([192.168.101.173]) by ironportLAN.econet.co.zw with ESMTP; 14 Mar 2021 06:40:28 +0200 Received: from WVALE-MB-SVR-10.econetzw.local (192.168.101.149) by WVALE-MB-SVR-05.econetzw.local (192.168.101.173) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 14 Mar 2021 06:40:28 +0200 Received: from WVALE-CAS-SVR-9.econetzw.local (192.168.101.184) by wvale-mb-svr-10.econetzw.local (192.168.101.149) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 14 Mar 2021 06:40:25 +0200 Received: from User (165.231.148.189) by WVALE-CAS-SVR-9.econetzw.local (10.10.11.230) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Sun, 14 Mar 2021 06:40:31 +0200 Reply-To: From: "Reem E. A" Subject: [SPAM] Very Important!! Date: Sun, 14 Mar 2021 05:40:24 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <3662ece7f52f4e52bb206727bd33d036@WVALE-CAS-SVR-9.econetzw.local> To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Mar 2021 22:47:52 -0600 (CST) for IP:'77.246.51.158' DOMAIN:'smtp.econet.co.zw' HELO:'ironportDMZ.econet.co.zw' FROM:'Customercare@econet.co.zw' RCPT:'' X-Greylist: Delayed for 00:07:18 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 13 Mar 2021 22:47:52 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12E4llGg026429 X-Spam-Prev-Subject: Very Important!! Status: R X-Status: X-Keywords: $Forwarded X-UID: 147 Content-Length: 2784 Dear Friend My name is Ms. Reem Ebrahim Al-Hashimi, I am the "Minister of state for International Cooperation" in UAE. I write to you on behalf of my other "two (2) colleagues" who has Authorized me to solicit for your "partnership in claiming of {us$47=Million}" from a Financial Home on their behalf and for our "Mutual Benefits". The said Fund {us$47=Million} is our share from the (over-invoiced) Oil/Gas deal with Turkish Government within 2013/2014. Because of the nature of the deal we don't want our government to know about the fund that is why we decided to contact you. If this proposal interests you, let me know, by sending me an email and I will send to you detailed information on how this business would be successfully transacted. Be informed that nobody knows about the secret of this fund except us, and we know how to carry out the entire transaction. So I am compelled to ask, that you will stand on our behalf and receive this fund into any account that is solely controlled by you. We will compensate you with 15% of the total amount involved as gratification for being our partner in this transaction. Reply to: reem2744@yandex.com Regards, Ms. Reem. This mail was sent through Econet Wireless, a Global telecoms leader. DISCLAIMER The information in this message is confidential and is legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If received in error please accept our apologies and notify the sender immediately. You must also delete the original message from your machine. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken in reliance of it, is prohibited and may be unlawful. The information, attachments, opinions or advice contained in this email are not the views or opinions of Econet Wireless, its subsidiaries or affiliates. Econet Wireless therefore accepts no liability for claims, losses, or damages arising from the inaccuracy, incorrectness, or lack of integrity of such information. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/AgileBanner.png] WORK ISN'T A PLACE IT'S WHAT WE DO ________________________________ Customercare [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/telephone.png] [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/email.png] Customercare@econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/location.png] No. 2 Old Mutare Road, Msasa, Harare, Zimbabwe. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/website.png] www.econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/inspired.jpg] From Customercare@econet.co.zw Sun Mar 14 06:55:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.7 required=5.0 tests=ADVANCE_FEE_5_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, DEAR_FRIEND,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_RP_RNBL, RCVD_IN_SBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_RU,SPAM_BOOSTER_04, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_PASS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [165.231.148.189 listed in zen.spamhaus.org] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [77.246.51.158 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, * https://senderscore.org/blacklistlookup/ * [77.246.51.158 listed in bl.score.senderscore.com] * 2.5 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [77.246.51.158 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem9999[at]naver.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.7 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) * 1.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: ZW ** ** RU Received: from ironportDMZ.econet.co.zw (smtp.econet.co.zw [77.246.51.158]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12ECtX2O034471 for ; Sun, 14 Mar 2021 06:55:37 -0600 IronPort-SDR: W/vB8HNy+AciXOjB+4c5TqiagopnKAzNoTt+gFzOP34LP7sLunKc0TSX7qqruhbWjvhJUnUzsU Tk+hhp+8T/lqBjQ7wUdTPvQIhOZN0o0wqRM+CAbkIpC1AV7XXYheOAj3+7ZO36vnElmf1mQ++r l0kVtEvrzH+omFrhwqflnP/gfabzMbjL5hkUVjw30QSotM5Yhjia3JHv1FnijIs4vm96l0Ilz7 UPTCBznk0yOwikxFpoTfdG+qOJ18gcScDWcA9qrNu9UhLA1Z7DakYF57m4+hFwJn8VM2toWopr /o0= IronPort-HdrOrdr: A9a23:nBX20ap5EINTZO9llSonBzIaV5rReYIsi2QD101hICF9WMqeis yogbAnzhfykjkcQzUNntqHNamGTxrnlKJdy48XILukQU3aqHKlRbsN0aLOyyDtcheTysdzzq FlGpIUNPTVLXxXyfn3+xO5FdFI+ra62Zulj+vf0HthJDsCA51I1RtzCQqQDyRNKTVuOJxRLv Chz/sCgzKhfHgNB/7aOlA1G9L7j/nsqK+jSzsvPSRP0njssQ+V X-IronPort-AV: E=Sophos;i="5.81,245,1610402400"; d="scan'208";a="4445519" Received: from unknown (HELO wvale-jmb-svr-1.econetzw.local) ([192.168.101.35]) by ironportLAN.econet.co.zw with ESMTP; 14 Mar 2021 14:48:04 +0200 Received: from WVALE-CAS-SVR-9.econetzw.local (192.168.101.184) by wvale-jmb-svr-1.econetzw.local (192.168.101.35) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 14 Mar 2021 14:48:03 +0200 Received: from User (165.231.148.189) by WVALE-CAS-SVR-9.econetzw.local (10.10.11.230) with Microsoft SMTP Server id 15.0.1473.3 via Frontend Transport; Sun, 14 Mar 2021 14:48:16 +0200 Reply-To: From: "Reem E. A" Subject: [SPAM] Very Important!! Date: Sun, 14 Mar 2021 13:48:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 14 Mar 2021 06:55:38 -0600 (CST) for IP:'77.246.51.158' DOMAIN:'smtp.econet.co.zw' HELO:'ironportDMZ.econet.co.zw' FROM:'Customercare@econet.co.zw' RCPT:'' X-Greylist: Delayed for 00:07:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 14 Mar 2021 06:55:38 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12ECtX2O034471 X-Spam-Prev-Subject: Very Important!! Status: R X-Status: X-Keywords: $Forwarded X-UID: 148 Content-Length: 2784 Dear Friend My name is Ms. Reem Ebrahim Al-Hashimi, I am the "Minister of state for International Cooperation" in UAE. I write to you on behalf of my other "two (2) colleagues" who has Authorized me to solicit for your "partnership in claiming of {us$47=Million}" from a Financial Home on their behalf and for our "Mutual Benefits". The said Fund {us$47=Million} is our share from the (over-invoiced) Oil/Gas deal with Turkish Government within 2013/2014. Because of the nature of the deal we don't want our government to know about the fund that is why we decided to contact you. If this proposal interests you, let me know, by sending me an email and I will send to you detailed information on how this business would be successfully transacted. Be informed that nobody knows about the secret of this fund except us, and we know how to carry out the entire transaction. So I am compelled to ask, that you will stand on our behalf and receive this fund into any account that is solely controlled by you. We will compensate you with 15% of the total amount involved as gratification for being our partner in this transaction. Reply to: reem2744@yandex.com Regards, Ms. Reem. This mail was sent through Econet Wireless, a Global telecoms leader. DISCLAIMER The information in this message is confidential and is legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If received in error please accept our apologies and notify the sender immediately. You must also delete the original message from your machine. If you are not the intended recipient, any use, disclosure, copying, distribution or action taken in reliance of it, is prohibited and may be unlawful. The information, attachments, opinions or advice contained in this email are not the views or opinions of Econet Wireless, its subsidiaries or affiliates. Econet Wireless therefore accepts no liability for claims, losses, or damages arising from the inaccuracy, incorrectness, or lack of integrity of such information. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/AgileBanner.png] WORK ISN'T A PLACE IT'S WHAT WE DO ________________________________ Customercare [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/telephone.png] [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/email.png] Customercare@econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/location.png] No. 2 Old Mutare Road, Msasa, Harare, Zimbabwe. [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/website.png] www.econet.co.zw [https://mail.econet.co.zw/OWA/auth/current/themes/resources/Agile/inspired.jpg] From jhardin@impsec.org Mon Mar 15 04:45:19 2021 -0500 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 94715 invoked by uid 99); 15 Mar 2021 13:20:15 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Mar 2021 13:20:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 2CE0CC02D5 for ; Mon, 15 Mar 2021 13:20:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 5.139 X-Spam-Level: ***** X-Spam-Status: No, score=5.139 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_2_NEW_MONEY=1.355, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MISSING_HEADERS=1.207, MONEY_FREEMAIL_REPTO=0.38, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=pomalca.com.pe Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id TruhkvJXH9IG for ; Mon, 15 Mar 2021 13:20:14 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=200.4.208.130; helo=mail.pomalca.com.pe; envelope-from=pdavila@pomalca.com.pe; receiver= Received: from mail.pomalca.com.pe (mail.pomalca.com.pe [200.4.208.130]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 9E109BD0B1 for ; Mon, 15 Mar 2021 13:20:13 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.pomalca.com.pe (Postfix) with ESMTP id D7BB228BD860; Mon, 15 Mar 2021 04:45:26 -0500 (-05) Received: from mail.pomalca.com.pe ([127.0.0.1]) by localhost (mail.pomalca.com.pe [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8i2qkhcujr0B; Mon, 15 Mar 2021 04:45:26 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.pomalca.com.pe (Postfix) with ESMTP id D9C5628BD81E; Mon, 15 Mar 2021 04:45:23 -0500 (-05) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.pomalca.com.pe D9C5628BD81E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pomalca.com.pe; s=E5987640-479D-11E9-9529-CC87624CD35D; t=1615801524; bh=caWtZmItMfNV9OmU3RrpL2G+OxKcOI6ltTRYeJ7NSGk=; h=Date:From:Message-ID:MIME-Version; b=rCSHomXWwYFXt/gCCd/Y8gfWHCYad08hj1v1dOsXx+NEAwuO0ESADzSK5P+YHvShm AcpnocKee6jW4mF9b5tZoZzW2wvZ4AY+e0Kv5iO3p+uqMt0GfuCxH4APERNf/DtVOW u9wfhlBhNQ53W4D3nuK2KJoeoK4jwgoKjQ6+HlTln9/nf+G+Pjopjyyublj6gvXLcq rTZYZPEbJCIdeWAWD9616GbEohIgKktHwq4L1aOEDwpHhPwr53ALojrygZxgr3LzTy iwZ/FWiOwPoLXEYabm/2oPo5G6zpwruRJ0KIpynjLoIoSC9J8tw5kTWiVCk7TdIFJw gsa30SMtgUCmQ== X-Virus-Scanned: amavisd-new at pomalca.com.pe Received: from mail.pomalca.com.pe ([127.0.0.1]) by localhost (mail.pomalca.com.pe [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id V_goxzfsCNHC; Mon, 15 Mar 2021 04:45:23 -0500 (-05) Received: from mail.pomalca.com.pe (mail.pomalca.com.pe [192.168.1.4]) by mail.pomalca.com.pe (Postfix) with ESMTP id 231EE28BD7E8; Mon, 15 Mar 2021 04:45:20 -0500 (-05) Date: Mon, 15 Mar 2021 04:45:19 -0500 (PET) From: Steve Thomson Reply-To: Steve Thomson Message-ID: <1690313316.734389.1615801519871.JavaMail.zimbra@pomalca.com.pe> Subject: MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_91b14b0d-9fb0-4d2d-8876-5b2061ca3ac8" X-Originating-IP: [192.168.1.4] X-Mailer: Zimbra 8.8.9_GA_3717 (zclient/8.8.9_GA_3717) Thread-Index: 3IruqajIIf8aEbSL8sGssP5gIkjNrQ== Thread-Topic: Status: X-Status: X-Keywords: X-UID: 149 Content-Length: 2123 --=_91b14b0d-9fb0-4d2d-8876-5b2061ca3ac8 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Greetings, You have won a donation amount of =C2=A3800,000.00 We are pleased to inform you that an amount of =C2=A3800,000.00 (GBP) has b= een donated and given, gifted to you and your family by Steve & Lenka Thoms= on, who won the EuroMillions jackpot, lottery of =C2=A3105,100,701.90 Euro = Millions, part of this donation, it is for you and your family. This donati= on is to help fight against CoronaVirus COVID -19 pandemic in the world, an= d help the poor people off the streets, also to contribute to poverty reduc= tion, public donations, public charity, orphanages, less privileged and hel= p poor individuals in your community please contact her to claim the money = via email for more details: steve.lenkathomson11@outlook.com Regards, Steve Thomson --=_91b14b0d-9fb0-4d2d-8876-5b2061ca3ac8 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

<= div>

Greetings,

= You have won a donation amount of =C2=A3800,000.00

We are pleased to inform you that an amount of =C2=A3800,000.00 (GBP) has = been donated and given, gifted to you and your family by Steve & Lenka = Thomson, who won the EuroMillions jackpot, lottery of =C2=A3105,100,701.90 = Euro Millions, part of this donation, it is for you and your family. This d= onation is to help fight against CoronaVirus COVID -19 pandemic in the worl= d, and help the poor people off the streets, also to contribute to poverty = reduction, public donations, public charity, orphanages, less privileged an= d help poor individuals in your community please contact her to claim the m= oney via email for more details: steve.lenkathomson11@outlook.com

Regards,
Steve Thomson
--=_91b14b0d-9fb0-4d2d-8876-5b2061ca3ac8-- From gmgonzalez@tvpublica.com.ar Tue Mar 16 02:33:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 12G9X2Fm007339 for ; Tue, 16 Mar 2021 02:33:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********* X-Spam-Status: Yes, score=9.2 required=5.0 tests=BAYES_95,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,MISSING_HEADERS,RDNS_DYNAMIC, RELAY_COUNTRY_AR,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9726] * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [naomiiwasaki181[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: AR ** ** ** ** ** ** ** ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 16 Mar 2021 02:33:02 -0700 (PDT) Received: from proxmoxmail.rtanet.com.ar (host213.181-15-247.tvpublica.com.ar [181.15.247.213]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12G9WXaJ036739 for ; Tue, 16 Mar 2021 03:32:42 -0600 Received: from proxmoxmail.rtanet.com.ar (localhost.localdomain [127.0.0.1]) by proxmoxmail.rtanet.com.ar (Proxmox) with ESMTP id 3F6DC22DE5; Tue, 16 Mar 2021 04:57:52 -0300 (-03) Received: from zmta.rtanet.com.ar (unknown [192.168.210.60]) by proxmoxmail.rtanet.com.ar (Proxmox) with ESMTP id 1DF5C22DBB; Tue, 16 Mar 2021 04:57:52 -0300 (-03) Received: from localhost (localhost.localdomain [127.0.0.1]) by zmta.rtanet.com.ar (Postfix) with ESMTP id D35F41243C6; Tue, 16 Mar 2021 07:57:51 +0000 (UTC) Received: from zmta.rtanet.com.ar ([127.0.0.1]) by localhost (zmta.rtanet.com.ar [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id QqPb1tooKLNQ; Tue, 16 Mar 2021 07:57:51 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by zmta.rtanet.com.ar (Postfix) with ESMTP id 0914E1242E0; Tue, 16 Mar 2021 07:57:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.10.3 zmta.rtanet.com.ar 0914E1242E0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tvpublica.com.ar; s=F9E9B490-5670-11E6-BEF1-2AE56061AF3A; t=1615881470; bh=7r4zV5MY+UicFIuln1AGl/4yDd+SejISOjuhtHDnoSY=; h=Date:From:Message-ID:MIME-Version; b=b89ljZo7UgD8s7yJpZrBChrRuvwxm74cPYIMK8tFUSLR+xTrJTX43h+z4Oy4/hKFK 5hMdaol1qP7cwgnurc1IBY9i4ttSJJY08Vwv3+Jc/caTy/YPwkiZ4fDrvV5ybDG7z/ 0j9SoP0gBx4y2+bJ7HKYgeQjpZj2V0OyKFg4iEvKftakv63moPIKUMjKNR8x7R1GI0 IW6QC03kkIvXnqg2kay6TfsKzMilE1flf/BLYnNPyC6gYVrfr38eUH6w7OZRbU6Gtr cVHwi7xvs91DPH9I7el8fxqDjYEGAe1NqBCrUIQ5oefsErYln0h8BnBDwF8fKCU0/F 7XMiazEpnc/tQ== X-Virus-Scanned: amavisd-new at zmta.rtanet.com.ar Received: from zmta.rtanet.com.ar ([127.0.0.1]) by localhost (zmta.rtanet.com.ar [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ewpEJ8HLHr0T; Tue, 16 Mar 2021 07:57:49 +0000 (UTC) Received: from zs1.rtanet.com.ar (unknown [192.168.200.60]) by zmta.rtanet.com.ar (Postfix) with ESMTP id 1AE541214C9; Tue, 16 Mar 2021 07:57:45 +0000 (UTC) Date: Tue, 16 Mar 2021 03:57:45 -0400 (EDT) From: Naomi Iwasaki Reply-To: Naomi Iwasaki Message-ID: <394152049.64783.1615881465050.JavaMail.zimbra@tvpublica.com.ar> Subject: [SPAM] Hello MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_70f118bb-0a43-44a2-aa9a-24bb9f055075" X-Originating-IP: [192.168.210.60] X-Mailer: Zimbra 8.7.11_GA_1854 (zclient/8.7.11_GA_1854) Thread-Index: diuGx9ZhX/nFyb+nJaUfDCgkyhMBog== Thread-Topic: Hello X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 03:32:42 -0600 (CST) for IP:'181.15.247.213' DOMAIN:'host213.181-15-247.tvpublica.com.ar' HELO:'proxmoxmail.rtanet.com.ar' FROM:'gmgonzalez@tvpublica.com.ar' RCPT:'' X-Greylist: Delayed for 01:03:04 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 03:32:42 -0600 (CST) X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 150 Content-Length: 1250 --=_70f118bb-0a43-44a2-aa9a-24bb9f055075 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello, How are you doing today? I am Naomi Iwasaki. I am sorry for contacting you directly to your email. I have a very genuine and Lucrative opportunity that won't distract you from your daily schedule. I will like to talk to you about something very important. Please acknowledge my email so I can provide you with details. I await your response. Best Regards, Naomi Iwasaki. --=_70f118bb-0a43-44a2-aa9a-24bb9f055075 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit



Hello,
How are you doing today? I am Naomi Iwasaki. I am sorry for contacting you directly to your email. I have a very genuine and Lucrative opportunity that won't distract you from your daily schedule. I will like to talk to you about something very important. Please acknowledge my email so I can provide you with details.
I await your response.
Best Regards,
Naomi Iwasaki.
--=_70f118bb-0a43-44a2-aa9a-24bb9f055075-- From sn@turuncuholding.com Tue Mar 16 01:34:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_80,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET,RELAY_COUNTRY_TR, RELAY_COUNTRY_ZA,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8863] * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TR ZA Received: from mail.turuncuholding.com (mail.turuncuholding.com [212.174.183.142]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12G7Y35j028600 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 16 Mar 2021 01:34:07 -0600 Received: from [192.168.8.120] ([105.4.7.142]) by mail.turuncuholding.com (IceWarp 11.0.1.1 x64) with ASMTP id 202103161033587097; Tue, 16 Mar 2021 10:33:58 +0300 Content-Type: multipart/alternative; boundary="===============1796783726==" MIME-Version: 1.0 Subject: [SPAM] Attn: To: Recipients From: sn@turuncuholding.com Date: Tue, 16 Mar 2021 15:33:41 +0800 Reply-To: nckniem@gmail.com Message-ID: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 01:34:11 -0600 (CST) for IP:'212.174.183.142' DOMAIN:'mail.turuncuholding.com' HELO:'mail.turuncuholding.com' FROM:'sn@turuncuholding.com' RCPT:'' X-Greylist: Delayed for 00:37:41 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 01:34:11 -0600 (CST) X-Spam-Prev-Subject: Attn: Status: R X-Status: X-Keywords: $Forwarded X-UID: 151 Content-Length: 1664 You will not see this in a MIME-aware mail reader. --===============1796783726== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the = COVID -19 benefit Funds worth =80500,000 EUR to help with the fight against= COVID -19 and finance your business while staying at home to help stop the= spread of the virus. UNICEF and European Union have awarded you with =8050= 0,000 EUR benefit funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill th= e below details to process your winning. Full Name, Date of birth, Country,= Phone, Regards On behalf of European Commission Ursula von der Leyen COVID= -19 BENEFIT FUNDS=20 --===============1796783726== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the COVID -19 = benefit Funds worth =E2=82=AC500,000 EUR to help with the fight against COV= ID -19 and finance your business while staying at home to help stop the spr= ead of the virus. UNICEF and European Union have awarded you with =E2=82=AC500,000 EUR benefi= t funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill the below details to process your winning. Full Name, Date of birth, Country, Phone, Regards On behalf of European Commission Ursula von der Leyen COVID -19 BENEFIT FUNDS --===============1796783726==-- From sn@turuncuholding.com Tue Mar 16 01:34:31 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_80,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET,RELAY_COUNTRY_TR, RELAY_COUNTRY_ZA,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8863] * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TR ZA Received: from mail.turuncuholding.com (mail.turuncuholding.com [212.174.183.142]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12G7YQv4028615 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 16 Mar 2021 01:34:31 -0600 Received: from [192.168.8.120] ([105.4.7.142]) by mail.turuncuholding.com (IceWarp 11.0.1.1 x64) with ASMTP id 202103160943568469; Tue, 16 Mar 2021 09:43:56 +0300 Content-Type: multipart/alternative; boundary="===============1613948082==" MIME-Version: 1.0 Subject: [SPAM] Attn: To: Recipients From: sn@turuncuholding.com Date: Tue, 16 Mar 2021 14:43:37 +0800 Reply-To: nckniem@gmail.com Message-ID: <7cea23d6cefa0c8141716a788e26b411@turuncuholding.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 01:34:31 -0600 (CST) for IP:'212.174.183.142' DOMAIN:'mail.turuncuholding.com' HELO:'mail.turuncuholding.com' FROM:'sn@turuncuholding.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 16 Mar 2021 01:34:31 -0600 (CST) X-Spam-Prev-Subject: Attn: Status: R X-Status: X-Keywords: $Forwarded X-UID: 152 Content-Length: 1664 You will not see this in a MIME-aware mail reader. --===============1613948082== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the = COVID -19 benefit Funds worth =80500,000 EUR to help with the fight against= COVID -19 and finance your business while staying at home to help stop the= spread of the virus. UNICEF and European Union have awarded you with =8050= 0,000 EUR benefit funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill th= e below details to process your winning. Full Name, Date of birth, Country,= Phone, Regards On behalf of European Commission Ursula von der Leyen COVID= -19 BENEFIT FUNDS=20 --===============1613948082== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the COVID -19 = benefit Funds worth =E2=82=AC500,000 EUR to help with the fight against COV= ID -19 and finance your business while staying at home to help stop the spr= ead of the virus. UNICEF and European Union have awarded you with =E2=82=AC500,000 EUR benefi= t funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill the below details to process your winning. Full Name, Date of birth, Country, Phone, Regards On behalf of European Commission Ursula von der Leyen COVID -19 BENEFIT FUNDS --===============1613948082==-- From admin@mailfa.com Wed Mar 17 18:48:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.8 required=5.0 tests=BAYES_99,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,SPF_HELO_NONE,SPF_PASS, SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9916] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.4.29.135 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [chenchung1011[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? X-Spam-Relay-Country: IR ** Received: from mail.mailfa.com (mail.mailfa.com [185.4.29.135]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12I0m0hP006840 for ; Wed, 17 Mar 2021 18:48:05 -0600 dkim-signature: v=1; a=rsa-sha256; d=mailfa.com; s=se542; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description; bh=1yJD9Ux7DywJGLSDJBG3fFU8yi8qje5/+VSuAk3BRoE=; b=gB4u45PpX7ucPS6uDkX7biNh/qkpenUBuhrIK2ByoT7R8ANFD+rQtxmYdn3oNcCNWQO911gpzDkQCeVoM92knekjH1W9C2tPxucyjNkm2tlF8l0sMRCA0NnbeyakyUlNfkxdLb33L2Q+h8PcotLgxV0v0SvxOsYMUFAiNE3jFmI= Received: from [172.20.10.7] ([41.144.78.219]) by mail.mailfa.com ; Thu, 18 Mar 2021 01:03:04 +0330 Message-ID: <33ABFB46-0C50-42A8-BA8F-CD24767000EE@mail.mailfa.com> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] BUSINESS PROPOSAL To: Recipients From: "Chen Chung" Date: Wed, 17 Mar 2021 14:32:48 -0700 Reply-To: chenchung1011@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 17 Mar 2021 18:48:06 -0600 (CST) for IP:'185.4.29.135' DOMAIN:'mail.mailfa.com' HELO:'mail.mailfa.com' FROM:'admin@mailfa.com' RCPT:'' X-Greylist: Delayed for 02:08:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 17 Mar 2021 18:48:06 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12I0m0hP006840 X-Spam-Prev-Subject: BUSINESS PROPOSAL Status: R X-Status: X-Keywords: X-UID: 153 Good Day, I'm Chen Chung a staff of Wing Hang Bank here in Hong Kong. Can i TRUST you in transferring- $13,991,674 USD? Get back to me on this email: chenchung1011@gmail.com Regards ?? ????? ?????? ? ?????? ?????? ??? ?? From admin@mailfa.com Thu Mar 18 06:41:03 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.8 required=5.0 tests=BAYES_99,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, RCVD_IN_PSBL,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9916] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.4.29.135 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [chemchung1011[at]gmail.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [185.4.29.135 listed in bl.mailspike.net] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? X-Spam-Relay-Country: IR ** Received: from mail.mailfa.com (mail.mailfa.com [185.4.29.135]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12ICexpl032220 for ; Thu, 18 Mar 2021 06:41:03 -0600 dkim-signature: v=1; a=rsa-sha256; d=mailfa.com; s=se542; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description; bh=ePcMMyLVM8Mj0VV8R6JmYztf+a1A7LqOHeICERzNEqU=; b=VVILrmWaXhG8lwGHPCpzMcBVqrx6eVT30W1lVnbTlm9Eyu529Ob+Q/NCnOru2WBD3rmTS/VJum4QG28wYysonWzejTZAbxAIY6vlwmiYvxGdAXeFqzCvdiSbHOwQAJo5pSzDvX4++BI+Ku1MYo9y8hvO3jXkGKlfFu+LXEXVZ28= Received: from [172.20.10.7] ([41.144.78.175]) by mail.mailfa.com ; Thu, 18 Mar 2021 11:31:01 +0330 Message-ID: <1AFC2177-1B90-4349-AF05-81CE972DEE17@mail.mailfa.com> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] BUSINESS PROPOSAL To: Recipients From: "Chem Chung" Date: Thu, 18 Mar 2021 00:59:55 -0700 Reply-To: chemchung1011@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 06:41:03 -0600 (CST) for IP:'185.4.29.135' DOMAIN:'mail.mailfa.com' HELO:'mail.mailfa.com' FROM:'admin@mailfa.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 06:41:03 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12ICexpl032220 X-Spam-Prev-Subject: BUSINESS PROPOSAL Status: R X-Status: X-Keywords: X-UID: 154 Good Day, I'm Chen Chung a staff of Wing Hang Bank here in Hong Kong. Can i TRUST you in transferring- $13,991,674 USD? Get back to me on this email: chemchung1011@gmail.com Regards ?? ????? ?????? ? ?????? ?????? ??? ?? From admin@mailfa.com Thu Mar 18 10:27:49 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.8 required=5.0 tests=BAYES_99,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, RCVD_IN_PSBL,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9916] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.4.29.135 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [185.4.29.135 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [chenchung1011[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? X-Spam-Relay-Country: IR ** Received: from mail.mailfa.com (mail.mailfa.com [185.4.29.135]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12IGReJL001609 for ; Thu, 18 Mar 2021 10:27:48 -0600 dkim-signature: v=1; a=rsa-sha256; d=mailfa.com; s=se542; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description; bh=1yJD9Ux7DywJGLSDJBG3fFU8yi8qje5/+VSuAk3BRoE=; b=KHOmuFf4G64iMWhRcxZw7XqO2W3BFc31S/obt9oO0Ght3kGaLjRy+ZZnP+W7uCo0FD3X4wJGJ404zk2fBveuBQ9OEjtATInIcX68x5CLue3EndLyJrsOJHGG+JC95uaLbrRNFrKBNoeJ0R+2Dz4mDGHsi7vYoqwxRQ6EcXJh0iI= Received: from [172.20.10.7] ([41.144.78.196]) by mail.mailfa.com ; Thu, 18 Mar 2021 16:54:44 +0330 Message-ID: <1CD68078-C3D6-4BB0-B80F-143BA0AB2C5E@mail.mailfa.com> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] BUSINESS PROPOSAL To: Recipients From: "Chen Chung" Date: Thu, 18 Mar 2021 06:24:02 -0700 Reply-To: chenchung1011@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 10:27:49 -0600 (CST) for IP:'185.4.29.135' DOMAIN:'mail.mailfa.com' HELO:'mail.mailfa.com' FROM:'admin@mailfa.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 10:27:49 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12IGReJL001609 X-Spam-Prev-Subject: BUSINESS PROPOSAL Status: R X-Status: X-Keywords: X-UID: 155 Good Day, I'm Chen Chung a staff of Wing Hang Bank here in Hong Kong. Can i TRUST you in transferring- $13,991,674 USD? Get back to me on this email: chenchung1011@gmail.com Regards ?? ????? ?????? ? ?????? ?????? ??? ?? From admin@mailfa.com Thu Mar 18 21:07:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.8 required=5.0 tests=BAYES_99,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3, RCVD_IN_PSBL,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9916] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.4.29.135 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [185.4.29.135 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [chemchung1011[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? X-Spam-Relay-Country: IR ** Received: from mail.mailfa.com (mail.mailfa.com [185.4.29.135]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12J37Kxg001586 for ; Thu, 18 Mar 2021 21:07:23 -0600 dkim-signature: v=1; a=rsa-sha256; d=mailfa.com; s=se542; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description; bh=ePcMMyLVM8Mj0VV8R6JmYztf+a1A7LqOHeICERzNEqU=; b=RQdJ83tZmzqnDqYSem9cOTwr1MWFFzNbeMHMW253MIRUzP9rZJ1KS3wYO8RYMsUHXy5Q/39H1qOB+xve1K5F6vXUdBpTbc+mAIfZeY0sgRb+yFNIZp3pMtK6+tL7IbTnFmVkRbncs3/IDtpeFdFRYvHzURgAZEbdoH4jwA9XqsE= Received: from [172.20.10.7] ([41.144.78.219]) by mail.mailfa.com ; Fri, 19 Mar 2021 00:31:19 +0330 Message-ID: Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] BUSINESS PROPOSAL To: Recipients From: "Chem Chung" Date: Thu, 18 Mar 2021 13:59:51 -0700 Reply-To: chemchung1011@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 21:07:24 -0600 (CST) for IP:'185.4.29.135' DOMAIN:'mail.mailfa.com' HELO:'mail.mailfa.com' FROM:'admin@mailfa.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 21:07:24 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12J37Kxg001586 X-Spam-Prev-Subject: BUSINESS PROPOSAL Status: R X-Status: X-Keywords: X-UID: 156 Good Day, I'm Chen Chung a staff of Wing Hang Bank here in Hong Kong. Can i TRUST you in transferring- $13,991,674 USD? Get back to me on this email: chemchung1011@gmail.com Regards ?? ????? ?????? ? ?????? ?????? ??? ?? From admin@mailfa.com Fri Mar 19 04:04:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.3 required=5.0 tests=BAYES_99,BAYES_999, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RCVD_IN_PSBL,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04, SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [chemchung1011[at]gmail.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [185.4.29.135 listed in bl.mailspike.net] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.4.29.135 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? X-Spam-Relay-Country: IR ** Received: from mail.mailfa.com (mail.mailfa.com [185.4.29.135]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12JA3rDM007229 for ; Fri, 19 Mar 2021 04:04:06 -0600 dkim-signature: v=1; a=rsa-sha256; d=mailfa.com; s=se542; c=relaxed/relaxed; q=dns/txt; h=From:Reply-To:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Description; bh=ePcMMyLVM8Mj0VV8R6JmYztf+a1A7LqOHeICERzNEqU=; b=zGtvvzbW8KUUkj5ixSlE2iFw2C5rAA6hz0UuYhGxo/IZRH6irxLc8Kn87sZIPC5pB0b8iz6qjG1TZ1OPxgCaI96EQGCml3qquEsq+ZFKus3AcstCOwtNZUs0P+PUeUWS6ISy1Fjizj0JAh/+DQiMLOdSrDHS/iMTV88oOYK+UAI= Received: from [172.20.10.7] ([41.144.87.66]) by mail.mailfa.com ; Fri, 19 Mar 2021 10:13:53 +0330 Message-ID: Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] BUSINESS PROPOSAL To: Recipients From: "Chem Chung" Date: Thu, 18 Mar 2021 23:43:07 -0700 Reply-To: chemchung1011@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Mar 2021 04:04:11 -0600 (CST) for IP:'185.4.29.135' DOMAIN:'mail.mailfa.com' HELO:'mail.mailfa.com' FROM:'admin@mailfa.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Mar 2021 04:04:11 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12JA3rDM007229 X-Spam-Prev-Subject: BUSINESS PROPOSAL Status: R X-Status: X-Keywords: X-UID: 157 Good Day, I'm Chen Chung a staff of Wing Hang Bank here in Hong Kong. Can i TRUST you in transferring- $13,991,674 USD? Get back to me on this email: chemchung1011@gmail.com Regards ?? ????? ?????? ? ?????? ?????? ??? ?? From yuushou20@takeda.or.jp Thu Mar 18 22:10:29 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=33.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FAKE_REPLY_C, FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251,LOTS_OF_MONEY, MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 1.5 FAKE_REPLY_C No description available. * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP JP JP JP Received: from oogw2106.ocn.ad.jp (oogw2106.ocn.ad.jp [61.118.32.7]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12J4AQOT007733 for ; Thu, 18 Mar 2021 22:10:29 -0600 Received: from cmn-spm-mts-001c1.ocn.ad.jp (cmn-spm-mts-001c1.ocn.ad.jp [153.153.67.130]) by oogw2106.ocn.ad.jp (Postfix) with ESMTP id DEA94200710; Fri, 19 Mar 2021 13:03:47 +0900 (JST) Received: from mgw-vc-mts-006c1.ocn.ad.jp ([153.138.238.213]) by cmn-spm-mts-001c1.ocn.ad.jp with ESMTP id N6M6lZapwCKXcN6MVlpLZW; Fri, 19 Mar 2021 13:03:47 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw105.ocn.ad.jp ([153.149.234.201]) by mgw-vc-mts-006c1.ocn.ad.jp with ESMTP id N6MVlYdOeAjRHN6MVlcCgl; Fri, 19 Mar 2021 13:03:47 +0900 Received: from c15etuqk.mwprem.net (c15etuqk.mwprem.net [153.149.176.82]) by sgs-vcgw105.ocn.ad.jp (Postfix) with SMTP id D57787E0286; Fri, 19 Mar 2021 13:03:46 +0900 (JST) Reply-To: From: "Reem E. Alhashimi" Subject: [SPAM] Re: UAE Date: Fri, 19 Mar 2021 04:03:46 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210319040335.AD496E13EF@c15etuqk.mwprem.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:10:29 -0600 (CST) for IP:'61.118.32.7' DOMAIN:'oogw2106.ocn.ad.jp' HELO:'oogw2106.ocn.ad.jp' FROM:'yuushou20@takeda.or.jp' RCPT:'' X-Greylist: Delayed for 00:06:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:10:29 -0600 (CST) X-Spam-Prev-Subject: Re: UAE Status: R X-Status: X-Keywords: X-UID: 158 Content-Length: 1451 Hello, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment. reply on this email only: reem.alhashimi@yandex.com Regards, Ms. Reem From yuushou20@takeda.or.jp Thu Mar 18 22:10:29 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=33.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FAKE_REPLY_C, FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251,LOTS_OF_MONEY, MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 1.5 FAKE_REPLY_C No description available. * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP JP JP JP Received: from oogw2106.ocn.ad.jp (oogw2106.ocn.ad.jp [61.118.32.7]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12J4AQOT007733 for ; Thu, 18 Mar 2021 22:10:29 -0600 Received: from cmn-spm-mts-001c1.ocn.ad.jp (cmn-spm-mts-001c1.ocn.ad.jp [153.153.67.130]) by oogw2106.ocn.ad.jp (Postfix) with ESMTP id DEA94200710; Fri, 19 Mar 2021 13:03:47 +0900 (JST) Received: from mgw-vc-mts-006c1.ocn.ad.jp ([153.138.238.213]) by cmn-spm-mts-001c1.ocn.ad.jp with ESMTP id N6M6lZapwCKXcN6MVlpLZW; Fri, 19 Mar 2021 13:03:47 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw105.ocn.ad.jp ([153.149.234.201]) by mgw-vc-mts-006c1.ocn.ad.jp with ESMTP id N6MVlYdOeAjRHN6MVlcCgl; Fri, 19 Mar 2021 13:03:47 +0900 Received: from c15etuqk.mwprem.net (c15etuqk.mwprem.net [153.149.176.82]) by sgs-vcgw105.ocn.ad.jp (Postfix) with SMTP id D57787E0286; Fri, 19 Mar 2021 13:03:46 +0900 (JST) Reply-To: From: "Reem E. Alhashimi" Subject: [SPAM] Re: UAE Date: Fri, 19 Mar 2021 04:03:46 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210319040335.AD496E13EF@c15etuqk.mwprem.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:10:29 -0600 (CST) for IP:'61.118.32.7' DOMAIN:'oogw2106.ocn.ad.jp' HELO:'oogw2106.ocn.ad.jp' FROM:'yuushou20@takeda.or.jp' RCPT:'' X-Greylist: Delayed for 00:06:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:10:29 -0600 (CST) X-Spam-Prev-Subject: Re: UAE Status: R X-Status: X-Keywords: X-UID: 159 Content-Length: 1451 Hello, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment. reply on this email only: reem.alhashimi@yandex.com Regards, Ms. Reem From yuushou20@takeda.or.jp Thu Mar 18 22:15:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=33.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FAKE_REPLY_C, FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251,LOTS_OF_MONEY, MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 MONEY_NOHTML Lots of money in plain text * 1.5 FAKE_REPLY_C No description available. * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP JP JP JP Received: from oogw0309.ocn.ad.jp (oogw0309.ocn.ad.jp [153.128.48.79]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12J4FYAT007798 for ; Thu, 18 Mar 2021 22:15:37 -0600 Received: from cmn-spm-mts-022c1.ocn.ad.jp (cmn-spm-mts-022c1.ocn.ad.jp [153.138.238.86]) by oogw0309.ocn.ad.jp (Postfix) with ESMTP id BC2DB1804F7; Fri, 19 Mar 2021 13:04:11 +0900 (JST) Received: from mgw-vc-mts-005c1.ocn.ad.jp ([153.138.238.156]) by cmn-spm-mts-022c1.ocn.ad.jp with ESMTP id N6I7la1XqSCumN6MtltDXh; Fri, 19 Mar 2021 13:04:11 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw109.ocn.ad.jp ([153.149.236.70]) by mgw-vc-mts-005c1.ocn.ad.jp with ESMTP id N6MtlQnDrMNjmN6MtlOcRN; Fri, 19 Mar 2021 13:04:11 +0900 Received: from c15etuqk.mwprem.net (c15etuqk.mwprem.net [153.149.176.82]) by sgs-vcgw109.ocn.ad.jp (Postfix) with SMTP id AF217420287; Fri, 19 Mar 2021 13:04:10 +0900 (JST) Reply-To: From: "Reem E. Alhashimi" Subject: [SPAM] Re: UAE Date: Fri, 19 Mar 2021 04:04:10 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210319040401.E3401E13E4@c15etuqk.mwprem.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:15:38 -0600 (CST) for IP:'153.128.48.79' DOMAIN:'oogw0309.ocn.ad.jp' HELO:'oogw0309.ocn.ad.jp' FROM:'yuushou20@takeda.or.jp' RCPT:'' X-Greylist: Delayed for 00:11:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Mar 2021 22:15:38 -0600 (CST) X-Spam-Prev-Subject: Re: UAE Status: R X-Status: X-Keywords: X-UID: 160 Content-Length: 1451 Hello, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment. reply on this email only: reem.alhashimi@yandex.com Regards, Ms. Reem From pzkmv@cenic.co.kr Fri Mar 19 01:34:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********* X-Spam-Status: Yes, score=10.0 required=5.0 tests=BAYES_99,BAYES_999, CTE_8BIT_MISMATCH,HK_RANDOM_ENVFROM,HK_RANDOM_FROM,LOTS_OF_MONEY, MONEY_NOHTML,PP_MIME_FAKE_ASCII_TEXT,RDNS_NONE,RELAY_COUNTRY_KR, SPF_HELO_PASS,SPF_PASS,UNPARSEABLE_RELAY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_KR Relayed via Korea * 1.0 HK_RANDOM_FROM From username looks random * 0.0 HK_RANDOM_ENVFROM Envelope sender username looks random * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be * ASCII but isn't * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay * lines * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MONEY_NOHTML Lots of money in plain text X-Spam-Relay-Country: KR Received: from cenic.co.kr ([203.228.72.81]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12J7XvS1022099 for ; Fri, 19 Mar 2021 01:34:00 -0600 Received: from 23.94.92.195 (23.94.92.195) at CrediMail with ESMTP Mobigen by localhost;Fri, 19 Mar 2021 15:51:14 +0900 X-MsgID: 1616136674527969.4.localhost Message-ID: <1616136674527969.4.localhost@localhost> Y-MAIL-CLASS: None X-RECEIVED-IP: 23.94.92.195 From: "Antonio Perez Domingo" Subject: [SPAM] Ich werde mich =?ISO-8859-1?Q?=FCber?= Ihre dringende Antwort auf diese E-Mail freuen To: apeaceprojects@gmail.com Content-Type: text/plain Date: Fri, 19 Mar 2021 00:28:28 -0700 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Mar 2021 01:34:01 -0600 (CST) for IP:'203.228.72.81' DOMAIN:'[203.228.72.81]' HELO:'cenic.co.kr' FROM:'pzkmv@cenic.co.kr' RCPT:'' X-Greylist: Delayed for 00:05:12 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 19 Mar 2021 01:34:01 -0600 (CST) X-Spam-Prev-Subject: Ich werde mich =?ISO-8859-1?Q?=FCber?= Ihre dringende Antwort auf Status: R X-Status: X-Keywords: X-UID: 161 Content-Length: 1064 Gunten morgen, Mein Name ist Antonio Perez Domingo, Ich habe Ihnen zuvor eine Nachricht bezglich einer Transaktion in Hhe von 13, 5 Millionen US-Dollar gesendet, die mein verstorbener Kunde vor seinem pltzlichen Tod hinterlassen hat. Ich melde mich noch einmal bei Ihnen, da ich nach Durchsicht Ihres Profils fest davon berzeugt bin, dass Sie die Transaktion sehr gut mit mir abwickeln knnen. Wenn Sie interessiert sind, mchte ich darauf hinweisen, dass nach der Transaktion 10% dieses Geldes unter Wohlttigkeitsorganisationen aufgeteilt werden sollen, whrend die restlichen 90% zwischen uns aufgeteilt werden, also jeweils 45%. Diese Transaktion ist zu 100% risikofrei. Bitte antworten Sie mir so schnell wie mglich, um weitere Erluterungen zur Transaktion zu erhalten, meine E-Mail: antonio@dpagbogado.com Hochachtungsvoll, Ich hoffe von Ihnen so schnell wie mglich zu hren Mit freundlichen Grssen Antonio Perez Domingo, Rechtsanwalt. TEL: + 34 910 604 214 Mobil: +34 610 654 778 Fax: + 34 919 011 786 E-mail antonio@dpagbogado.com From test@skyinfo.co.kr Sun Mar 21 07:37:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.7 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, MISSING_HEADERS,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RDNS_NONE,RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [wb6159980[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: CN HK Received: from psfor11.club ([106.55.247.56]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 12LDbRil039224 for ; Sun, 21 Mar 2021 07:37:36 -0600 Message-Id: <202103211337.12LDbRil039224@ga.impsec.org> Received: from User ([45.249.91.185]) (envelope-sender ) by 172.16.0.2 with ESMTP for ; Sun, 21 Mar 2021 15:39:05 +0800 Reply-To: From: "Robert Cota" Subject: [SPAM] I AM SORRY TO ENCROACH IN TO YOUR PRIVACY . Date: Sat, 20 Mar 2021 22:39:05 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Mar 2021 07:37:37 -0600 (CST) for IP:'106.55.247.56' DOMAIN:'[106.55.247.56]' HELO:'psfor11.club' FROM:'test@skyinfo.co.kr' RCPT:'' X-Greylist: Delayed for 05:51:46 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 21 Mar 2021 07:37:37 -0600 (CST) X-Spam-Prev-Subject: I AM SORRY TO ENCROACH IN TO YOUR PRIVACY . Status: R X-Status: X-Keywords: X-UID: 162 Hello Dear. I apologize if the content of my email is contrary to your moral ethics but I find it advantageous to offer you my partnership in business. I am CAPT Robert Cota, an officer in the US Army presently serving in the Military with the 82nd Airborne Division Peacekeeping Force here in Kabul. I need your help in assisting me with the safekeeping of Two Military Trunk Boxes. I hope you can be trusted? If you can be trusted, I will explain further when I get a response from you for further clarification. Nevertheless, please ensure to reply via my private email: (robertcota391@gmail.com). Thanks for your understanding and cooperation, God bless you and America!!! Best Regards, CPT Robert Cota US ARMY. From sn@turuncuholding.com Tue Mar 23 06:26:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.7 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LCL_VIA_ZA, LOTS_OF_MONEY,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RELAY_COUNTRY_TR,RELAY_COUNTRY_ZA,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [212.174.183.142 listed in bl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.0 LCL_VIA_ZA Via relay in South African + high Bayes * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 2.9 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TR ZA Received: from mail.turuncuholding.com (mail.turuncuholding.com [212.174.183.142]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12NCPlx7037389 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 23 Mar 2021 06:25:58 -0600 Received: from [192.168.8.120] ([105.4.7.3]) by mail.turuncuholding.com (IceWarp 11.0.1.1 x64) with ASMTP (SSL) id 202103231523142106; Tue, 23 Mar 2021 15:23:14 +0300 Content-Type: multipart/alternative; boundary="===============2145166641==" MIME-Version: 1.0 Subject: [SPAM] Attn: COVID -19 benefit Funds available for you To: Recipients From: sn@turuncuholding.com Date: Tue, 23 Mar 2021 20:22:56 +0800 Reply-To: nckniem@gmail.com Message-ID: <05d795db25e4aafe0e58ce507993185b@turuncuholding.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 06:26:00 -0600 (CST) for IP:'212.174.183.142' DOMAIN:'mail.turuncuholding.com' HELO:'mail.turuncuholding.com' FROM:'sn@turuncuholding.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 06:26:00 -0600 (CST) X-Spam-Prev-Subject: Attn: COVID -19 benefit Funds available for you Status: R X-Status: X-Keywords: X-UID: 163 Content-Length: 1660 You will not see this in a MIME-aware mail reader. --===============2145166641== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the = COVID -19 benefit Funds worth =80500,000 EUR to help with the fight against= COVID -19 and finance your business while staying at home to help stop the= spread of the virus. UNICEF and European Union have awarded you with =8050= 0,000 EUR benefit funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill th= e below details to process your winning. Full Name: Date of birth: Country:= Phone: Regards On behalf of European Commission Ursula von der Leyen COVID= -19 BENEFIT FUNDS --===============2145166641== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the COVID -19 = benefit Funds worth =E2=82=AC500,000 EUR to help with the fight against COV= ID -19 and finance your business while staying at home to help stop the spr= ead of the virus. UNICEF and European Union have awarded you with =E2=82=AC500,000 EUR benefi= t funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill the below details to process your winning. Full Name: Date of birth: Country: Phone: Regards On behalf of European Commission Ursula von der Leyen COVID -19 BENEFIT FUNDS --===============2145166641==-- From sn@turuncuholding.com Tue Mar 23 07:34:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.7 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LCL_VIA_ZA, LOTS_OF_MONEY,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RELAY_COUNTRY_TR,RELAY_COUNTRY_ZA,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_TR Relayed via Turkey * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [212.174.183.142 listed in bl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.0 LCL_VIA_ZA Via relay in South African + high Bayes * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 2.9 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: TR ZA Received: from mail.turuncuholding.com (mail.turuncuholding.com [212.174.183.142]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12NDXgHs041861 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 23 Mar 2021 07:34:01 -0600 Received: from [192.168.8.120] ([105.4.7.3]) by mail.turuncuholding.com (IceWarp 11.0.1.1 x64) with ASMTP (SSL) id 202103231633367878; Tue, 23 Mar 2021 16:33:36 +0300 Content-Type: multipart/alternative; boundary="===============0978238160==" MIME-Version: 1.0 Subject: [SPAM] Attn: COVID -19 benefit Funds available for you To: Recipients From: sn@turuncuholding.com Date: Tue, 23 Mar 2021 21:33:11 +0800 Reply-To: nckniem@gmail.com Message-ID: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 07:34:02 -0600 (CST) for IP:'212.174.183.142' DOMAIN:'mail.turuncuholding.com' HELO:'mail.turuncuholding.com' FROM:'sn@turuncuholding.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 07:34:02 -0600 (CST) X-Spam-Prev-Subject: Attn: COVID -19 benefit Funds available for you Status: R X-Status: X-Keywords: X-UID: 164 Content-Length: 1660 You will not see this in a MIME-aware mail reader. --===============0978238160== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the = COVID -19 benefit Funds worth =80500,000 EUR to help with the fight against= COVID -19 and finance your business while staying at home to help stop the= spread of the virus. UNICEF and European Union have awarded you with =8050= 0,000 EUR benefit funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill th= e below details to process your winning. Full Name: Date of birth: Country:= Phone: Regards On behalf of European Commission Ursula von der Leyen COVID= -19 BENEFIT FUNDS --===============0978238160== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Good day, Congratulations on being one of the lucky winners to receive the COVID -19 = benefit Funds worth =E2=82=AC500,000 EUR to help with the fight against COV= ID -19 and finance your business while staying at home to help stop the spr= ead of the virus. UNICEF and European Union have awarded you with =E2=82=AC500,000 EUR benefi= t funds with REF NUMBER COVID -19/EU/02/2021 Kindly fill the below details to process your winning. Full Name: Date of birth: Country: Phone: Regards On behalf of European Commission Ursula von der Leyen COVID -19 BENEFIT FUNDS --===============0978238160==-- From it@mail.bankami.co Tue Mar 23 17:30:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_80,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FROM_MISSP_DYNIP, FROM_MISSP_FREEMAIL,HTML_MESSAGE,KHOP_HELO_FCRDNS,LOTS_OF_MONEY, LOTTO_AGENT,MIME_HTML_ONLY,MONEY_FREEMAIL_REPTO,RDNS_DYNAMIC, SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9440] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.3 FROM_MISSP_DYNIP From misspaced + dynamic rDNS * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 LOTTO_AGENT Claims Agent * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: NC ** XX Received: from lsi.inbusol.nc (202-171-69-39.h06.canl.nc [202.171.69.39]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12NNUkJA037547 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 23 Mar 2021 17:30:55 -0600 Received: from lsi.inbusol.nc (localhost [127.0.0.1]) by lsi.inbusol.nc (Postfix) with ESMTP id E901C82786 for ; Wed, 24 Mar 2021 08:15:21 +1100 (NCT) Received: from mail.bankami.co ([193.169.255.136]) by localhost with SMTP (LetSignIt ESMTP MAIL Service, Version: 1.0 ready at Tue Mar 23 22:15:21 CET 2021) id 0D21D336A17B4CADA11A4611C8A79217 for jhardin@impsec.org; Tue, 23 Mar 2021 22:15:21 +0100 (CET) Reply-To: infoasminternationalpk@gmail.com From: Lottery Team To: jhardin@impsec.org Subject: [SPAM] Congratulation!! Date: 23 Mar 2021 14:15:19 -0700 Message-ID: <20210323141519.627DAFAA39749090@mail.bankami.co> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 17:30:56 -0600 (CST) for IP:'202.171.69.39' DOMAIN:'202-171-69-39.h06.canl.nc' HELO:'lsi.inbusol.nc' FROM:'it@mail.bankami.co' RCPT:'' X-Greylist: Delayed for 01:49:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 23 Mar 2021 17:30:56 -0600 (CST) X-Spam-Prev-Subject: Congratulation!! Status: R X-Status: X-Keywords: X-UID: 165 Content-Length: 3493

Dear  jhardin@impsec.org

We are happy to announce to you this week the Winning Draw of All Social Me= dia Networking Lottery Program held. Your E-mail has won the sum of US$3.60= 0,000.00

Kindly contact your Claim Agent:
Name: Mr.Hiygoh Curtis
Email:&= nbsp;hiygohscurtis@gmail.com
Phone:  (+1= 631-923-0808 WhatsApp)

Provide the below info to your claim agent and do not disclose it to any ot= her person for security reasons.
Winning No: 01-13-26-34-94-64
Batch = No: 956485564907/006
Ref No: 1120/HW47509/006

Sincerely,
Lottery Team Department.
Admin.

From jayallen.jr48@gmail.com Wed Mar 24 09:45:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 12OGj2sx001397 for ; Wed, 24 Mar 2021 09:45:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: **** X-Spam-Status: No, score=4.3 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_05,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 24 Mar 2021 09:45:02 -0700 (PDT) Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12OGg3KJ037504 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 24 Mar 2021 10:42:06 -0600 Received: by mail-ot1-f54.google.com with SMTP id k14-20020a9d7dce0000b02901b866632f29so23624956otn.1 for ; Wed, 24 Mar 2021 09:42:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=yGb5eD7oquy2PpSNH0Q8jl4NPWeDgKPp0xaxQqnj584=; b=MzD2XZXEK36Ayp9D/7uaXbMrdbOix9HPvTSv7r2smlV1OH20bo0mybiDEmTtcWIATt eH0sMne3wbR6OEeGQZ0ig+zQr2p9BC6mCacsTi/ZzrFhCnn4DInMdQ822TDIxw+jXOp2 cLLj1O22lP7CDDfvQbiZpXfBYbqPg0nm6CauA4jbU7fZrUD7qRyq9aR/o/3FJ6UbCcIH tYNGBg0R0uM0HocGcQr2ifMkF0uYTn+mXsQAMLWIZwJhPGW0H8ZT/dPT5Xr/6UBxX1cU PXO3s+nEYCD36uQv6mqba8jBC8b8yy59lAP/Y767woFKkDUMmlV9IA3HHtPJ9VNdDhZI lo/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yGb5eD7oquy2PpSNH0Q8jl4NPWeDgKPp0xaxQqnj584=; b=IE3wTRvAXXCKWDGz5B9Q/xnTKnXYrEH84Amz/7d4SSTh1cwfd03tvXSORpi7LvdrpA XuFjPUO00Onm/4D/ahxyjU0pbVehClD+4iqYnvav1euWdFndgunTdSJmaZXy6OrgCJvf 1QTp/G2iDbUMD6Q4mjUALWM3XYMBGOBuGaFNRW0KoNnsGuk85vwahKkzQ5CFMOSzMuzU 1Ms3IdJuDKHnGiy1YK70KhivlyFPo/XmEZcPi3bDzl9l0mmcDCFB2/uv49d/uQ3DfjHZ Upu7AEQKvDLiWiwefb3/kCgwoUxmU7Iq54X6IVFM7SamVZ6O8y5yOWebRtdZLsGMeZbK MYqQ== X-Gm-Message-State: AOAM531h4zU17OpQ8TXeYv3U/s2j114XOM4AsCO7CDAPXqYNyKSp/VaB M3FfeyoHUDOZAR83VhSiO27AOsEWgtll333oWNk= X-Google-Smtp-Source: ABdhPJyQHvbNz6sTToPYu3RyHuCQSSpEJZL3jU8CKkD0qeZv+GUGl2ow/nh+pt+Wm4K6BoU7f/at3/QhGt7gMs6rgYA= X-Received: by 2002:a9d:5191:: with SMTP id y17mr3877626otg.332.1616604123065; Wed, 24 Mar 2021 09:42:03 -0700 (PDT) MIME-Version: 1.0 From: Jay Allen Jr Date: Wed, 24 Mar 2021 17:41:44 +0100 Message-ID: Subject: My name is Mrs. Maria Lucas. To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="0000000000007f70e005be4afabb" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Mar 2021 10:42:06 -0600 (CST) for IP:'209.85.210.54' DOMAIN:'mail-ot1-f54.google.com' HELO:'mail-ot1-f54.google.com' FROM:'jayallen.jr48@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Mar 2021 10:42:06 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 166 Content-Length: 3232 --0000000000007f70e005be4afabb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My name is Mrs. Maria Lucas. I am a Swedish National but I am currently living in London England. My husband died recently of Covid19 complications. I am presently in hospital suffering from a stage 4 ovarian Cancer which has Metastasis with a poor prognosis. My husband deposited the sum of =C2=A34,500,000 GBP with a bank in England. Before my husband was taken to the Isolation center where he finally died, he told me to use the funds to establish animal care clinics. Due to my present health condition, I will not be able to handle this project. Therefore, I want to donate the =C2=A34,500,000 to you so that you will set up an animal care Foundation. A clinic where animals will be treated in your country for free. I have always seen on television where people donate funds to orphanage homes, but don't care about animals. We want to change the ideology of well meaning people to understand that animals are important to us. Please let me know if you are interested so that I will ask my lawyer to prepare a contract Agreement on your name. Please don't forget that My health is bad since my cancer has spread to other parts of my body, therefore I want you to reply to this message as soon as possible to enable you to receive the funds quickly. Please reply to ( maria_lucas99@yahoo.com ) I am waiting to hear from you. Thank you, Mrs. Maria Lucas --0000000000007f70e005be4afabb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My name is Mrs. Maria Lucas.


I am a Swedish Nat= ional but I am currently living in London England.

My husband died r= ecently of Covid19 complications. I am presently in
hospital suffering f= rom a stage 4 ovarian Cancer which has Metastasis
with a poor prognosis.=

My husband deposited the sum of =C2=A34,500,000 GBP with a bank in = England.

Before my husband was taken to the Isolation center where h= e finally
died, he told me to use the funds to establish animal care cli= nics.
Due to my present health condition, I will not be able to handle t= his
project. Therefore, I want to donate the =C2=A34,500,000 to you so t= hat you
will set up an animal care Foundation. A clinic where animals wi= ll be
treated in your country for free.

I have always seen on tel= evision where people donate funds to
orphanage homes, but don't care= about animals. We want to change the
ideology of well meaning people to= understand that animals are
important to us.

Please let me know = if you are interested so that I will ask my lawyer
to prepare a contract= Agreement on your name. Please don't forget that
My health is bad s= ince my cancer has spread to other parts of my body,
therefore I want yo= u to reply to this message as soon as possible to
enable you to receive = the funds quickly. Please reply to (
maria_lucas99@yahoo.com )

I am waiting to hear from you.=

Thank you,

Mrs. Maria Lucas
--0000000000007f70e005be4afabb-- From jayallen.jr48@gmail.com Wed Mar 24 10:12:01 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 12OHC17m002813 for ; Wed, 24 Mar 2021 10:12:01 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: **** X-Spam-Status: No, score=4.3 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_05,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 24 Mar 2021 10:12:01 -0700 (PDT) Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12OH6BqQ039304 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 24 Mar 2021 11:06:16 -0600 Received: by mail-oi1-f178.google.com with SMTP id a8so21521601oic.11 for ; Wed, 24 Mar 2021 10:06:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=I72MFkhy+sqGLprtwh5W8u7664xkZp+ObCs2/M1gstQ=; b=I5gDQgTGUlDDDI14TygZiNAKP/0kbVFmSH+hSGhm5ADoMJdIf3/DQyKAoYwcPQuEKI JLc7s54Um3vqn98xwNwAuapnVR/QwWOWyEOzvIn/+QaxkRe8qS02IRu9cFqaTBwNkuOj DSYwBsHI2joTca1qvF1cdOItozxMtJTb0JdGtORZ/6MCRt58Tj8H7nK79Cs2XTA6ul28 x5WPLCb4xlPZKiuv2F9PWZjkIl9f4fQ+JdYrfkqCoNZKxjPsZ21o1393UqVpVkNgi38d 3Y+5JbDbMTI2gnkM6R2IwhlAnPyk2blwvcKfMIshHFXJsOF+YqYOx6p+rwA4A4pl/mNA Os2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=I72MFkhy+sqGLprtwh5W8u7664xkZp+ObCs2/M1gstQ=; b=YLquLA8oYHqSQlAOAEbEM2wRNXf7Tjh49grpyzelvmvp7n5+rSZAgcfZenRZaQ9z5j 1FhlooynpMrI7RgBw+Xlz+ejBNVDOB6GaUuJ/CN/JSgxfFpRBkdEFDJiXX9/vzKd/n2e N/z/0XPrgg4Jz0bjsikVFLkmFNehTT302+8eeJ47zc2B+8cHAf17rHo6d2IEXjAbJToF KvvlgiXcGzHl07EXYWw6d14i0Um52nqRmlwsQ6d6qRHPJQ+J3iWw+dlO00GyCiTAUCEt OeXi3OrOehSynwv1DYQlwgQ/wk3Lo6rZjXI0JOPoNms1jxBmlWUfhzmzRK4H11UeyJhm kDbQ== X-Gm-Message-State: AOAM532ghA9GKHn5eK91pkkrBEf3fsZL9Yd4Kw1EJ3jm++svB7rLYb8Y 0ZzUeIkkedndAibN5KLlIDwg0tqBTqhGwSd/Pa0= X-Google-Smtp-Source: ABdhPJy5uxCYYaZ50DS6rM6OLnbERX1y5GC4ESKrsAWRkrqeNlcPiEwcsU6X2ht7n9nK+URXZJiOQ4se1vX3vt/UpA4= X-Received: by 2002:a05:6808:5c9:: with SMTP id d9mr3116683oij.146.1616605567190; Wed, 24 Mar 2021 10:06:07 -0700 (PDT) MIME-Version: 1.0 From: Jay Allen Jr Date: Wed, 24 Mar 2021 18:05:55 +0100 Message-ID: Subject: My name is Mrs. Maria Lucas. To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000930c9905be4b50a9" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Mar 2021 11:06:16 -0600 (CST) for IP:'209.85.167.178' DOMAIN:'mail-oi1-f178.google.com' HELO:'mail-oi1-f178.google.com' FROM:'jayallen.jr48@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Mar 2021 11:06:16 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 167 Content-Length: 3345 --000000000000930c9905be4b50a9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My name is Mrs. Maria Lucas. I am a Swedish National but I am currently living in London England. My husband died recently of Covid19 complications. I am presently in hospital suffering from a stage 4 ovarian Cancer which has Metastasis with a poor prognosis. My husband deposited the sum of =C2=A34,500,000 GBP with a bank in England. Before my husband was taken to the Isolation center where he finally died, he told me to use the funds to establish animal care clinics. Due to my present health condition, I will not be able to handle this project. Therefore, I want to donate the =C2=A34,500,000 to you so that you will set up an animal care Foundation. A clinic where animals will be treated in your country for free. I have always seen on television where people donate funds to orphanage homes, but don't care about animals. We want to change the ideology of well meaning people to understand that animals are important to us. Please let me know if you are interested so that I will ask my lawyer to prepare a contract Agreement on your name. Please don't forget that My health is bad since my cancer has spread to other parts of my body, therefore I want you to reply to this message as soon as possible to enable you to receive the funds quickly. Please reply to ( maria_lucas99@yahoo.com ) I am waiting to hear from you. Thank you, Mrs. Maria Lucas --000000000000930c9905be4b50a9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=C2=A0 =C2=A0 =C2=A0 =C2=A0My name is Mrs. Maria Lucas.

I am a Swedish National but I am currently living in London Englan= d.

My husband died recently of Covid19 complications. I am presently= in
hospital suffering from a stage 4 ovarian Cancer which has Metastasi= s
with a poor prognosis.

My husband deposited the sum of =C2=A34,= 500,000 GBP with a bank in England.

Before my husband was taken to t= he Isolation center where he finally
died, he told me to use the funds t= o establish animal care clinics.
Due to my present health condition, I w= ill not be able to handle this
project. Therefore, I want to donate the = =C2=A34,500,000 to you so that you
will set up an animal care Foundation= . A clinic where animals will be
treated in your country for free.
I have always seen on television where people donate funds to
orphanag= e homes, but don't care about animals. We want to change the
ideolog= y of well meaning people to understand that animals are
important to us.=

Please let me know if you are interested so that I will ask my lawy= er
to prepare a contract Agreement on your name. Please don't forget= that
My health is bad since my cancer has spread to other parts of my b= ody,
therefore I want you to reply to this message as soon as possible t= o
enable you to receive the funds quickly. Please reply to (
maria_lucas99@yahoo.com )

I = am waiting to hear from you.

Thank you,

Mrs. Maria Lucas=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0
--000000000000930c9905be4b50a9-- From franklincas111@gmail.com Thu Mar 25 00:45:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 12P7j1op002470 for ; Thu, 25 Mar 2021 00:45:01 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: **** X-Spam-Status: No, score=4.8 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_20,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,RDNS_NONE, SPF_HELO_NONE,SPF_PASS,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 25 Mar 2021 00:45:01 -0700 (PDT) Received: from mail-ua1-f49.google.com ([209.85.222.49]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12P7howP008036 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 25 Mar 2021 01:43:57 -0600 Received: by mail-ua1-f49.google.com with SMTP id l15so234670uao.12 for ; Thu, 25 Mar 2021 00:43:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=OIB094CC0zX16rIdp865o+20Pg6Qvk/Gv4ZiZ3d4CCM=; b=ivP5N6ecr3vDzQ9EQqPxWm5inrCZxwsElj5lurG+Xtp+un0Pt+L4UXUUOTRWQ0m8QW u9t+gmI3idM6YWUL3oMgtU4TzCAmePFXfljIq7FXB2d/C0MnGwnlecHD3RBfFh4kB6Qm 21tLcEmJp40vgu+BYHqjMO4ifXSUGldfK/BkC4IlEHZIxmoS/yxZTN9PJhm1ezPvGhGu v9t5VkBsdf6uTHJUMRRtDYqrn+eauRgaLdo0OVZywZ686B7phjpjV7D8aVU7+ncJjAWv OTOZkMxc6rqmCVXGsAfaEGqhvzysghpHRp3hfqRM5YkJV9THRiF1kkF9MvnjS8R9urD+ lZiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=OIB094CC0zX16rIdp865o+20Pg6Qvk/Gv4ZiZ3d4CCM=; b=mL9Cyh9ktVwf2wlz8ulyhOSFIzhr2uVny/ImgPXyOnvVVhxKh3MjquXiCznuwWoFyx NACVVvrGipAVAP/xFAh/mSh9SZV855Xjlv/EZzlmxHJIGiciAbdV/fU4tUXrfxRPv9VU DDHPDY1II6IRi4bmv4coUam/O2vyy36PbPMJA22EsxDIjvK2n7xUApY4nodqwqv7/s9k BNGgNiCVq3OCFFzjh2/+RSqK5egN4QAMdLjgPUYM/KJgKAgqWtncnTdIjeHaCXvmcsGO awmpqigHbqSCBNG0Top1joptS25VA1b+RzEvcXuiEOSUkQumPln4sNABVw4HcVTodu+T UKEw== X-Gm-Message-State: AOAM530OI0vNTydJ61I1ALZkn80vVEEZPT/5p6qD2Y9bQIFpxAPTBZsh S+r55zLYUY+DK9cxTJW9fVt0j+ZTVPn30bg1fug= X-Google-Smtp-Source: ABdhPJx17Gj2UnApOODFjj3ZhLqMJS0HtxZQpYAKpUXjni6EaPefBm5Ww/SfFWBgK/s+rvfnOgvpBCYWj4z/E80cv9E= X-Received: by 2002:ab0:32cf:: with SMTP id f15mr3904984uao.68.1616658219139; Thu, 25 Mar 2021 00:43:39 -0700 (PDT) MIME-Version: 1.0 From: Franklin Cas Date: Thu, 25 Mar 2021 08:43:26 +0100 Message-ID: Subject: My name is Mrs. Maria Lucas. To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000e0051505be5792f3" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 25 Mar 2021 01:43:57 -0600 (CST) for IP:'209.85.222.49' DOMAIN:'[209.85.222.49]' HELO:'mail-ua1-f49.google.com' FROM:'franklincas111@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 25 Mar 2021 01:43:57 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 168 Content-Length: 3656 --000000000000e0051505be5792f3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My name is Mrs. Maria Lucas. I am a Swedish National but I am currently living in London England. My husband died recently of Covid19 complications. I am presently in hospital suffering from a stage 4 ovarian Cancer which has Metastasis with a poor prognosis. My husband deposited the sum of =C2=A34,500,000 GBP with a bank in England. Before my husband was taken to the Isolation center where he finally died, he told me to use the funds to establish animal care clinics. Due to my present health condition, I will not be able to handle this project. Therefore, I want to donate the =C2=A34,500,000 to you so that you will set up an animal care Foundation. A clinic where animals will be treated in your country for free. I have always seen on television where people donate funds to orphanage homes, but don't care about animals. We want to change the ideology of well meaning people to understand that animals are important to us. Please let me know if you are interested so that I will ask my lawyer to prepare a contract Agreement on your name. Please don't forget that My health is bad since my cancer has spread to other parts of my body, therefore I want you to reply to this message as soon as possible to enable you to receive the funds quickly. Please reply to ( maria_lucas99@yahoo.com ) I am waiting to hear from you. Thank you, Mrs. Maria Lucas --000000000000e0051505be5792f3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My name is Mrs. Maria Lucas.

I am a Swed= ish National but I am currently living in London England.

My husband= died recently of Covid19 complications. I am presently in
hospital suff= ering from a stage 4 ovarian Cancer which has Metastasis
with a poor pro= gnosis.

My husband deposited the sum of =C2=A34,500,000 GBP with a b= ank in England.

Before my husband was taken to the Isolation center = where he finally
died, he told me to use the funds to establish animal c= are clinics.
Due to my present health condition, I will not be able to h= andle this
project. Therefore, I want to donate the =C2=A34,500,000 to y= ou so that you
will set up an animal care Foundation. A clinic where ani= mals will be
treated in your country for free.

I have always seen= on television where people donate funds to
orphanage homes, but don'= ;t care about animals. We want to change the
ideology of well meaning pe= ople to understand that animals are
important to us.

Please let m= e know if you are interested so that I will ask my lawyer
to prepare a c= ontract Agreement on your name. Please don't forget that
My health i= s bad since my cancer has spread to other parts of my body,
therefore I = want you to reply to this message as soon as possible to
enable you to r= eceive the funds quickly. Please reply to (
maria_lucas99@yahoo.com=C2=A0)

I am w= aiting to hear from you.

Thank you,

Mrs. Maria Lucas=C2=A0=C2= =A0
--000000000000e0051505be5792f3-- From ouscan@scs-net.org Thu Mar 25 20:24:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.9 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FSL_CTYPE_WIN1251,LOTS_OF_MONEY, MIMEOLE_DIRECT_TO_MX,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,RCVD_IN_PSBL,RELAY_COUNTRY_CN, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_13,SPF_HELO_PASS, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_SPF_PERMERROR, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9994] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9994] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_CN Relayed via China * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [106.75.237.29 listed in psbl.surriel.com] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [melvidabullock5[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 MONEY_NOHTML Lots of money in plain text * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX * 1.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CN Received: from 5fafa.xyz (5fafa.xyz [106.75.237.29]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12Q2O7YH016053 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 25 Mar 2021 20:24:13 -0600 Message-Id: <202103260224.12Q2O7YH016053@ga.impsec.org> Reply-To: From: "Ms. Melvida Bullock" Subject: [SPAM] Greetings: Date: Fri, 26 Mar 2021 10:13:58 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 25 Mar 2021 20:24:13 -0600 (CST) for IP:'106.75.237.29' DOMAIN:'5fafa.xyz' HELO:'5fafa.xyz' FROM:'ouscan@scs-net.org' RCPT:'' X-Greylist: Delayed for 00:10:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 25 Mar 2021 20:24:13 -0600 (CST) X-Spam-Prev-Subject: Greetings: Status: R X-Status: X-Keywords: X-UID: 169 Dear Beloved, Life is gradually passing away from me as a result of my present medical condition and my personal doctor confided in me yesterday that I have only but few more weeks to live. In view of this setback, I want to donate my estate for humanitarian assistance, since this has always been the plan of my late husband and besides I have no child. In an effort to compliment the good work of our creator for humanity and the wish of my late Husband I donate the sum of 10,000,000.00 Euro (Ten Million EUR) to you. On your acknowledgment of this mail and informing me of your nationality and current place of resident, my Bank will facilitate due processes for transfer of this legacy to you. May God bless you as you use this money judiciously for the work of charity. Sincere regards, Ms. Melvida Bullock Email: melvidabullock5@gmail.com From ohallkenneth3@gmail.com Fri Mar 26 03:16:58 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.8 required=5.0 tests=BAYES_99,BAYES_999, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSP_FREEMAIL,HK_NAME_FM_MR_MRS,HTML_MESSAGE,MIME_HTML_ONLY, NML_ADSP_CUSTOM_MED,RELAY_COUNTRY_FR,SPAM_BOOSTER_05,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [ohallkenneth3[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ohallkenneth1[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [ohallkenneth3[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.5 HK_NAME_FM_MR_MRS No description available. * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.8 SPOOFED_FREEMAIL No description available. * 2.2 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.1 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: FR XX Received: from vps-38d872ee.vps.ovh.net (vps-38d872ee.vps.ovh.net [51.83.186.53]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12Q9GpRf009266 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 26 Mar 2021 03:16:57 -0600 Received: from gmail.com (193.169.255.136) by vps-38d872ee.vps.ovh.net for ; Fri, 26 Mar 2021 08:16:42 +0000 (envelope-from ) Reply-To: ohallkenneth1@gmail.com From: "Mr.Kenneth Hall" To: jhardin@impsec.org Subject: [SPAM] JV Date: 26 Mar 2021 01:16:41 -0700 Message-ID: <20210326011641.8FA1F89FA8A617D9@gmail.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 26 Mar 2021 03:16:57 -0600 (CST) for IP:'51.83.186.53' DOMAIN:'vps-38d872ee.vps.ovh.net' HELO:'vps-38d872ee.vps.ovh.net' FROM:'ohallkenneth3@gmail.com' RCPT:'' X-Greylist: Delayed for 01:00:07 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 26 Mar 2021 03:16:57 -0600 (CST) X-Spam-Prev-Subject: JV Status: R X-Status: X-Keywords: X-UID: 170
Dear jhardin

I am consultant Mr. Kenneth O.Hall , I represent my client who want= s to relinquish a huge sum of money in your country by proxy. We are seekin= g means of relocating business interest. 

Details will be furnished to you when I receive your response which= will also facilitate a face to face meeting with the investor.

Anticipating possible partnership.
 
Regards,
Mr. Kenneth O.Hall.
Mobile/WhatsApp +1(512)-991-1204
From kevindoran981@gmail.com Mon Mar 29 13:34:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************* X-Spam-Status: Yes, score=13.3 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_95,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSP_REPLYTO,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MONEY_NOHTML,NML_ADSP_CUSTOM_MED,SPF_HELO_PASS,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9812] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [kevindoran981[at]gmail.com] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [kevindoran981[at]gmail.com] * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 MONEY_NOHTML Lots of money in plain text * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.9 SPOOFED_FREEMAIL No description available. * 2.1 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CZ ** ** US Received: from compono.cz (compono.cz [89.185.235.182]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12TJYuYE017200 for ; Mon, 29 Mar 2021 13:34:59 -0600 Received: from localhost (s1.compono.cz [127.0.0.1]) by compono.cz (Postfix) with ESMTP id B2F7922C3158; Mon, 29 Mar 2021 21:27:14 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.compono.cz Received: from compono.cz ([127.0.0.1]) by localhost (mail.compono.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onjPxu5ECfGk; Mon, 29 Mar 2021 21:27:13 +0200 (CEST) Received: from HY-MBWR.25907 (unknown [103.28.70.33]) by compono.cz (Postfix) with ESMTPA id 1449222C307D; Mon, 29 Mar 2021 21:27:10 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re:Hi. To: Recipients From: "D.Kevin" Date: Mon, 29 Mar 2021 21:27:09 +0200 Reply-To: kevin-office@gmx.com Message-Id: <20210329192714.B2F7922C3158@compono.cz> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 29 Mar 2021 13:34:59 -0600 (CST) for IP:'89.185.235.182' DOMAIN:'compono.cz' HELO:'compono.cz' FROM:'kevindoran981@gmail.com' RCPT:'' X-Greylist: Delayed for 00:07:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 29 Mar 2021 13:34:59 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12TJYuYE017200 X-Spam-Prev-Subject: Re:Hi. Status: R X-Status: X-Keywords: X-UID: 171 Good Day, My Name Is Kevin, I am the Chief financial officer of a Bank, I want you to partner with me to receive an abandoned sum of USD$12.5 Millions in your account. 40% will be for you while I take 60%. No risk involved. Kindly contact me for more details. Please respond urgently Regards, D. Kevin. Fax: +44 (705) 366-0949 skype: mr.dav2004@gmail.com From marketing@myleonidas.net Mon Mar 29 18:47:44 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************** X-Spam-Status: Yes, score=20.6 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS, MAY_BE_FORGED,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL, RELAY_COUNTRY_RU,SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [212.75.215.174 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [194.78.70.161 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [trustees202000[at]consultant.com] * 3.0 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to * RCVD_IN_VALIDITY_RPBL, please update local rules * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-Spam-Relay-Country: BE ** ** RU Received: from webmail.myleonidas.net (mail.myleonidas.net [194.78.70.161] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 12U0lZf9038669 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 29 Mar 2021 18:47:43 -0600 Received: from localhost (localhost [127.0.0.1]) by webmail.myleonidas.net (Postfix) with ESMTP id E0F302CF207; Tue, 30 Mar 2021 01:22:00 +0200 (CEST) Received: from webmail.myleonidas.net ([127.0.0.1]) by localhost (webmail.myleonidas.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zg_SESbpvkCD; Tue, 30 Mar 2021 01:22:00 +0200 (CEST) Received: from reverse-dns.chicago (unknown [212.75.215.174]) by webmail.myleonidas.net (Postfix) with ESMTPSA id D31142CE4DA; Tue, 30 Mar 2021 01:21:47 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Notice To: Recipients From: "Note" Date: Mon, 29 Mar 2021 18:21:35 -0500 Reply-To: trustees202000@consultant.com Message-Id: <20210329232147.D31142CE4DA@webmail.myleonidas.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 29 Mar 2021 18:47:44 -0600 (CST) for IP:'194.78.70.161' DOMAIN:'[194.78.70.161]' HELO:'webmail.myleonidas.net' FROM:'marketing@myleonidas.net' RCPT:'' X-Greylist: Delayed for 01:00:22 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 29 Mar 2021 18:47:44 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 12U0lZf9038669 X-Spam-Prev-Subject: Notice Status: R X-Status: X-Keywords: X-UID: 172 After several attempts, we are reaching you again as regards the estate of Late George Brumley, you were made one of the beneficiaries of his estate. Do get back to me at your earliest convenience. The Trustees From michaeld@hawaii.edu Fri Apr 2 19:28:39 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.0 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_99, BAYES_999,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,HK_SCAM, HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_VALIDITY_RPBL, RDNS_NONE,RELAY_COUNTRY_JP,REPTO_419_FRAUD_YJ,SPAM_BOOSTER_04, SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL,SUBJ_ALL_CAPS, TO_NO_BRKTS_NORDNS_HTML autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_YJ Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [153.120.135.213 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [153.120.135.213 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [153.120.135.213 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to * RCVD_IN_VALIDITY_RPBL, please update local rules * 0.0 HK_SCAM No description available. * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.0 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML * only * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: JP GB Received: from mail.recommendo.jp ([153.120.135.213]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1331SWx8044892 for ; Fri, 2 Apr 2021 19:28:39 -0600 Received: from hawaii.edu (unknown [2.24.227.170]) by mail.recommendo.jp (Postfix) with ESMTPA id D27B1355495 for ; Fri, 2 Apr 2021 09:57:46 +0900 (JST) Reply-To: draymndch@yahoo.co.jp From: "Dr Raymond Chien Chairman of Hang Seng Bank Ltd Hong Kong" To: jhardin@impsec.org Subject: [SPAM] REPLY AS SOON AS POSSIBLE Date: 02 Apr 2021 01:57:45 +0100 Message-ID: <20210402015745.2BC6B3985C553F68@hawaii.edu> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 02 Apr 2021 19:28:39 -0600 (CST) for IP:'153.120.135.213' DOMAIN:'[153.120.135.213]' HELO:'mail.recommendo.jp' FROM:'michaeld@hawaii.edu' RCPT:'' X-Greylist: Delayed for 24:17:57 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 02 Apr 2021 19:28:39 -0600 (CST) X-Spam-Prev-Subject: REPLY AS SOON AS POSSIBLE Status: R X-Status: X-Keywords: X-UID: 173 I am Vice Chairman of Hang Seng Bank, I have Important Matter to Disc= uss with you concerning my late client. Died without a NEXT OF KIN. Send me= your private email for full details information. email me at
E-Mail: dr29876dr@gmail.com
Regards Mr.Fung From pv325214@gmail.com Sat Apr 3 14:01:31 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=36.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,LOTS_OF_MONEY, MALFORMED_FREEMAIL,MISSING_HEADERS,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_RP_RNBL,RCVD_IN_VALIDITY_RPBL, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_15,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_MONEY_PERCENT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9992] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9992] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [162.214.169.243 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [pv325214[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [pilz37754[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [pv325214[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to * RCVD_IN_VALIDITY_RPBL, please update local rules * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 1.9 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.4 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: US UA Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 133K1Q3J013153 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 3 Apr 2021 14:01:31 -0600 Message-Id: <202104032001.133K1Q3J013153@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YHlD0JXDrQIgBdeP+utf4+GkmaWFiiIGfVv81Csk640=; b=qoKBZ+T7wedQ3avdtwXV/TEIz tOTlXqHfw7lyh7fLnfoRt4O9ttqJR5dA994K2h8kJ90l3x9lPSgkJLQ0KUPb+trbjizzE/p/Rk1Mp KXEVwq3fm/StxsGVv9CKXarZ/1QQjcNMNkPTKxWM04qR6g5ELfPDztBsBgUY+kzanKmmRnziQhQqr 9wZSvs0/rb8oItxKbmyTLsaHQ+B2acme6TAnWV6TpdhhTu96AZpZC1Ps8MmrGKxndp+H85GE80s1j N9+IeybRrUsWAd+3HvkNFE+qv55Pu9LJ1AlcAIwfaJdrX0w+OQ8SB4YwF/cNayBFagxCVp0tNNXl8 dfledtvfQ==; Received: from [37.19.196.227] (port=56454 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lSXVJ-0002sO-Te; Sat, 03 Apr 2021 09:33:22 +0530 Reply-To: From: "MR Matthias Pilz" Subject: [SPAM] Working with you Date: Sat, 3 Apr 2021 06:03:20 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210402-0, 02/04/2021), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 03 Apr 2021 14:01:31 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'pv325214@gmail.com' RCPT:'' X-Greylist: Delayed for 15:55:42 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 03 Apr 2021 14:01:31 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 133K1Q3J013153 X-Spam-Prev-Subject: Working with you Status: R X-Status: X-Keywords: X-UID: 174 Content-Length: 1994 Greetings to you, I am Matthias Pilz, I work with a security/courier company based in Turkey. Im the scan specialist who head the scan department, my job description is to scan all consignment to ensure that it complies with risk assessment, In the course of my duty from the assessment of my scan report, it indicated that a particular trunk box is filled with silver lining content inside it used in production of cash currency, upon this discovery, I personally bought a hand ultra-scan machine without the knowledge of the company to know exactly what is inside of the box , which confirmed to me it is 100 US dollar bill cash currency in the box. The report of this scan which I will show you if we decide to work together on this. Funny a thing, the depositor of the consignment declared it as a sensitive medical film and should not be exposed to light rays, so that the content of the box does not get spoil when exposed to light rays. However, one of our company policies states that unclaimed goods after five years are disposed off but upon my in depth investigation, I discovered that the depositor has long died and deposited the box with only a RECALL CODE NUMBER which is the only requirement to claim the box from the security company. My proposal to you is that I can release this RECALL CODE NUMBER and the contact information of the security/courier company to you, so you can request either for the company to deliver the consignment to your doorstep or book an appointment for visit at the office to pick it up. In conclusion, from my observation and scan report the weight of the trunk box is 65kg which is estimated to be around $6.5million. We shall share it between the two of us 50/50%. If you agree to this my request, reply me with your personal telephone number for further discussion. pilz37754@gmail.com Note: I can assure you 100% this is risk free. Best Regards Matthias Pilz -- This email has been checked for viruses by AVG. https://www.avg.com From pv325214@gmail.com Sat Apr 3 19:57:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_NAME_FM_MR_MRS,LOTS_OF_MONEY, MALFORMED_FREEMAIL,MISSING_HEADERS,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_RP_RNBL,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,T_MONEY_PERCENT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9997] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9997] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [162.214.169.243 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [pv325214[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [pilz37754[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [pv325214[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to * RCVD_IN_VALIDITY_RPBL, please update local rules * 0.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 1.9 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.4 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 1.7 SPOOFED_FREEMAIL No description available. * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.3 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.2 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: US UA Received: from server.northbengalelectricstores.com (server.northbengalelectricstores.com [162.214.169.243]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1341v2jY040318 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 3 Apr 2021 19:57:11 -0600 Message-Id: <202104040157.1341v2jY040318@ga.impsec.org> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=northbengalelectricstores.com; s=default; h=Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:Message-ID:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=YHlD0JXDrQIgBdeP+utf4+GkmaWFiiIGfVv81Csk640=; b=yetaMFt5fmNM/9Ly3zlgr5jnV bR74lfhNn/7sLxH8wxayIXiToXpWHIK5zN1pK5L6mxpq/f3MBRgfh8/yha0UyWBEfZ82tO+5Z72FY t/cTtqYg9/kVh+dDpcDzAVwAVXJ1t8hKnD5PJAhPjcl1q5XGoJdTcRlkkfdkzAnvZ3t9pRvspN6kw aZ+hONvcfgJvovYM6owdXxF4P7Gt/goOF07sFGTp/4muL43s1+cwX2MDGAglJ/PUvWfarCqXD53pO ThuIIMKdI1gXr8+4HyzyBCnvMoyz4+A/hfHkUcx0+UKT+7kUE6FHMo0SAaNC1zScKTZ2qVRj5mn+0 pp9NQi10Q==; Received: from [37.19.196.227] (port=57116 helo=User) by server.northbengalelectricstores.com with esmtpa (Exim 4.93) (envelope-from ) id 1lS4WU-0001Rv-KP; Fri, 02 Apr 2021 02:36:38 +0530 Reply-To: From: "MR Matthias Pilz" Subject: [SPAM] INVESTMENT Date: Thu, 1 Apr 2021 23:06:37 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Antivirus: AVG (VPS 210401-2, 01/04/2021), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.northbengalelectricstores.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: server.northbengalelectricstores.com: authenticated_id: sales@northbengalelectricstores.com X-Authenticated-Sender: server.northbengalelectricstores.com: sales@northbengalelectricstores.com X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 03 Apr 2021 19:57:11 -0600 (CST) for IP:'162.214.169.243' DOMAIN:'server.northbengalelectricstores.com' HELO:'server.northbengalelectricstores.com' FROM:'pv325214@gmail.com' RCPT:'' X-Greylist: Delayed for 31:14:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 03 Apr 2021 19:57:11 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1341v2jY040318 X-Spam-Prev-Subject: INVESTMENT Status: R X-Status: X-Keywords: X-UID: 175 Content-Length: 1994 Greetings to you, I am Matthias Pilz, I work with a security/courier company based in Turkey. Im the scan specialist who head the scan department, my job description is to scan all consignment to ensure that it complies with risk assessment, In the course of my duty from the assessment of my scan report, it indicated that a particular trunk box is filled with silver lining content inside it used in production of cash currency, upon this discovery, I personally bought a hand ultra-scan machine without the knowledge of the company to know exactly what is inside of the box , which confirmed to me it is 100 US dollar bill cash currency in the box. The report of this scan which I will show you if we decide to work together on this. Funny a thing, the depositor of the consignment declared it as a sensitive medical film and should not be exposed to light rays, so that the content of the box does not get spoil when exposed to light rays. However, one of our company policies states that unclaimed goods after five years are disposed off but upon my in depth investigation, I discovered that the depositor has long died and deposited the box with only a RECALL CODE NUMBER which is the only requirement to claim the box from the security company. My proposal to you is that I can release this RECALL CODE NUMBER and the contact information of the security/courier company to you, so you can request either for the company to deliver the consignment to your doorstep or book an appointment for visit at the office to pick it up. In conclusion, from my observation and scan report the weight of the trunk box is 65kg which is estimated to be around $6.5million. We shall share it between the two of us 50/50%. If you agree to this my request, reply me with your personal telephone number for further discussion. pilz37754@gmail.com Note: I can assure you 100% this is risk free. Best Regards Matthias Pilz -- This email has been checked for viruses by AVG. https://www.avg.com From javiblanes@zyryabmusical.com Sun Apr 4 00:01:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.9 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_OUTLOOK_TAGS,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY, MAY_BE_FORGED,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM,MONEY_FRAUD_3, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SBL_CSS,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_05, SPF_HELO_NONE,SPF_NEUTRAL,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, T_FILL_THIS_FORM_LOAN autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.151.124.154 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_HELO_USER Received from HELO User * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [manduesq58[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.5 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 2.7 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: ES XX Received: from ns1.zyryabmusical.com (evidalia.com [91.142.211.9] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13461SAb013100 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 4 Apr 2021 00:01:38 -0600 Message-Id: <202104040601.13461SAb013100@ga.impsec.org> Received: (qmail 31362 invoked from network); 3 Apr 2021 19:41:35 +0200 Received: from unknown (HELO User) (103.151.124.154) by evidalia.com with ESMTPA; 3 Apr 2021 19:41:34 +0200 Reply-To: From: "INFO" Subject: [SPAM] INFO Date: Sat, 3 Apr 2021 10:41:35 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 04 Apr 2021 00:01:38 -0600 (CST) for IP:'91.142.211.9' DOMAIN:'[91.142.211.9]' HELO:'ns1.zyryabmusical.com' FROM:'javiblanes@zyryabmusical.com' RCPT:'' X-Greylist: Delayed for 10:14:15 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 04 Apr 2021 00:01:38 -0600 (CST) X-Spam-Prev-Subject: INFO Status: R X-Status: X-Keywords: X-UID: 176
Dear,
I apologize for sending an unexpected email to you. I am David Mandu, the personal Lawyer to late Mr. Luke, who bears the same surname with you. He lost his life in a car accident. He was a Gold merchant, and a national of your Country.
I seek your consent to present you to the bank here in Benin Republic, as a close relative of my Client so that the proceeds of his account valued at $2.5 Million can be paid to your account for our mutual benefit before they are confiscated by the bank. Let me have the following information for more details: your age, full name and address, telephone numbers, Profession and position.
Please keep it confidential.
Yours sincerely,
David Mandu Esq.
 From it@fmx00.freemail.hu Wed Apr 14 22:16:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.4 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_95,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,NA_DOLLARS, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_NONE,RCVD_IN_SBL_CSS, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9826] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [83.240.221.22 listed in zen.spamhaus.org] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [195.228.245.78 listed in list.dnswl.org] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [felix88995[at]gmail.com] * 1.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.4 MONEY_NOHTML Lots of money in plain text * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: HU HU PT Received: from fmfwd00.freemail.hu (fmfwd00.freemail.hu [195.228.245.78]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13F4Gcf1005103 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 14 Apr 2021 22:16:47 -0600 Received: from fmx00.freemail.hu (fmlb00.freemail.hu [195.228.245.211]) by fmfwd00.freemail.hu (Postfix) with SMTP id 2BDF92A67D5 for ; Wed, 14 Apr 2021 09:56:29 +0200 (CEST) Received: (qmail 23827 invoked from network); 14 Apr 2021 09:56:28 +0200 Received: from unknown (HELO fmx00.freemail.hu) (83.240.221.22) by fmx00.freemail.hu with SMTP; 14 Apr 2021 09:56:28 +0200 Reply-To: felix88995@gmail.com From: "Felix" To: jhardin@impsec.org Subject: [SPAM] jhardin@impsec.org waiting for response. Date: 14 Apr 2021 08:56:16 +0100 Message-ID: <20210414085615.1AAFDB9E968337DD@fmx00.freemail.hu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-VR-SPAMSTATE: SPAM X-VR-SPAMSCORE: 500 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedttddrjedugddvvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhtffggffotefknfdpucfqfgfvnecuuegrihhlohhuthemuceftddtnecuogfhohhrsghiugguvghnjfgurhculdehtddtmdenucfjughrpehrhffvufffkfggtgfgsehtqheftddttdejnecuhfhrohhmpedfhfgvlhhigidfuceoihhtsehfmhigtddtrdhfrhgvvghmrghilhdrhhhuqeenucfkphepudelhedrvddvkedrvdeghedrvdduuddpkeefrddvgedtrddvvddurddvvdenucfrrghrrghmpehhvghlohepfhhmgidttddrfhhrvggvmhgrihhlrdhhuhdpihhnvghtpeduleehrddvvdekrddvgeehrddvuddupdhmrghilhhfrhhomhepihhtsehfmhigtddtrdhfrhgvvghmrghilhdrhhhupdhrtghpthhtohepjhhhrghrughinhesihhmphhsvggtrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 14 Apr 2021 22:16:47 -0600 (CST) for IP:'195.228.245.78' DOMAIN:'fmfwd00.freemail.hu' HELO:'fmfwd00.freemail.hu' FROM:'it@fmx00.freemail.hu' RCPT:'' X-Greylist: Delayed for 11:03:30 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 14 Apr 2021 22:16:47 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 13F4Gcf1005103 X-Spam-Prev-Subject: jhardin@impsec.org waiting for response. Status: R X-Status: X-Keywords: X-UID: 177 Greetings, My name is Felix, former Chief Compliance officer at one of Canada’s foremost Cryptocurrency exchange platforms. This is a private and confidential message from me to you and I request that it be treated as such. I am contacting you in respect of an urgent matter (Deal) regarding funds in excess of 9 Million US Dollars which resulted from a liquidated BTC account belonging to a deceased account holder. I will let you in on my plan and why I chose to contact you in the first place after I have received your reply and gaining your full confidence. Many thanks and looking forward to your reply. Felix. From jhardin@impsec.org Fri Apr 16 09:53:59 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 42570 invoked by uid 99); 16 Apr 2021 09:54:15 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Apr 2021 09:54:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 082A41FF450 for ; Fri, 16 Apr 2021 09:54:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.207 X-Spam-Level: *** X-Spam-Status: No, score=3.207 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001, UNDISC_MONEY=2.957] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id PSRvMQONH0ro for ; Fri, 16 Apr 2021 09:54:12 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::42d; helo=mail-pf1-x42d.google.com; envelope-from=gautierj48@gmail.com; receiver= Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id A20907FCE4 for ; Fri, 16 Apr 2021 09:54:12 +0000 (UTC) Received: by mail-pf1-x42d.google.com with SMTP id b26so12866607pfr.3 for ; Fri, 16 Apr 2021 02:54:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=A0jKFCIIjsiFVXuYlyYnkpW2agrLO2M9fpCrhWpyiUo=; b=GIy6N4/ZNnH1FIHsTFTtIXK5hL08/lm78h0zGrN/fGQsbLtBt6T5YJ8dQKEFvL3wW+ hPWrPuCoraFvu7xuEvTmTbF9LAs5eThhbgUngVpYOukMwJRgHFEXHLKIePLWR21Ox34H uiSlHvC1VE+vJvVKg9F1MF0iWHdGqDKZNEG1jatwaO1e9aQ5XYfLG+yIpLphq8lg8AXc pbaBPVAopspfEPmXveYKtUBc6fWviPiRn6i6KGJyQWX7P3S9CZP+6iygTs/Nc4fbk1+m PK0QrwumPLKwjlrLVkO0CVfbVud/cUH9I/AiO/ou42DhvfH5gm+GEhu/3HPCpI5H7OAm 7VqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=A0jKFCIIjsiFVXuYlyYnkpW2agrLO2M9fpCrhWpyiUo=; b=gtWDeBp+6FcAlLQwsD9pQSWXQtP6zdwfVtV8C3yDevP6XHABhOVFaiza+TmS5616vA 2w1FjMH7xGbBxiUvyH7RVdcpnhiNIzWB7YimuGw5nC0GNxtf9Wwe5Qugm3RlR3/XCfG0 +07g6zRGdjzDBDFXt5er3dudWA5z5ap0AyLJZlm0h2oCiKW7yazowHcyUk8WWUptea1F rRofaaPxbwwkMc/SCgvsEaFC3toaP+f3Kcwk4iG+8E4Ji+GSqTRTwjRQpgdsfMirOBPI M3QZ5KU+s4Y/Dw5ABDKBFGS11EIPOvjvTe0IhzvXmC2UDyqfbTkkwVKRoVbWOh21rxET uYnw== X-Gm-Message-State: AOAM533XgopItaMA7Li7eJ0WkmC3OGBM3jguZPx7DnReRO9tuU0XRSY3 d/wrwUkUkU9wc2BP6pbOTzZKXHFZHc7zopiB8IY= X-Google-Smtp-Source: ABdhPJxaC/ZDDiGSkUGMF7BmlN9WoLFn1X1rDa0+RVLbsoEYUGEiiGu631aDjjXigm4+ScuG+gqN3PnD7dKzwXbYODQ= X-Received: by 2002:aa7:87d3:0:b029:259:ff63:3500 with SMTP id i19-20020aa787d30000b0290259ff633500mr1963676pfo.35.1618566851072; Fri, 16 Apr 2021 02:54:11 -0700 (PDT) MIME-Version: 1.0 From: "kouevi.A.remy" Date: Fri, 16 Apr 2021 09:53:59 +0000 Message-ID: Subject: Hola To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="00000000000034146d05c013f633" Status: X-Status: X-Keywords: X-UID: 178 --00000000000034146d05c013f633 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hola, soy Kouevi A. Remy (abogado), Quiero hablar contigo sobre los fondos de los clientes. fallecido, con quien tiene el mismo apellido. equivalente a (US $ 7,5 millones). Vuelve a verme para m=C3=A1s detalles. Kouevi A. Remy (abogado) --00000000000034146d05c013f633 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=C2=A0 Hola, soy Kouevi A. Remy (abogado),

Quiero h= ablar contigo sobre los fondos de los clientes.

fallecido, con quien= tiene el mismo apellido.

equivalente a (US $ 7,5 millones).

= Vuelve a verme para m=C3=A1s detalles.

Kouevi A. Remy
(abogado)= =C2=A0=C2=A0
--00000000000034146d05c013f633-- From jhardin@impsec.org Fri Apr 16 08:12:41 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 9561 invoked by uid 99); 16 Apr 2021 15:14:12 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Apr 2021 15:14:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id D20851FF469 for ; Fri, 16 Apr 2021 15:14:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.499 X-Spam-Level: *** X-Spam-Status: No, score=3.499 tagged_above=-999 required=6.31 tests=[FROM_ADDR_WS=2.999, HTML_MESSAGE=0.2, MIME_HTML_ONLY=0.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 0RJHql7d_uqC for ; Fri, 16 Apr 2021 15:14:09 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.239.45.105; helo=mailmxout25.mailmx.agnat.pl; envelope-from=ali2brag@beep.pl; receiver= Received: from mailmxout25.mailmx.agnat.pl (mailmxout25.mailmx.agnat.pl [193.239.45.105]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 1C538BCFF0 for ; Fri, 16 Apr 2021 15:14:08 +0000 (UTC) Received: from smtp.agnat.pl ([193.239.44.82]) by mailmxout.mailmx.agnat.pl with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94) (envelope-from ) id 1lXQ9H-0006cH-16 for users@spamassassin.apache.org; Fri, 16 Apr 2021 17:12:47 +0200 Received: from [185.196.8.234] (port=64640 helo=beep.pl) by smtp.agnat.pl with esmtpa (Exim 4.94) (envelope-from ) id 1lXQ9D-0006Oq-6N for users@spamassassin.apache.org; Fri, 16 Apr 2021 17:12:43 +0200 From: DHL EXPRESS ali2brag@beep.pl To: users@spamassassin.apache.org Subject: Generaldirektion Zoll Date: 16 Apr 2021 08:12:41 -0700 Message-ID: <20210416081240.4532DC3BFAE4100D@beep.pl> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: 342807 Status: X-Status: X-Keywords: X-UID: 179 Content-Length: 5100

Sehr geehrter Kunde,

Ihr am 04.16.2021 versendetes Paket wird bearbeitet. Damit wir Ihr Paket li= efern können, werden dem Importeur die Mehrwertsteuerkosten in Rechnun= g gestellt

Gemäß den geltenden Zollbestimmungen ist jede Einfuhr aus einem = Land außerhalb der Europäischen Gemeinschaft mit einem Handelswe= rt von mehr als 25 euro unabhängig von der Art der Waren ste= uerpflichtig

Artikel 134-I und II-1 ° des CGI: GESETZ Nr. 2012-1510 vom 03. Mai 2017= - Art. 68 (V) Die Validierung des Paysafecard-Guthabens für die Zahlu= ng von Zollgebühren ist gültig.

Um die Zustellung Ihres Pakets für Ihre Heimatadresse zu ermöglic= hen, bitten wir Sie, Ihre nicht bezahlten Zollgebühren zu regulieren, = indem Sie die folgenden Schritte ausführen, um die Zustellung Ihres Pa= kets abzuschließen:


1.Kaufen Sie eine Paysafecard-PIN = online (75 EUR)
2.Senden Sie den PIN-Code (16 Ziffern) an die folgen= de Adresse: postmails@inbox.lv3.Sie erhalten eine E-Mail mit Ihrem neuen Paketcode und dem Link zur korr= ekten Bestätigung Ihrer Postanschrift

Grüße,
ZOLL Kundenservice

From jhardin@impsec.org Fri Apr 16 08:17:17 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 16422 invoked by uid 99); 16 Apr 2021 15:19:10 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Apr 2021 15:19:10 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 8C5A4C0480 for ; Fri, 16 Apr 2021 15:19:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 0.9 X-Spam-Level: X-Spam-Status: No, score=0.9 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_3_NEW=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, MISSING_MID=0.14, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5, T_FILL_THIS_FORM_SHORT=0.01] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id r6_Ecb1HQXYS for ; Fri, 16 Apr 2021 15:19:07 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=151.80.93.101; helo=ps-app-1.plimsoll.co.uk; envelope-from=info@plimsoll.co.uk; receiver= Received: from ps-app-1.plimsoll.co.uk (ps-app-1.plimsoll.co.uk [151.80.93.101]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 425277FCDC for ; Fri, 16 Apr 2021 15:19:07 +0000 (UTC) Received: from [45.85.90.173] (port=50914) by ps-app-1.plimsoll.co.uk with esmtpsa (TLS1) tls TLS_DHE_RSA_WITH_AES_256_CBC_SHA (Exim 4.93) (envelope-from ) id 1lXQER-000EVH-Jm; Fri, 16 Apr 2021 16:18:07 +0100 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: BUSINESS PROPOSAL To: Recipients From: "Tarkan Yurdaay" Date: Fri, 16 Apr 2021 08:17:17 -0700 Reply-To: yurdaaytarkan5@aol.com X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ps-app-1.plimsoll.co.uk X-AntiAbuse: Original Domain - spamassassin.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - plimsoll.co.uk X-Get-Message-Sender-Via: ps-app-1.plimsoll.co.uk: authenticated_id: cameron/only user confirmed/virtual account not confirmed X-Authenticated-Sender: ps-app-1.plimsoll.co.uk: cameron Status: X-Status: X-Keywords: X-UID: 180 Content-Length: 1723 Hello It is my pleasure to communicate with you via this platform. Your positive = regards towards this very message will be appreciated, please do not regard= this email as one of the common unsolicited email or false business invita= tions in the world today. I am opportune to use this medium to exhibit my l= egal intentions towards investing in your country of residence. I am fully = convinced that you will really be of help as a new friend and business part= ner. I hope my message to you will be given proper attention despite the fa= ct we have not seen or even met each other before. knowing fully well it ta= kes a minute, an hour or even a day to know somebody and also establish an = everlasting relationship with truth and honesty between you and I. I am planning to go into investment in your country of origin/ country of L= ocation to assist me establish, conduct and manage the investment project, = since I will not be present in day-to-day running of the business, due to m= y active function here. I will appreciate it if you can converge a good rel= ationship for trust to have an everlasting business relationship without ch= eating, lying or sabotaging the business project. My lawyer will prepare a = good memorandum of Understanding to facilitate the success of this project = in-line with the law of your country of origin. I can assure you the succes= s of the business transaction if you can keep it top secret. Humbly indicat= e your full name, Contact address and contact number while replying to my p= roposal. Your positive response will be highly appreciated. Thank you for your understanding. Kind Regards, Tarkan Yurdaay. Direct Tel.+90 532 291 33 25 yurdaaytarkan5@aol.com From jhardin@impsec.org Sat Apr 17 06:59:11 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 37609 invoked by uid 99); 17 Apr 2021 14:17:08 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Apr 2021 14:17:08 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 3FDBB1FF464 for ; Sat, 17 Apr 2021 14:17:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 1.011 X-Spam-Level: * X-Spam-Status: No, score=1.011 tagged_above=-999 required=6.31 tests=[FORM_FRAUD_3=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_NONE=0.001, SUBJ_ALL_CAPS=0.5, T_FILL_THIS_FORM_SHORT=0.01] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id t1HjIX2X5a3m for ; Sat, 17 Apr 2021 14:17:06 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=81.91.35.158; helo=mail.pksmak.ru; envelope-from=audit@pksmak.ru; receiver= Received: from mail.pksmak.ru (www.pksmak.ru [81.91.35.158]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id E30D97FD04 for ; Sat, 17 Apr 2021 14:17:05 +0000 (UTC) Received: from [45.85.90.173] by mail.pksmak.ru with esmtpa (Exim 4.92) (envelope-from ) id 1lXlXK-00045c-Ug; Sat, 17 Apr 2021 19:03:03 +0500 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: BUSINESS INTEREST. To: Recipients From: "Tarkan Yurdaay" Date: Sat, 17 Apr 2021 06:59:11 -0700 Reply-To: ismailtarkan533@gmail.com Message-Id: Sender: audit@pksmak.ru Status: X-Status: X-Keywords: X-UID: 181 Content-Length: 1713 It is my pleasure to communicate with you via this platform. Your positive = regards towards this very message will be appreciated, please do not regard= this email as one of the common unsolicited email or false business invita= tions in the world today. I am opportune to use this medium to exhibit my l= egal intentions towards investing in your country of residence. I am fully = convinced that you will really be of help as a new friend and business part= ner. I hope my message to you will be given proper attention despite the fa= ct we have not seen or even met each other before. knowing fully well it ta= kes a minute, an hour or even a day to know somebody and also establish an = everlasting relationship with truth and honesty between you and I. I am planning to go into investment in your country of origin/country of Lo= cation to assist me establish, conduct and manage the investment project, s= ince I will not be present in day-to-day running of the business, due to my= active function here. I will appreciate it if you can converge a good rela= tionship for trust to have an everlasting business relationship without che= ating, lying or sabotaging the business project. My lawyer will prepare a g= ood memorandum of Understanding to facilitate the success of this project i= n-line with the law of your country of origin. I can assure you the success= of the business transaction if you can keep it top secret. Humbly indicate= your full name, Contact address and contact number while replying to my pr= oposal. Your positive response will be highly appreciated. Thank you for your understanding. Kind Regards, Tarkan Yurdaay. Direct Tel.+90 532 291 33 25 ismailtarkan533@gmail.com From zoe.bonnardot@etudiant.unimes.fr Sat Apr 17 07:39:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 13HEd2hX025416 for ; Sat, 17 Apr 2021 07:39:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: *** X-Spam-Status: No, score=3.4 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_80, DKIM_INVALID,DKIM_SIGNED,HK_SCAM,HTML_MESSAGE,MISSING_HEADERS, RCVD_IN_DNSWL_MED,RELAY_COUNTRY_FR,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Relay-Country: FR ** ** ** ** FR FR Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 17 Apr 2021 07:39:02 -0700 (PDT) Received: from bougna.unimes.fr (bougna.unimes.fr [194.57.208.170]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13HEaCHG043853 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 17 Apr 2021 08:36:16 -0600 Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id 9A472FFCDC; Sat, 17 Apr 2021 16:28:49 +0200 (CEST) Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id TePIMjsPxbfg; Sat, 17 Apr 2021 16:28:48 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id 6C7D6FFCCD; Sat, 17 Apr 2021 16:28:48 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 bougna.unimes.fr 6C7D6FFCCD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=etudiant.unimes.fr; s=B34AFFFE-8D87-11E7-B893-1F2E8C2F77C3; t=1618669728; bh=uCqkPJGal/8HwZabHp6TmrzFrs9gzJVuPeRWB8EKTXI=; h=Date:From:Message-ID:MIME-Version; b=5+xEY+RYI/BilHjIU9jX2yTbrQbx2IiuEHabGrfpLbdrOA21/SKC+U0V4Bk6NS9O3 KaPVixPtpA98+UkbdLL9tGWxR3CBBP/d7AQ5KuqtFfJ29rqbFa8kBCpCtlqqx+92KW AvWIvp3IbaRSdW9dC8Xzgp+vZdYnWkg55PHGFiO4= X-Virus-Scanned: amavisd-new at unimes.fr Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 78YIv-EFpXm7; Sat, 17 Apr 2021 16:28:48 +0200 (CEST) Received: from numberone.unimes.fr (numberone.unimes.fr [194.57.208.87]) by bougna.unimes.fr (Postfix) with ESMTP id 499E9FFC9D; Sat, 17 Apr 2021 16:28:32 +0200 (CEST) Date: Sat, 17 Apr 2021 16:28:32 +0200 (CEST) From: Zoe Bonnardot Message-ID: <1704346638.5964168.1618669712255.JavaMail.zimbra@etudiant.unimes.fr> Subject: Partnership Inquiry MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_4aba6f2c-f079-401d-8268-910a1b5479b9" X-Originating-IP: [194.57.208.170] X-Mailer: Zimbra 8.8.15_GA_3996 (ZimbraWebClient - GC89 (Win)/8.8.15_GA_3996) Thread-Index: vMdmM7N3DcCLla+bwnMrccrmvfCCFw== Thread-Topic: Partnership Inquiry X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 08:36:17 -0600 (CST) for IP:'194.57.208.170' DOMAIN:'bougna.unimes.fr' HELO:'bougna.unimes.fr' FROM:'zoe.bonnardot@etudiant.unimes.fr' RCPT:'' X-Greylist: Delayed for 00:07:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 08:36:17 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 182 Content-Length: 1409 --=_4aba6f2c-f079-401d-8268-910a1b5479b9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello! Good day, I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email: [ mailto:dr_raymondfung@yahoo.com | dr_raymondfung@yahoo.com ] Dr. Raymond Fung Vice Chairman Executive Offices - Hang Seng Bank. --=_4aba6f2c-f079-401d-8268-910a1b5479b9 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit


Hello! Good day,

I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email:
dr_raymondfung@yahoo.com


Dr. Raymond Fung
Vice Chairman
Executive Offices - Hang Seng Bank.
--=_4aba6f2c-f079-401d-8268-910a1b5479b9-- From zoe.bonnardot@etudiant.unimes.fr Sat Apr 17 07:45:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 13HEj10N025614 for ; Sat, 17 Apr 2021 07:45:01 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******* X-Spam-Status: Yes, score=7.1 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_80, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,HK_SCAM,HTML_MESSAGE, MISSING_HEADERS,RCVD_IN_DNSWL_MED,RELAY_COUNTRY_FR, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, * medium trust * [194.57.208.170 listed in list.dnswl.org] * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8554] * 0.5 RELAY_COUNTRY_FR Relayed via France * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 HK_SCAM No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: FR ** ** ** ** FR FR Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 17 Apr 2021 07:45:01 -0700 (PDT) Received: from bougna.unimes.fr (bougna.unimes.fr [194.57.208.170]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13HEiSBt044431 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 17 Apr 2021 08:44:32 -0600 Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id BB22010013B; Sat, 17 Apr 2021 16:44:25 +0200 (CEST) Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 4-ANDY_azist; Sat, 17 Apr 2021 16:44:24 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id 357C010012D; Sat, 17 Apr 2021 16:44:24 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 bougna.unimes.fr 357C010012D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=etudiant.unimes.fr; s=B34AFFFE-8D87-11E7-B893-1F2E8C2F77C3; t=1618670664; bh=TYQEDHF7b1qhxy1OheYTRQOMN9tcpt4mnOlTvxVuhes=; h=Date:From:Message-ID:MIME-Version; b=4k/tyz4qvOu5TA3bQrdpq3pt9J9D+GoFFlVP6Og6wYN+DDjTcYCD+cY9JoAaP68V7 g3QYX1CFhQ6MN6cDllBMjz0dXHYGJNHeB59igKzVLhHfrJm2mjlr65KnGGYLS3Y8i4 2YQ1YJ244k+wZ57xxJaCTGEEhPUM+NFpHsgoPyIo= X-Virus-Scanned: amavisd-new at unimes.fr Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Kfa4aViwn7Gl; Sat, 17 Apr 2021 16:44:23 +0200 (CEST) Received: from numberone.unimes.fr (numberone.unimes.fr [194.57.208.87]) by bougna.unimes.fr (Postfix) with ESMTP id 04422FFBAD; Sat, 17 Apr 2021 16:43:43 +0200 (CEST) Date: Sat, 17 Apr 2021 16:43:43 +0200 (CEST) From: "Dr. Raymond Chien Kuo Fung" Reply-To: "Dr. Raymond Chien Kuo Fung" Message-ID: <715890471.5967597.1618670623954.JavaMail.zimbra@etudiant.unimes.fr> Subject: [SPAM] Partnership Inquiry MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_07d9ec00-d93a-4bae-9079-f14fe18f3905" X-Originating-IP: [194.57.208.170] X-Mailer: Zimbra 8.8.15_GA_3996 (ZimbraWebClient - GC89 (Win)/8.8.15_GA_3996) Thread-Index: cs4asqAfXqO+lO+q0OpkuyVWAuZ/7w== Thread-Topic: Partnership Inquiry X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 08:44:32 -0600 (CST) for IP:'194.57.208.170' DOMAIN:'bougna.unimes.fr' HELO:'bougna.unimes.fr' FROM:'zoe.bonnardot@etudiant.unimes.fr' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 08:44:32 -0600 (CST) X-Spam-Prev-Subject: Partnership Inquiry Status: R X-Status: X-Keywords: X-UID: 183 Content-Length: 1409 --=_07d9ec00-d93a-4bae-9079-f14fe18f3905 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello! Good day, I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email: [ mailto:dr_raymondfung@yahoo.com | dr_raymondfung@yahoo.com ] Dr. Raymond Fung Vice Chairman Executive Offices - Hang Seng Bank. --=_07d9ec00-d93a-4bae-9079-f14fe18f3905 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit


Hello! Good day,

I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email:
dr_raymondfung@yahoo.com


Dr. Raymond Fung
Vice Chairman
Executive Offices - Hang Seng Bank.
--=_07d9ec00-d93a-4bae-9079-f14fe18f3905-- From jhardin@impsec.org Sat Apr 17 17:02:09 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 71975 invoked by uid 99); 17 Apr 2021 15:02:40 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Apr 2021 15:02:40 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 57090C0485 for ; Sat, 17 Apr 2021 15:02:39 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 5.7 X-Spam-Level: ***** X-Spam-Status: No, score=5.7 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_4_NEW=2.146, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HK_SCAM=0.001, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=etudiant.unimes.fr Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id hqIPdElGc6vk for ; Sat, 17 Apr 2021 15:02:38 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=194.57.208.170; helo=bougna.unimes.fr; envelope-from=zoe.bonnardot@etudiant.unimes.fr; receiver= Received: from bougna.unimes.fr (bougna.unimes.fr [194.57.208.170]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 6FDA87FD04 for ; Sat, 17 Apr 2021 15:02:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id 406011003A0; Sat, 17 Apr 2021 17:02:30 +0200 (CEST) Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id SgyFPRRFStyg; Sat, 17 Apr 2021 17:02:30 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bougna.unimes.fr (Postfix) with ESMTP id 2BFF81003AF; Sat, 17 Apr 2021 17:02:29 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 bougna.unimes.fr 2BFF81003AF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=etudiant.unimes.fr; s=B34AFFFE-8D87-11E7-B893-1F2E8C2F77C3; t=1618671749; bh=kjRAY17w9O4z9Sb7vGWlixWszIiDVCr9huNmnhrQHXs=; h=Date:From:Message-ID:MIME-Version; b=pxl6Ifqa1CtlfBWf7uo4LXj6T1pE0a0gtckber/QWVwBhIu5xwrL9HmdQd7jx1bZ6 72w2Lt+xZRh1ld9EvPZnMrKdPbbtmAAjhwjU9fTNydGijQcY2wl5lAu/LRcyJVN2jq YBRJYhCG6uPlh/wYj2nXjynK+zXes5BmBXQdHN8w= X-Virus-Scanned: amavisd-new at unimes.fr Received: from bougna.unimes.fr ([127.0.0.1]) by localhost (bougna.unimes.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LMPA9mNn14lj; Sat, 17 Apr 2021 17:02:28 +0200 (CEST) Received: from numberone.unimes.fr (numberone.unimes.fr [194.57.208.87]) by bougna.unimes.fr (Postfix) with ESMTP id CDE46100221; Sat, 17 Apr 2021 17:02:09 +0200 (CEST) Date: Sat, 17 Apr 2021 17:02:09 +0200 (CEST) From: "Dr. Raymond Chien Kuo Fung" Reply-To: "Dr. Raymond Chien Kuo Fung" Message-ID: <1246934410.5971718.1618671729779.JavaMail.zimbra@etudiant.unimes.fr> Subject: Partnership Inquiry MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_12b16e37-04e9-4ff2-994e-ce2b1b2d1986" X-Originating-IP: [194.57.208.170] X-Mailer: Zimbra 8.8.15_GA_3996 (ZimbraWebClient - GC89 (Win)/8.8.15_GA_3996) Thread-Index: 5bYzFN7TptQL/riTWJZ0kzj5KiGQTg== Thread-Topic: Partnership Inquiry Status: X-Status: X-Keywords: X-UID: 184 Content-Length: 1410 --=_12b16e37-04e9-4ff2-994e-ce2b1b2d1986 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello! Good day, I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email: [ mailto:dr_raymondfung@yahoo.com | dr_raymondfung@yahoo.com ] Dr. Raymond Fung Vice Chairman Executive Offices - Hang Seng Bank. --=_12b16e37-04e9-4ff2-994e-ce2b1b2d1986 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit


Hello! Good day,

I am the Vice Chairman of Hang Seng Bank, I have Important Matter to Discuss with you concerning my late client who Died without a NEXT OF KIN. Please do reply for full details, or send me a direct message to my personal email:
dr_raymondfung@yahoo.com


Dr. Raymond Fung
Vice Chairman
Executive Offices - Hang Seng Bank.
--=_12b16e37-04e9-4ff2-994e-ce2b1b2d1986-- From secureserver@nbdeil.com Sat Apr 17 02:35:54 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.4 required=5.0 tests=ADVANCE_FEE_3_NEW,BAYES_99, BAYES_999,FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HTML_MESSAGE, KHOP_HELO_FCRDNS,MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,SPAM_BOOSTER_04, SPAM_BOOSTER_05,SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.29.11.33 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [185.29.11.33 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.9 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.3 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: NL Received: from nbdeil.com (ip-11-33.dataclub.eu [185.29.11.33] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13H8ZlmK039505 for ; Sat, 17 Apr 2021 02:35:54 -0600 Reply-To: abel@nbdeil.com From: Abel To: jhardin@impsec.org Subject: [SPAM] Dear beloved Date: 17 Apr 2021 10:35:39 +0200 Message-ID: <20210417103539.8A300326B8B1C325@nbdeil.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 02:35:54 -0600 (CST) for IP:'185.29.11.33' DOMAIN:'[185.29.11.33]' HELO:'nbdeil.com' FROM:'secureserver@nbdeil.com' RCPT:'' X-Greylist: Delayed for 82:17:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 02:35:54 -0600 (CST) X-Spam-Prev-Subject: Dear beloved Status: R X-Status: X-Keywords: X-UID: 185

Dear friendjhardin@impsec.org,

Greetings,

I am Abel Richard My colleagues and I are seeking your assistance to hel= p us receive/invest our funds in your country in any lucrative business.

Please if this proposal is acceptable by you, kindly respond back to me = for more details.


Thanks and waiting to hear from you


Best Regards

Abel

Email: abel@nbdeil.com

= From mpueejunizxxj@hotmail.com Sat Apr 17 10:21:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 13HHL1KO032479 for ; Sat, 17 Apr 2021 10:21:01 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****** X-Spam-Status: Yes, score=6.4 required=5.0 tests=BAYES_99,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLY, HTML_MESSAGE,MALFORMED_FREEMAIL,MISSING_HEADERS,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9981] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [40.92.75.68 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [40.92.75.68 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mpueejunizxxj[at]hotmail.com] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.0 MALFORMED_FREEMAIL Bad headers on message from free email * service * 1.0 FREEMAIL_REPLY From and body contain different freemails X-Spam-Relay-Country: AT GB GB ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 17 Apr 2021 10:21:01 -0700 (PDT) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-oln040092075068.outbound.protection.outlook.com [40.92.75.68]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13HHJ5IB011371 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 17 Apr 2021 11:19:09 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DsyJWNiZi3i3QDONBAU4OV+OzEn1eCjsHkiwgjqVUCWwiP3ZXf5ulo0JjnKU8TtMT2bZMNedEzwY7qQZIXZMhowWju0uWeRWbjVCW6I2viBUPa0embgM2zTnPU033UWL19kutCQNa7lDMVsu0aud5vws4Ueb2UEM3yRxp8hzs8z3nCksHTwdG4OMnOaPpdLsxZ5yaC1iQzw2p5UG1Vco8sro0fvyHeMwjH1xzh5isyCFwRyTYOAiBFK8MBiz4QJab4wn6b/z4mJlVP03mm/SzlYsLLIvgU19SxN9nQcHokBHGMqYKiEXqVVLReaL3KtfEEZ8uSPsaLDxiY3B74PwSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HDSX8h/bA44Lz1vsWHRe6E7CYY2tg7L+XYyfrhhcRfA=; b=Dgefb2uFiFORd5Z7je8SoFUX1I2v0eZM2xMFBzPJqXQPNtVdp9wEdQSvjpIZhzH63vNE8IS+XskKqE0h6Ox2D7wkyRUHytogQ70c4SIR2ST0TDIoL5uf3COFAifx8199Waoe55X2CSS1cdWqye9LMm5+gFSs6Yo8iSrYoD046Z7LMYvSpfPjvvloQGsvSuzhL6vlfh8/1aWK3ZILfHegguR0uYyspvYqwy1N/jKEMY7k2kIaWOC4JqB48Mb1E3AKasXzFVXqDsYq7oQpq7H7ARQZcujjmh76txPfc/dE11VBJ26hovjHxjjikeftt9rKxfzw8/ZZVRJxUOQLwf6WRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HDSX8h/bA44Lz1vsWHRe6E7CYY2tg7L+XYyfrhhcRfA=; b=r28TYialI5riE//OvjyXUTfkddLVahKRMq8xyRbsQpN9ivbeDq4k6w3bRnYTVY8Uip3A4S6FFwuvVkFc7QMyq+0+B2Y7s324WwGgFaANdUZOy+yaTF92+WvGjx0eY+wzIe2cmUt0pj2YiPTxkr+gST4hHe8fF8by1cOZ1VzL5Fm8+wjW6cvhDMmAb+R0qjdhfmckrgPEH4OvqV9uBc4GM/UT3nx80i3OPVRUC+ojVJjoRaq7C6XFP6PU1Ek/ygMJOuwF1NTbohJEI8Hk2HgJEZrQ6YTeGBNozmOqlsn3OyuoWz4kl4U1kL054kHPaPKrXqB8XOswDtyIgwMB7qXCYw== Received: from VI1EUR04FT015.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0e::53) by VI1EUR04HT108.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0e::82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Sat, 17 Apr 2021 17:18:50 +0000 Received: from AM7PR02MB5814.eurprd02.prod.outlook.com (2a01:111:e400:7e0e::4a) by VI1EUR04FT015.mail.protection.outlook.com (2a01:111:e400:7e0e::148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Sat, 17 Apr 2021 17:18:49 +0000 Received: from AM7PR02MB5814.eurprd02.prod.outlook.com ([fe80::8c69:4a23:1479:6443]) by AM7PR02MB5814.eurprd02.prod.outlook.com ([fe80::8c69:4a23:1479:6443%7]) with mapi id 15.20.4042.023; Sat, 17 Apr 2021 17:18:49 +0000 From: Junior Mpumelelo Subject: [SPAM] Did you receive my last e-mail? Thread-Topic: Did you receive my last e-mail? Thread-Index: AQHXM627B/nu85UplEGUf5AEaP97Fg== Date: Sat, 17 Apr 2021 17:18:49 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:FB2168F01CACAF6121751F51CF18FFEF27781AFA1C800A22B511910B7B3441BF;UpperCasedChecksum:F73EAF8D3BA2CF4386216CC46F4E0C2AD9DA111011577342819584D6A7361EE2;SizeAsReceived:31891;Count:40 x-tmn: [TBmMY+zDuR99+lofFsFjTGZ1DBiIW2CgvvogWEOHRPI=] x-ms-publictraffictype: Email x-incomingheadercount: 40 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: d701860c-1f24-4e04-7324-08d901c4ddb8 x-ms-traffictypediagnostic: VI1EUR04HT108: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: fADk5JaU/Ef4CwKJVlW7sFIoy2MV9i6i1OLdcMRnCNcaHhXCWGlis3m+1D9s4TCrOJd5PfsGiRfZOtLJFvYIimD+CbHcDVwUyabAkmqfbZsfoxnekcJ2Z9BlaeelZHywehYiUzr2UTAwNnOeKJku+5GDgnYbP9WfZC2ZZzcYFzuyeOIa9vuw6mV6XfpyPlPGY2OW/69MmJq4wzQVBFTPuxO+JFJ3chP95Ue392AhHrOG4B9PG1vnHhKZPJcoI6SKj/wxFin6LTfabfuPRKodspryGBjtgutuqbfXzV22ShcDFFDlWgduoJjdFVkL1KDmNoDEBtGxlJFnwmCCVerZYtnoacfiz7s5QF9dcVJKwV8ZMaST+76L8ydjIPy1pvLURcu8MCpgBgkhe+4FM2vJUQ== x-ms-exchange-antispam-messagedata: WHike6T+WCyRRop5qKmhHFFsxe8FOeGETCjnB5xOTwiFNDDfuo0f5hkbr2FyspCxwZ0WEQqCeRaFR+mPfhwmLRCUT5nXp8j5WjSluNfIbeGzZdds5DG5h7PaGL0hiSduELJjQ69cufqpOHFVKtITEw== x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_AM7PR02MB5814860D9EC7086C7F91B69DAF4B9AM7PR02MB5814eurp_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-AuthSource: VI1EUR04FT015.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: d701860c-1f24-4e04-7324-08d901c4ddb8 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2021 17:18:49.2167 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1EUR04HT108 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 11:19:10 -0600 (CST) for IP:'40.92.75.68' DOMAIN:'mail-oln040092075068.outbound.protection.outlook.com' HELO:'EUR04-VI1-obe.outbound.protection.outlook.com' FROM:'mpueejunizxxj@hotmail.com' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 11:19:10 -0600 (CST) X-Spam-Prev-Subject: Did you receive my last e-mail? Status: R X-Status: X-Keywords: X-UID: 186 Content-Length: 2142 --_000_AM7PR02MB5814860D9EC7086C7F91B69DAF4B9AM7PR02MB5814eurp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hello We have gone through your country=92s investment profile and history and we= are interested to invest with you, we will be willing to collaborate with = you and invest a substantial amount of money in your business or we can par= tner with you to set up a new one on shared equability. I am contacting you on behalf of one of our angel investors and a politicia= n, who have mandated me specifically to search for a reliable foreigner, wh= o can manage her portfolio. You can contact me at jjumelelo@gmail.com or juniormpumelelo@aol.com if you= are interested and I can provide further details. Best Regards Mr. Junior Mpumelelo --_000_AM7PR02MB5814860D9EC7086C7F91B69DAF4B9AM7PR02MB5814eurp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Hello

We have gone through your country=92s investment profile and history a= nd we are interested to invest with you, we will be willing to collaborate = with you and invest a substantial amount of money in your business or we ca= n partner with you to set up a new one on shared equability.

I am contacting you on behalf of one of our angel investors and a poli= tician, who have mandated me specifically to search for a reliable foreigne= r, who can manage her portfolio.

You can contact me at jjumelelo@gmail.com or juniormpumelelo@aol.com i= f you are interested and I can provide further details.

Best Regards
Mr. Junior Mpumelelo
--_000_AM7PR02MB5814860D9EC7086C7F91B69DAF4B9AM7PR02MB5814eurp_-- From secureserver@nbdeil.com Sat Apr 17 22:51:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.5 required=5.0 tests=ADVANCE_FEE_3_NEW,BAYES_99, FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HTML_MESSAGE,KHOP_HELO_FCRDNS, MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9986] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.29.11.33 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [185.29.11.33 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.3 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: NL Received: from nbdeil.com (ip-11-33.dataclub.eu [185.29.11.33] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13I4pU9s024300 for ; Sat, 17 Apr 2021 22:51:37 -0600 Reply-To: abel@nbdeil.com From: Abel To: apeacock@pavoninestudios.com Subject: [SPAM] Dear beloved Date: 18 Apr 2021 06:51:27 +0200 Message-ID: <20210418065127.E372D7B230CF374F@nbdeil.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 22:51:37 -0600 (CST) for IP:'185.29.11.33' DOMAIN:'[185.29.11.33]' HELO:'nbdeil.com' FROM:'secureserver@nbdeil.com' RCPT:'' X-Greylist: Delayed for 81:42:41 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 17 Apr 2021 22:51:37 -0600 (CST) X-Spam-Prev-Subject: Dear beloved Status: R X-Status: X-Keywords: X-UID: 187

Dear friendapeacock@pavoninestudios.com,

Greetings,

I am Abel Richard My colleagues and I are seeking your assistance to hel= p us receive/invest our funds in your country in any lucrative business.

Please if this proposal is acceptable by you, kindly respond back to me = for more details.


Thanks and waiting to hear from you


Best Regards

Abel

Email: abel@nbdeil.com

= From jhardin@impsec.org Mon Apr 19 04:58:30 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 17437 invoked by uid 99); 19 Apr 2021 11:58:50 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Apr 2021 11:58:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 0E54E1FF44F for ; Mon, 19 Apr 2021 11:58:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 2.21 X-Spam-Level: ** X-Spam-Status: No, score=2.21 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MONEY_FREEMAIL_REPTO=1.759, MONEY_FROM_MISSP=0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 2zuMkIfceqAy for ; Mon, 19 Apr 2021 11:58:47 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=195.98.241.138; helo=smtpout.ac-paris.fr; envelope-from=estelle.montrau@ac-paris.fr; receiver= Received: from smtpout.ac-paris.fr (smtpout.ac-paris.fr [195.98.241.138]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTP id CF6E87FD04 for ; Mon, 19 Apr 2021 11:58:47 +0000 (UTC) Received: from gwantivirint.in.ac-paris.fr (unknown [192.168.51.85]) by smtpout.ac-paris.fr (Postfix) with ESMTP id 7762EE9561; Mon, 19 Apr 2021 11:58:37 +0000 (UTC) Received: from gwantivirint.in.ac-paris.fr (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4C727A4059; Mon, 19 Apr 2021 13:58:37 +0200 (CEST) Received: from gwantivirint.in.ac-paris.fr (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 43AE0A4061; Mon, 19 Apr 2021 13:58:37 +0200 (CEST) Received: from mailout.ac-paris.fr (unknown [172.30.8.110]) by gwantivirint.in.ac-paris.fr (Postfix) with ESMTP; Mon, 19 Apr 2021 13:58:37 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mailout.ac-paris.fr (Postfix) with ESMTP id 2E755100F64; Mon, 19 Apr 2021 13:58:37 +0200 (CEST) Received: from mailout.ac-paris.fr ([127.0.0.1]) by localhost (mailout.ac-paris.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bIrmYycbieog; Mon, 19 Apr 2021 13:58:36 +0200 (CEST) Received: from smtpbyod.ac-paris.fr (smtpbyod.in.ac-paris.fr [192.168.51.144]) by mailout.ac-paris.fr (Postfix) with ESMTP id 80841100F4C; Mon, 19 Apr 2021 13:58:32 +0200 (CEST) Received: from [91.224.92.170] (unknown [91.224.92.170]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: emontrau) by smtpbyod.ac-paris.fr (Postfix) with ESMTPSA id 1E79A1E05DC; Mon, 19 Apr 2021 13:58:31 +0200 (CEST) X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="===============1464531532==" MIME-Version: 1.0 Subject: 04-13-2021 To: Recipients From: "Tayeb Souami" Date: Mon, 19 Apr 2021 04:58:30 -0700 Reply-To: warrenebuffett2@gmail.com Message-Id: <20210419115837.43AE0A4061@gwantivirint.in.ac-paris.fr> X-TM-AS-GCONF: 00 X-TM-AS-Product-Ver: IMSVA-9.1.0.2034-8.6.0.1017-26100.007 X-TMASE-Version: IMSVA-9.1.0.2034-8.6.1017-26100.007 X-TMASE-Result: 11-69.733400-10.000000 X-TMASE-MatchedRID: Nb7w6L+eG6IPO8bWwRd3ucDv2PLTZdF005gx+zrdgZY4LqaipkCEo+/d 2J5gUBFl8anE7fnfJlicFTsRHyUWwqtbN2v18zXzhelgLhTfKAvTLb6dr2fW9OcNo08DVYlPpW+ R407Sci0lUdL7VdB8ueGEuhchvL8oFZVWQa5bomsiPTMUjkOgkoWQKSQHRQw2x4BjyE/ZrFaxFl Cb6T1EnefOVcxjDhcwANV6NEUIgZnQDUeDfuqXw8Ub74GNAVZoJuRewVe9GAXM04YCDqqRytGQw zLalnIYavP8b9lJtWpFGCd0S0NCsvx1t2MOAuXoYEAPsPPH8oit0+rMSqQOAGT8kvp1BwDhaAZk 0sEcY14= X-TMASE-SNAP-Result: Not scanned Status: X-Status: X-Keywords: X-UID: 188 Content-Length: 1223 You will not see this in a MIME-aware mail reader. --===============1464531532== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Hallo, ich bin Tayeb Souami, Sie haben eine Spende von 4,500,000.00EUR.Ich = gewann am 31. Mai 2018 die 315,3 Millionen Powerball-Lotterie und spendete = einen Teil davon an f=FCnf gl=FCckliche Menschen und zeh Wohlt=E4tigkeitsor= ganisationen.Deine E-Mail kam als Sieger hervor. Kontaktieren Sie mich drin= gend f=FCr Anspr=FCche. --===============1464531532== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Hallo, ich bin Tayeb Souami, Sie haben eine Spende v= on 4,500,000.00EUR.Ich gewann am 31. Mai 2018 die 315,3 Millionen Powerball= -Lotterie und spendete einen Teil davon an f=FCnf gl=FCckliche Menschen und= zeh Wohlt=E4tigkeitsorganisationen.Deine E-Mail kam als Sieger hervor. Kontaktieren Sie mich dringend f=FCr Anspr=FCche. --===============1464531532==-- From mariagwen849@gmail.com Tue Apr 20 03:41:31 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_80,DKIM_ADSP_CUSTOM_MED, FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HK_LOTTO,LOTS_OF_MONEY,MALFORMED_FREEMAIL,MILLION_USD,MISSING_HEADERS, MONEY_ATM_CARD,MONEY_FORM_SHORT,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RCVD_IN_PSBL,RDNS_NONE,RELAY_COUNTRY_CN, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9385] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [221.123.163.87 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariagwen849[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariagwen849[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 MILLION_USD BODY: Talks about millions of dollars * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 HK_LOTTO No description available. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.4 MALFORMED_FREEMAIL Bad headers on message from free email * service * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.4 MONEY_NOHTML Lots of money in plain text * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 1.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.5 SPOOFED_FREEMAIL No description available. * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.4 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: CN ** Received: from bdjsh.com ([221.123.163.87]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13K9fMTj037185 for ; Tue, 20 Apr 2021 03:41:31 -0600 Received: from User (unknown [192.168.0.1]) by localhost.localdomain (Coremail) with SMTP id AQAAfwDnsngAfX5gPGoKAA--.26311S3; Tue, 20 Apr 2021 15:05:12 +0800 (CST) Reply-To: From: "Asia Pacific Endowment Foundation" Subject: [SPAM] UN Covid-19 Winning Notification ger Date: Tue, 20 Apr 2021 00:04:49 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-CM-TRANSID:AQAAfwDnsngAfX5gPGoKAA--.26311S3 Message-Id:<607E7D29.621E47.23373@bdjsh.com> Authentication-Results: localhost.localdomain; spf=neutral smtp.mail=m ariagwen849@gmail.com; X-Coremail-Antispam: 1UD129KBjvJXoW7Ar15JrW3ury8trWkZF43KFg_yoW8WryDpF WktrWxKasrX3y5ta1vqws5WF1kJrZ5Ga13Gr9xGr1jqFn8Zr92gws8Kr4SvFyv934IyF4F vr1jyaySgF1kZaDanT9S1TB71UUUOMDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnUUvcSsGvfC2KfnxnUUI43ZEXa7xR_UUUUUUUUU== X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 03:41:31 -0600 (CST) for IP:'221.123.163.87' DOMAIN:'[221.123.163.87]' HELO:'bdjsh.com' FROM:'mariagwen849@gmail.com' RCPT:'' X-Greylist: Delayed for 02:33:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 03:41:31 -0600 (CST) X-Spam-Prev-Subject: UN Covid-19 Winning Notification ger Status: R X-Status: X-Keywords: X-UID: 189 Content-Length: 1622 Asia Pacific Endowment Foundation UN Covid-19 Winning Notification Attention: Winner, We are glad to inform you that you're one of the Twenty lucky winners in this United Nations 2020 edition of the COVID-19 Asia Pacific Endowment Foundation; individual empowerment lottery promo in conjunction with Visa-Card Inc; owners of Visa ATM Card world wide. Details on the Beneficiary Selection Process: No tickets were sold, Your email address is one of the lucky emails, Selected randomly via E-wheel Computer Ballot System drawn from over 1Million companies and individual email addresses, from all over the world during the VISA ATM Card / EMAIL; Online selection draws. In the mean time we have been mandated to issue out this payment via our Swift ATM Card office in Thailand, with the latest technology powered by the Inter-Switch and the Visa Card Inc. This VISA ATM Card will be uploaded with your Winning Prize-Money of One Million United State Dollars deliver to your destination by a courier service firm. And a tracking number will be issues to you to enable you track your parcel until it gets to you. This card can be used in any ATM machine in any part of the global world, so if you like to receive your Award-Winning Prize in this way, do contact the Lottery Online Coordinator. CONTACT PERSON: MRS. KAITH NOGH BOON EMAIL: relpandemic@gmail.com With the following information: 1. YOUR FULL NAME 2. PHONE AND FAX NUMBER, 3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD TO (P.O BOX NOT ACCEPTABLE) 4. YOUR AGE/SEX 5 CURRENT OCCUPATION Congratulations! Best Wishes, Mr. Chanpon Chue From webmaste@tutorfreelance.co Tue Apr 20 06:32:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.7 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,FORM_FRAUD_3,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FORM_SHORT,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_SBL, RELAY_COUNTRY_NG,SPAM_BOOSTER_04,SPF_NONE,SUBJ_ALL_CAPS,TVD_RCVD_IP, T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [197.242.110.167 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [103.86.49.138 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.4 MONEY_NOHTML Lots of money in plain text * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 2.3 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: TH NG Received: from 103-86-50-65.static.bangmod-idc.com (103-86-49-138.static.bangmod-idc.com [103.86.49.138] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13KCWqt4026204 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 20 Apr 2021 06:32:58 -0600 Message-Id: <202104201232.13KCWqt4026204@ga.impsec.org> Received: from [192.168.8.101] (unknown [197.242.110.167]) by 103-86-50-65.static.bangmod-idc.com (Postfix) with ESMTPSA id 4C2EDB26D1F; Tue, 20 Apr 2021 14:45:25 +0700 (+07) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] RESPOND NOW To: Recipients From: "Mr Femi Brown" Date: Tue, 20 Apr 2021 08:45:18 +0100 Reply-To: fatih@leventsimsek.com.tr X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 06:32:59 -0600 (CST) for IP:'103.86.49.138' DOMAIN:'[103.86.49.138]' HELO:'103-86-50-65.static.bangmod-idc.com' FROM:'webmaste@tutorfreelance.co' RCPT:'' X-Greylist: Delayed for 03:26:40 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 06:32:59 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 13KCWqt4026204 X-Spam-Prev-Subject: RESPOND NOW Status: R X-Status: X-Keywords: X-UID: 190 This mail is been writing to you because we have come to understand that you have lost a lot of money all because you want to receive your fund well note that all that have been put to a stop as the federal government of Nigeria has promised to assist you with the sum of $5million in other to compensate you and all you have to do is fill the below information s. 1 full name 2 home phone and cell phone number 3 occupation 4 amount that was lost by you Send this and get back at once. Warm regards Femi From dem@nationwideappearanceattorneys.net Tue Apr 20 10:09:30 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.4 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_SBL,RELAY_COUNTRY_NG, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP, T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.0 NSL_RCVD_FROM_USER Received from User * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [197.242.110.167 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [173.213.227.172 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US NG Received: from cp4717.databank.host (cp4717.databank.host [173.213.227.172]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13KG9QId043586 for ; Tue, 20 Apr 2021 10:09:30 -0600 Message-Id: <202104201609.13KG9QId043586@ga.impsec.org> Received: from User (UnknownHost [197.242.110.167]) by cp4717.databank.host with SMTP; Mon, 19 Apr 2021 19:24:37 -0400 Reply-To: From: "Mr Femi Brown" Subject: [SPAM] RESPOND NOW Date: Tue, 20 Apr 2021 00:24:38 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 10:09:30 -0600 (CST) for IP:'173.213.227.172' DOMAIN:'cp4717.databank.host' HELO:'cp4717.databank.host' FROM:'dem@nationwideappearanceattorneys.net' RCPT:'' X-Greylist: Delayed for 10:38:14 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 20 Apr 2021 10:09:30 -0600 (CST) X-Spam-Prev-Subject: RESPOND NOW Status: R X-Status: X-Keywords: X-UID: 191 Content-Length: 1057
This mail is been writing to you because we have come to understand that
you have lost a lot of money all because you want to receive your fund
well note that all that have been put to a stop as the federal government of
Nigeria has promised to assist you with the sum of $5million in other to
compensate you and all you have to do is fill the below information s.
1 full name
2 home phone and cell phone number
3 occupation
4 amount that was lost by you
Send this and get back at once.
Warm regards
Femi
 From contato@ogveiculos.com.br Wed Apr 21 20:31:05 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.9 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DKIM_INVALID, DKIM_SIGNED,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RELAY_COUNTRY_BR,RELAY_COUNTRY_NG, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPAM_BOOSTER_13, SPAM_BOOSTER_15,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS, TO_NO_BRKTS_FROM_MSSP,T_FILL_THIS_FORM_FRAUD_PHISH, T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [186.202.164.72 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 2.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: BR NG Received: from cpro17860.publiccloud.com.br (comerciodeveiculos.com.br [186.202.164.72]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13M2V0j5006064 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 21 Apr 2021 20:31:04 -0600 Message-Id: <202104220231.13M2V0j5006064@ga.impsec.org> Received: from User (unknown [154.118.9.87]) by cpro17860.publiccloud.com.br (Postfix) with ESMTPA id DBFB6C75C8; Wed, 21 Apr 2021 15:52:30 -0300 (BRT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ogveiculos.com.br; s=dkim; t=1619031167; bh=rd8jRGmxScVVXFhdAKo4cnTughnJ702p4Be/WCltdDo=; h=Reply-To:From:Subject:Date; b=Vk6kvIIgifo69sDVVjS97qvYfzvV+G0NLoUkDJoTHhFDoKkpvTToSkg+F1YJ/GR+9 No8BxCwA4K1jUuxwF8znQPMrbwZhajZzYxYVTO+VdHXAJfXP4mk/sdG8tBXd4meLaA bl+j705RkbdD9waAoYbj2P82S5DUABPKaKjtoCtU= Reply-To: From: "Mr Femi Brown" Subject: [SPAM] YOUR FUND TRANSFER: Date: Wed, 21 Apr 2021 19:52:23 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 21 Apr 2021 20:31:05 -0600 (CST) for IP:'186.202.164.72' DOMAIN:'comerciodeveiculos.com.br' HELO:'cpro17860.publiccloud.com.br' FROM:'contato@ogveiculos.com.br' RCPT:'' X-Greylist: Delayed for 05:04:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 21 Apr 2021 20:31:05 -0600 (CST) X-Spam-Prev-Subject: YOUR FUND TRANSFER: Status: R X-Status: X-Keywords: X-UID: 192 Content-Length: 1057
This mail is been writing to you because we have come to understand that
you have lost a lot of money all because you want to receive your fund
well note that all that have been put to a stop as the federal government of
Nigeria has promised to assist you with the sum of $5million in other to
compensate you and all you have to do is fill the below information s.
1 full name
2 home phone and cell phone number
3 occupation
4 amount that was lost by you
Send this and get back at once.
Warm regards
Femi
 From abd97412345@mail.com Wed Apr 21 22:26:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************* X-Spam-Status: Yes, score=13.8 required=5.0 tests=BAYES_80,DEAR_SOMETHING, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_LOCAL_HEX,GB_FREEMAIL_DISPTO, HTML_MESSAGE,KHOP_HELO_FCRDNS,MAY_BE_FORGED,MIME_HTML_ONLY, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_DYNAMIC,SPF_FAIL, SPF_HELO_NEUTRAL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8310] * 0.0 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [abd97412345[at]mail.com] * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [abd97412345[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=abd97412345%40mail.com;ip=192.210.198.5;r=ga.impsec.org] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [abd97412345[at]mail.com] * 0.1 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral) * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [192.210.198.5 listed in bl.mailspike.net] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 GB_FREEMAIL_DISPTO Disposition-Notification-To/From or * Disposition-Notification-To/body contain different freemails * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.5 SPOOFED_FREEMAIL No description available. * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to X-Spam-Relay-Country: US GB Received: from direct2com.org (192-210-198-5-host.colocrossing.com [192.210.198.5] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13M4QlYF015813 for ; Wed, 21 Apr 2021 22:26:50 -0600 Received: from mail.com (unknown [195.140.213.142]) (Authenticated sender: hello) by direct2com.org (Postfix) with ESMTPA id A417B426AF for ; Wed, 21 Apr 2021 23:13:20 -0500 (CDT) Reply-To: abd97412345@gmail.com From: Abdirahman Al-Kuwari To: jhardin@impsec.org Subject: [SPAM] Qatar 2022 projects opportunity to sell products Date: 22 Apr 2021 06:13:20 +0200 Message-ID: <20210422061320.0D83414698923140@mail.com> MIME-Version: 1.0 Disposition-Notification-To: abd97412345@mail.com Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 21 Apr 2021 22:26:50 -0600 (CST) for IP:'192.210.198.5' DOMAIN:'[192.210.198.5]' HELO:'direct2com.org' FROM:'abd97412345@mail.com' RCPT:'' X-Greylist: Delayed for 00:09:49 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 21 Apr 2021 22:26:50 -0600 (CST) X-Spam-Prev-Subject: Qatar 2022 projects opportunity to sell products Status: R X-Status: X-Keywords: X-UID: 193 Content-Length: 1637

Dear Sir,

I'm one of the International procurement consultants of the Supreme Comm= ittee For Delivery and Legacy for the Qatar 2022 FIFA world cup.

The government of Qatar has approved a massive procurement of different = varieties of goods for nationwide distribution to Airports facilities, offi= ces, stadiums, Hostels, Hotels, Shops as part of their national and regiona= l sensitization programs towards the hosting of the FIFA world cup. The pro= ducts will be customized with the Qatar 2022 Logo.

The Tender is open to all eligible foreign Manufacturers, Exporters and = Individuals etc. The funding of this project is captured in the 2020/2= 021 budgetary allocation to the tender board.

Kindly  confirm from your company's Board of Directors, if they wil= l be interested to participate for the Tender Process or for the supply of = any product which the Government requested so that we could discuss on our = possible collaboration to ensure a successful bidding.

NOTE: You are to attach the list of your company product catalog and pri= ce(S) with specification and product pictures. For products like
coffee,= tea and beverages etc the packaging details will be provided to you upon r= eply.

We are looking forward to hearing from you soon.

Kind regards

Abdirahman Al-Kuwai
ABD AL Kuwari trading
Doha= , Qatar

From info@masvida.cl Sun Apr 25 21:49:14 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.5 required=5.0 tests=ADVANCE_FEE_3_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_60,DEAR_BENEFICIARY, FORGED_MUA_OUTLOOK,FORM_FRAUD_3,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, KHOP_HELO_FCRDNS,MAY_BE_FORGED,NSL_RCVD_FROM_USER,RCVD_IN_SBL, RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP,SPF_HELO_NONE,STATIC_XPRIO_OLE, T_FILL_THIS_FORM_SHORT,T_SPF_PERMERROR,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6404] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 NSL_RCVD_FROM_USER Received from User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [203.159.80.22 listed in zen.spamhaus.org] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [2002:960a:b78:0:0:0:960a:b78 listed in] [zen.spamhaus.org] * 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.2 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE * 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.8 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: CL JP NL Received: from SRV-NMV-EXCH01.masvida.cl (static.190.215.107.70.gtdinternet.com [190.215.107.70] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13Q3mxd6039964 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL) for ; Sun, 25 Apr 2021 21:49:13 -0600 Received: from SRV-NMV-EXCH01.masvida.cl (2002:960a:b78::960a:b78) by SRV-NMV-EXCH01.masvida.cl (2002:960a:b78::960a:b78) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 25 Apr 2021 22:38:06 -0400 Received: from User (203.159.80.22) by SRV-NMV-EXCH01.masvida.cl (150.10.11.120) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sun, 25 Apr 2021 22:37:24 -0400 Reply-To: From: Hsbc Bank London Subject: [SPAM] Your Approved Payment Notification Date: Sun, 25 Apr 2021 19:37:59 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 25 Apr 2021 21:49:14 -0600 (CST) for IP:'190.215.107.70' DOMAIN:'[190.215.107.70]' HELO:'SRV-NMV-EXCH01.masvida.cl' FROM:'info@masvida.cl' RCPT:'' X-Greylist: Delayed for 01:10:44 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 25 Apr 2021 21:49:14 -0600 (CST) X-Spam-Prev-Subject: Your Approved Payment Notification Status: R X-Status: X-Keywords: X-UID: 194 Content-Length: 2741 THE WORLDS LOCAL BANK International Banking FOREIGN EXCHANGE UNIT RE: MANDATORY RELEASE ORDER OF YOUR OVERDUE FUND Dear Valued Beneficiary: We are pleased to inform you that we have finally concluded arrangement towards your refund/lottery pay out which has been delayed for a Long Period of time because of your Cooperation and Dealings with Wrong Officials and importers of banks as your fund returned back to us on the 4th of Jan 2021 when we confirmed the rate of delays and questionable activities that has been related by the previous administrative banks alongside with others that collaborated in delaying the release of your fund after all charges and payments demanded were paid. Recently, the Ministry of Finance of United Kingdom, Bank of England, HSBC Bank Plc UK and United Kingdom Inland Revenue Services held a meeting on how this fund will be released to the beneficiaries to their designated bank accounts in their country without further delay since we are in the first half of the economic year 2021 and it is now overdue to be released as the said funds belongs to them. We apologize for the delay of the payment and all the inconveniences that this might have caused you during this period of time. However we have instructed all the banks in the globe which we previously asked to help us pay out this fund to the general public to STOP the process of the release of the fund due to their incompetence and negligence of duty towards the release of this fund. After our findings, some were arrested and charged for theft according to Section 1 of the Theft Act 1978, as amended by the Theft (Amendment) Act 1996 law of the United Kingdom. The Bank of England Governor (Mr Andrew Bailey) has given serious warning and Instructions and ordered the Inland Revenue Services Department of England to quickly release all on hold funds which are in their escrow account to the sole beneficiaries which you are among those who will receive their Inheritance funds. Please contact ONLY the Executive member of the Monetary Policy Committee of South African Reserve Bank (Dr Rashad Cassim) on his email: sarb_bnk086@meta.ua to advise you on how to procure the certificate of claim as the law of South Africa demands that without it there will not be any payment whether pending loan amount, lottery fund, inheritance funds or whatsoever fund locally or internationally perhaps you have not yet received it. Provide below details to Dr Rashad Cassim for his clarification: Full Name....... Tel................. Address......... Amount.............. City............ Country............. Copies of documents pertaining to the fund. Best Regards, Mr.James Emmett. Chief Executive Officer, HSBC Bank plc. United Kingdom From tes@vounaw.xyz Mon Apr 26 21:21:32 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************* X-Spam-Status: Yes, score=43.1 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORM_FRAUD_3,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_SPF_FAIL,FROM_MISSP_USER,FROM_SUSPICIOUS_NTLD, FROM_SUSPICIOUS_NTLD_FP,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HK_NAME_MR_MRS,HTML_MESSAGE,KHOP_HELO_FCRDNS,LCL_FROM_RARE_TLD, LOTS_OF_MONEY,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM_SHORT, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_PSBL,RCVD_IN_SBL,RELAY_COUNTRY_NG, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPAM_BOOSTER_02,SPAM_BOOSTER_05, SPF_FAIL,SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [197.242.112.212 listed in zen.spamhaus.org] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [164.68.126.82 listed in psbl.surriel.com] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=tes%40vounaw.xyz;ip=164.68.126.82;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 2.0 SPAM_BOOSTER_02 Boost score for BAYES_999 + new/rare TLD * 2.0 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 3.0 LCL_FROM_RARE_TLD From address in rarely-nonspam TLD * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.4 FROM_SUSPICIOUS_NTLD_FP From abused NTLD * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.2 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.9 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.4 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 1.2 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: US NG Received: from contabo-vps300.heraya.co (vmi411554.contaboserver.net [164.68.126.82]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13R3LNGB042087 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 26 Apr 2021 21:21:32 -0600 Message-Id: <202104270321.13R3LNGB042087@ga.impsec.org> Received: from User (unknown [197.242.112.212]) by contabo-vps300.heraya.co (Postfix) with ESMTPA id 10FE34187B; Sun, 25 Apr 2021 20:05:07 +0200 (CEST) Reply-To: From: "Mr Femi Brown" Subject: [SPAM] Your fund transfer: Date: Sun, 25 Apr 2021 19:05:16 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 26 Apr 2021 21:21:32 -0600 (CST) for IP:'164.68.126.82' DOMAIN:'vmi411554.contaboserver.net' HELO:'contabo-vps300.heraya.co' FROM:'tes@vounaw.xyz' RCPT:'' X-Greylist: Delayed for 21:32:13 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 26 Apr 2021 21:21:32 -0600 (CST) X-Spam-Prev-Subject: Your fund transfer: Status: R X-Status: X-Keywords: X-UID: 195 Content-Length: 1092
This mail is been writing to you because we have come to understand that
you have lost a lot of money all because you want to receive your fund
well note that all that have been put to a stop as the federal government of
Nigeria has promised to assist you with the sum of $5million in other to
compensate you and all you have to do is fill the below information s.
 
1 full name
 
2 home phone and cell phone number
 
3 occupation
 
4 amount that was lost by you
 
Send this and get back at once.
 
Warm regards
 
Femi
 From andrelwotti@gmail.com Wed Apr 28 22:25:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,BOGUS_MSM_HDRS,CTE_8BIT_MISMATCH, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK, FORGED_SPF_HELO,FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSP_DYNIP, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,KHOP_HELO_FCRDNS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, RDNS_DYNAMIC,RELAY_COUNTRY_TW,SPAM_BOOSTER_08,SPF_HELO_PASS, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [203.74.124.34 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [203.74.124.34 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_TW Relayed via Taiwan * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [203.74.124.34 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [andrelwotti[at]gmail.com] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.8 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.0 FORGED_SPF_HELO No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 BOGUS_MSM_HDRS Apparently bogus Microsoft email headers * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 2.3 FROM_MISSP_DYNIP From misspaced + dynamic rDNS * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.3 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.5 SPOOFED_FREEMAIL No description available. * 1.9 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.8 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: TW ** Received: from cjme.com.tw (203-74-124-34.HINET-IP.hinet.net [203.74.124.34]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 13T4Pfsw028005 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 28 Apr 2021 22:25:46 -0600 Message-Id: <202104290425.13T4Pfsw028005@ga.impsec.org> Received: from User (unknown [192.168.10.1]) by cjme.com.tw (Postfix) with SMTP id 0AC826C736; Wed, 28 Apr 2021 21:21:14 +0800 (CST) Authentication-Results: cjme.com.tw; dmarc=fail (p=none dis=none) header.from=gmail.com Reply-To: From: "Andrel Wotti" To: andrelwotti@gmail.com Subject: [SPAM] *****SPAM***** Respectfully Date: Wed, 28 Apr 2021 08:21:52 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-MailScanner-ID: 0AC826C736.A785C X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=5.492, required 5, ALL_TRUSTED -1.00, AXB_XMAILER_MIMEOLE_OL_024C2 0.00, DKIM_ADSP_CUSTOM_MED 0.00, FORGED_MUA_OUTLOOK 2.79, FREEMAIL_FROM 0.00, FREEMAIL_REPLYTO 1.00, FROM_MISSP_MSFT 0.00, FROM_MISSP_USER 0.00, FROM_MISSP_XPRIO 0.00, FSL_CTYPE_WIN1251 0.00, FSL_NEW_HELO_USER 0.63, MISSING_MID 0.14, NML_ADSP_CUSTOM_MED 1.20, NSL_RCVD_FROM_USER 0.02, TO_NO_BRKTS_FROM_MSSP 0.70, T_FROM_MISSP_DKIM 0.01) X-MailScanner-SpamScore: sssss X-MailScanner-From: andrelwotti@gmail.com X-Synology-Spam-Flag: Yes X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Apr 2021 22:25:46 -0600 (CST) for IP:'203.74.124.34' DOMAIN:'203-74-124-34.HINET-IP.hinet.net' HELO:'cjme.com.tw' FROM:'andrelwotti@gmail.com' RCPT:'' X-Greylist: Delayed for 10:36:58 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Apr 2021 22:25:46 -0600 (CST) X-Spam-Prev-Subject: *****SPAM***** Respectfully Status: R X-Status: X-Keywords: X-UID: 196 I am Andrel Wotti, Pleasant greetings to you as i seek your indulgence to introduce to you the desire of my principals wish, to make huge financial investment in your home country on areas of oil and gas, real estate, tourism and hotel, manufacturing and production company, agriculture, fishing, Mining & Trading of natural resourcessuch as crude oil, coal, graphite, coke, refinery, energy, hospital etc. He needs a capable, trustworthy and understanding business partner, who can confidently handle and manage his investment funds with utmost care of secrecy without traces or link to him as he is politically exposed at the moment in his country. Please, I will provide more details about the transaction if you are sure you can handle classified information and also let me know your entitlement for the solicited role I shall be expecting your quick reply. Best Regards Andrel Wotti andrelwotti@citromail.hu andrelwotti@gmail.com From infos43@hotmail.com Mon May 3 12:43:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.3 required=5.0 tests=BAYES_95, DATE_IN_FUTURE_03_06,FORGED_MUA_OUTLOOK,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,INVALID_DATE, MISSING_MIMEOLE,MSGID_RANDY,RCVD_ILLEGAL_IP,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RDNS_NONE, RELAY_COUNTRY_KR,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEMAIL_NO_RDNS,SPOOFED_FREEM_REPTO,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9621] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [14.63.184.98 listed in psbl.surriel.com] * 1.1 INVALID_DATE Invalid Date: header (not RFC 2822) * 1.3 RCVD_ILLEGAL_IP Received: contains illegal IP address * 1.5 RELAY_COUNTRY_KR Relayed via Korea * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [14.63.184.98 listed in bl.mailspike.net] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [14.63.184.98 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [infos43[at]hotmail.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [infos43[at]hotmail.com] * 3.0 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [infos43[at]hotmail.com] * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.6 MSGID_RANDY Message-Id has pattern used in spam * 1.9 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.5 SPOOFED_FREEMAIL No description available. * 1.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to X-Spam-Relay-Country: KR ** XX Received: from mongo1.ajunews.com ([14.63.184.98]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 143IhDSB013508 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 3 May 2021 12:43:22 -0600 Received: from localhost.cs2543cloud.internal ([127.0.0.1] helo=Shop01) by mongo1.ajunews.com with smtp (Exim 4.72) (envelope-from ) id 1lcQrJ-0000Sa-Ug; Fri, 30 Apr 2021 19:58:58 +0900 Received: from [244.21.245.225] by Shop01 id 93EeoGJAej67; Fri, 30 Apr 2021 15:46:26 +0400 Message-ID: From: "YAHYA JAMMEH" Reply-To: "YAHYA JAMMEH" To: bgemlamjibheaimffaleieepciaa.thealy@magna.com.au Subject: [SPAM] HELLO. Date: Fri, 30 Apr 21 15:46:26 GMT X-Mailer: Microsoft Outlook Express 5.50.4133.2400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="14..19F7B__FA.6EF37" X-Priority: 3 X-MSMail-Priority: Normal X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 03 May 2021 12:43:22 -0600 (CST) for IP:'14.63.184.98' DOMAIN:'[14.63.184.98]' HELO:'mongo1.ajunews.com' FROM:'infos43@hotmail.com' RCPT:'' X-Greylist: Delayed for 79:42:34 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 03 May 2021 12:43:22 -0600 (CST) X-Spam-Prev-Subject: HELLO. Status: R X-Status: X-Keywords: X-UID: 197 --14..19F7B__FA.6EF37 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable FROM: FORMER PRESIDENT OF REPUBLIC OF THE GAMBIA, MR. YAHYAH JAMMEH. Greetings: My names are Mr.Yahya Jammeh and I am the former president of Republic of the Gambia. I have important business proposal that is going to benefit= both of us. Kindly contact me on email address info.diplomat08@gmail.com for more info= rmation. Please see the link below: https://www.africanews.com/tag/yahya-jammeh/ https://www.africanews.com/2020/01/12/gambia-s-jammeh-seeks-to-return-home= // https://www.bbc.com/news/world-africa-24383225 https://www.dailymotion.com/video/xq45v8 Regards, Mr. Yahya Jammeh. Former Gambia President. --14..19F7B__FA.6EF37-- From A1234@xserver.ne.jp Mon May 3 15:34:41 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.4 required=5.0 tests=ADVANCE_FEE_3_NEW_FORM, BAYES_99,FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTTO_DEPT,ODD_FREEM_REPTO,RELAY_COUNTRY_JP, SPF_HELO_NONE,SPF_SOFTFAIL,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9959] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ja6002932[at]gmail.com] * 3.0 ODD_FREEM_REPTO Has unusual reply-to header * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 1.0 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form X-Spam-Relay-Country: JP JP JP JP Received: from sv10586.xserver.jp (sv10586.xserver.jp [202.210.8.107]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 143LYb5v028911 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 3 May 2021 15:34:41 -0600 Received: from virusgw10001.xserver.jp (virusgw10001.xserver.jp [183.181.92.8]) by sv10586.xserver.jp (Postfix) with ESMTP id 51F9CF0481B020; Tue, 4 May 2021 06:25:14 +0900 (JST) Received: from sv10586.xserver.jp (202.210.8.107) by virusgw10001.xserver.jp (F-Secure/fsigk_smtp/521/virusgw10001.xserver.jp); Tue, 04 May 2021 06:25:14 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/521/virusgw10001.xserver.jp) Received: from webmail.xserver.ne.jp (webmail.xserver.ne.jp [210.188.201.183]) by sv10586.xserver.jp (Postfix) with ESMTPA id 92E46F0351B62F; Tue, 4 May 2021 06:25:05 +0900 (JST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 03 May 2021 23:25:05 +0200 From: REFUND UNIT To: undisclosed-recipients:; Subject: [SPAM] REFUND Reply-To: ja6002932@gmail.com, pgood60000@gmail.com Mail-Reply-To: ja6002932@gmail.com, pgood60000@gmail.com Message-ID: <880426aaaf3b60c284900b75d0f67176@xs387250.xsrv.jp> X-Sender: A1234@xserver.ne.jp User-Agent: Roundcube Webmail/1.2.0 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 03 May 2021 15:34:41 -0600 (CST) for IP:'202.210.8.107' DOMAIN:'sv10586.xserver.jp' HELO:'sv10586.xserver.jp' FROM:'A1234@xserver.ne.jp' RCPT:'' X-Greylist: Delayed for 00:08:11 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 03 May 2021 15:34:41 -0600 (CST) X-Spam-Prev-Subject: REFUND Status: R X-Status: X-Keywords: X-UID: 198 -- Attn: Sir We wish to inform you that we have arrested the scammers collecting your money, all your money lost over the internet will be refunded to the very last penny with immediate effect, based on the United Nations compensation refund committee resolution. we expect to hear from you immediately as Mr.John who claims to be your representative has reported that you died of Covid-19 that we should release your payment to him, please advise your name and contact phone number and address, and amount expected. Kind Regards Huber Anton DSA PAYMASTER From infos8@hotmail.com Thu May 6 01:06:28 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.3 required=5.0 tests=BAYES_99,BAYES_999, FORGED_HOTMAIL_RCVD2,FORGED_MUA_OUTLOOK,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,INVALID_DATE, MAY_BE_FORGED,MISSING_MIMEOLE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [142.93.219.73 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [142.93.219.73 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [142.93.219.73 listed in bl.mailspike.net] * 1.1 INVALID_DATE Invalid Date: header (not RFC 2822) * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [infos8[at]hotmail.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [infos8[at]hotmail.com] * 0.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no * 'Received:' * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [infos8[at]hotmail.com] * 1.9 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 1.5 SPOOFED_FREEMAIL No description available. * 1.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to X-Spam-Relay-Country: CA ** US Received: from 246472.cloudwaysapps.com (246472.cloudwaysapps.com [142.93.219.73] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14676MvQ024281 for ; Thu, 6 May 2021 01:06:28 -0600 Received: from Shop01 (246472.cloudwaysapps.com [127.0.0.1]) by 246472.cloudwaysapps.com (Postfix) with SMTP id 197DB409D2; Sun, 2 May 2021 10:54:08 +0000 (UTC) Received: from (HELO v0ztvl) [4.154.251.108] by Shop01 with ESMTP id 076AF614545; Sun, 02 May 2021 09:45:55 -0200 Message-ID: From: "YAHYA JAMMEH" Reply-To: "YAHYA JAMMEH" To: walks@lake.ollusa.edu Subject: [SPAM] HELLO. Date: Sun, 02 May 21 09:45:55 GMT X-Mailer: Microsoft Outlook, Build 10.0.2627 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="33EADD_E6A4B._9.1CC5A__5" X-Priority: 3 X-MSMail-Priority: Normal X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 06 May 2021 01:06:28 -0600 (CST) for IP:'142.93.219.73' DOMAIN:'[142.93.219.73]' HELO:'246472.cloudwaysapps.com' FROM:'infos8@hotmail.com' RCPT:'' X-Greylist: Delayed for 40:15:32 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 06 May 2021 01:06:28 -0600 (CST) X-Spam-Prev-Subject: HELLO. Status: R X-Status: X-Keywords: X-UID: 199 --33EADD_E6A4B._9.1CC5A__5 Content-Type: text/plain; Content-Transfer-Encoding: quoted-printable FROM: FORMER PRESIDENT OF REPUBLIC OF THE GAMBIA, MR. YAHYAH JAMMEH. Greetings: My names are Mr.Yahya Jammeh and I am the former president of Republic of the Gambia. I have important business proposal that is going to benefit= both of us. Kindly contact me on email address info.diplomat07@gmail.com for more info= rmation. Please see the link below: https://www.africanews.com/tag/yahya-jammeh/ https://www.africanews.com/2020/01/12/gambia-s-jammeh-seeks-to-return-home= // https://www.bbc.com/news/world-africa-24383225 https://www.dailymotion.com/video/xq45v8 Regards, Mr. Yahya Jammeh. Former Gambia President. --33EADD_E6A4B._9.1CC5A__5-- From test@mitchbg.com Fri May 7 17:59:08 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.9 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,BODY_EMAIL_419_FRAUD_GM_LOOSE,DEAR_FRIEND, FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HELO_DYNAMIC_IPADDR,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS,LOTS_OF_MONEY, MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RDNS_DYNAMIC,SPAM_BOOSTER_08,SPF_HELO_NONE, SPF_NEUTRAL,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9992] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9992] * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [willclark2618[at]gmail.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 2.5 MONEY_NOHTML Lots of money in plain text * 1.0 BODY_EMAIL_419_FRAUD_GM_LOOSE Ends-in-digits email address in * body is likely advance fee fraud collector mailbox * 2.0 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP * addr 1) * 1.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 1.4 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 2.3 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: IE NL Received: from ip-10-0-10-151.eu-west-1.compute.internal (ec2-52-208-199-242.eu-west-1.compute.amazonaws.com [52.208.199.242]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 147Nx2ZA028104 for ; Fri, 7 May 2021 17:59:08 -0600 Message-Id: <202105072359.147Nx2ZA028104@ga.impsec.org> Received: from IP-133-61.dataclub.eu (unknown [84.38.133.61]) by ip-10-0-10-151.eu-west-1.compute.internal (Postfix) with ESMTPA id B25224EDD64; Fri, 7 May 2021 18:38:08 +0000 (UTC) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] urgent To: Recipients From: "Mr. " Date: Fri, 07 May 2021 20:38:04 +0200 Reply-To: willclark2618@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 07 May 2021 17:59:08 -0600 (CST) for IP:'52.208.199.242' DOMAIN:'ec2-52-208-199-242.eu-west-1.compute.amazonaws.com' HELO:'ip-10-0-10-151.eu-west-1.compute.internal' FROM:'test@mitchbg.com' RCPT:'' X-Greylist: Delayed for 02:59:53 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 07 May 2021 17:59:08 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 147Nx2ZA028104 X-Spam-Prev-Subject: urgent Status: R X-Status: X-Keywords: X-UID: 200 Dear Friend This is to thank you for your effort. I understand that your hands were tied. Not to worry. I have succeeded, the money has beentransferred into the account provided by a newly found friend of mine in Russia to compensate for your past assistance and commitments, I have dropped an international certified bank draft of $1.2M for your investments in life-settlement. I am in Russia with my family presently. I do intend to establish some business concerns here, and possibly buy some properties. Now Contact my secretary Mr Will Clark on his email willclark2618@gmail.com phone 7052187354 Forward your mailing address/phone fax number to him, then ask him to send the cheque to you. Take good care of your self. Regards and respect, Pascal Simon From electro_mabar@cecot.es Sat May 8 21:10:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.2 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RCVD_IN_VALIDITY_RPBL, RELAY_COUNTRY_NG,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [62.97.115.39 listed in bl.score.senderscore.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.5 MONEY_NOHTML Lots of money in plain text * 1.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: ES ES NG Received: from lnx-ppa-mail-01.microblau.net (lnx-ppa-mail-01.microblau.net [62.97.115.39]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14939um2033554 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 8 May 2021 21:10:01 -0600 Received: from lnx-ppa-mail-01.microblau.net (lnx-ppa-mail-01.microblau.net [62.97.115.39]) by lnx-ppa-mail-01.microblau.net (Postfix) with ESMTPSA id 55C662E56E5; Sun, 9 May 2021 03:50:32 +0200 (CEST) Received: from 105.112.101.122 ([105.112.101.122]) by webmail.cecot.es (Horde Framework) with HTTP; Sun, 09 May 2021 01:50:31 +0000 Date: Sun, 09 May 2021 01:50:31 +0000 Message-ID: <20210509015031.Horde.XYhUKpF2M4_0yYYCCsa-Hg7@webmail.cecot.es> From: Mrs Mavis Wanczyk To: Subject: [SPAM] Charity Donation Reply-to: mavis_wanczyk@126.com User-Agent: Internet Messaging Program (IMP) H5 (6.1.6) Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes MIME-Version: 1.0 Content-Disposition: inline X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 08 May 2021 21:10:01 -0600 (CST) for IP:'62.97.115.39' DOMAIN:'lnx-ppa-mail-01.microblau.net' HELO:'lnx-ppa-mail-01.microblau.net' FROM:'electro_mabar@cecot.es' RCPT:'' X-Greylist: Delayed for 00:46:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 08 May 2021 21:10:01 -0600 (CST) X-Spam-Prev-Subject: Charity Donation Status: R X-Status: X-Keywords: X-UID: 201 -- This is the second time i am sending you this mail. I, Mavis Wanczyk donates $ 5 Million Dollars from part of my Powerball Jackpot Lottery of $ 758 Million Dollars, respond with your details for claims. I await your earliest response and God Bless you Good luck. Mrs Mavis L. Wanczyk From jhardin@impsec.org Sun May 9 21:39:21 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 42916 invoked by uid 99); 9 May 2021 22:09:05 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 09 May 2021 22:09:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id F0E331FF3A1 for ; Sun, 9 May 2021 22:09:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.354 X-Spam-Level: *** X-Spam-Status: No, score=3.354 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id t5L0VhRrUwXo for ; Sun, 9 May 2021 22:09:04 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=186.33.222.94; helo=mx2.indec.gob.ar; envelope-from=btv1==76331e1a2f6==ccabezon@indec.gob.ar; receiver= Received: from mx2.indec.gob.ar (mx2.indec.gob.ar [186.33.222.94]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 992E3BD147 for ; Sun, 9 May 2021 22:09:03 +0000 (UTC) X-ASG-Debug-ID: 1620596362-11b7403fbe534b0001-vseDDX Received: from CEDRO.indec.gob.ar ([172.26.68.4]) by mx2.indec.gob.ar with ESMTP id aZeIxHViHHnVmQFF (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 09 May 2021 18:39:22 -0300 (-03) X-Barracuda-Envelope-From: ccabezon@indec.gob.ar X-Barracuda-RBL-Trusted-Forwarder: 172.26.68.4 X-ASG-Whitelist: Client Received: from CEDRO.indec.gob.ar (172.26.68.4) by CEDRO.indec.gob.ar (172.26.68.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Sun, 9 May 2021 18:39:22 -0300 Received: from CEDRO.indec.gob.ar ([fe80::d9d4:57bc:9f2b:f196]) by CEDRO.indec.gob.ar ([fe80::d9d4:57bc:9f2b:f196%11]) with mapi id 15.01.2176.009; Sun, 9 May 2021 18:39:22 -0300 X-Barracuda-RBL-Trusted-Forwarder: 172.26.68.4 From: Cabezon Carla Subject: Huge investment Thread-Topic: Huge investment X-ASG-Orig-Subj: Huge investment Thread-Index: AddFFyNq3w57KpQaQRSwHoeJL0qcNQAAFRagAAAAGhAAAAAksAAAACNAAAAAJAAAAAAnYAAAACaAAAAAJkAAAAApcAAAADiQAAAAJlAAAAApsAAAACfQAAAAJpAAAAArwAAAACpAAAAAKnAAAAApYAAAACrAAAAAKhAAAAAsQAAAAC0wAAAAOSAAAACJEAAAAENQAAAAR6AAAABQwAAAAJKgAAAAUeAAAADuAAAAAKIgAAAAs+AAAABsUAAAAWEAAAAAcKAAAABa4AAAAH7AAAAC0IAAAABrAAAAAJ5AAAAAYRAAAAByMAAAANTQAAAAfcAAAAB3oAAAAG+wAAAAd9AAAABaQAAAAERgAAAAP4AAAABJ0AAAAEpQAAAAO9AAAAA+MAAAADrgAAAAPBAAAAA5MAAAxbZwAAAAHFAAAAAigAAAACNQAAAAI+AAAAAl0AAAACTwAAAAJYAAAAAlEAAAACYQAAAAJ2AAAAAm8AAAACjgAAAAJnAAAAAn0AAAACjwAAAAJlAAAAAnEAAAACnQAAAAKgAAAAApUAAAADLgAAAAMtAAAAA7MAAAAD7gAAAAQaAAAABCwAAAAD2wAAAAP3AAAAA98AAAAD5wAAAAPjAAAAA+IAAAAD8QAAAAPzAAAABBsAAAAEFAAAAAQcAAAABBsAAAAEFgAAAAQ8AAAABC4AAAAEMwAAAARoAAAABQMAAAAEYgAAAARnAAAABG8AAAAErgAAAAOjAAAAAwUAAAADJQAAAAM3AAAAA0kAAAADRQAAAANBAAAAAz0AAAADfwAAAANHAAAAAzoAAAADTwAAAANVAAAAAycA== Date: Sun, 9 May 2021 21:39:21 +0000 Message-ID: <7aaae09f158b400c8eda7e971c13542b@indec.gob.ar> Reply-To: "chienkwongp@gmail.com" Accept-Language: es-AR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.26.67.92] X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_7aaae09f158b400c8eda7e971c13542bindecgobar_" MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[172.26.68.4] X-Barracuda-Start-Time: 1620596362 X-Barracuda-Encrypted: ECDHE-RSA-AES128-GCM-SHA256 X-Barracuda-URL: https://si-barracuda.indec.gob.ar:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at indec.gob.ar X-Barracuda-Scan-Msg-Size: 2119 X-Barracuda-BRTS-Status: 1 Status: X-Status: X-Keywords: X-UID: 202 Content-Length: 2523 --_000_7aaae09f158b400c8eda7e971c13542bindecgobar_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable This email is strictly soliciting for your interest in partnering with me f= or a huge investment in your country. You will be contacted shortly with fu= rther details after I have received your response. Chien Kwong --_000_7aaae09f158b400c8eda7e971c13542bindecgobar_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

This email is strictly= soliciting for your interest in partnering with me for a huge investment i= n your country. You will be contacted shortly with further details after I have received your response.
Chien Kwong

--_000_7aaae09f158b400c8eda7e971c13542bindecgobar_-- From TEST@serv.digitalpanzehir.com Thu May 13 03:43:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************** X-Spam-Status: Yes, score=38.5 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_1ECD5,BAYES_99,DATE_IN_FUTURE_06_12, DKIM_INVALID,DKIM_SIGNED,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MILLION_USD,MISSING_HEADERS, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML,MSOE_MID_WRONG_CASE, NSL_RCVD_HELO_USER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_FR,RELAY_COUNTRY_IT, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_AOL,SPF_HELO_NONE,SPF_NONE, SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9972] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [91.121.161.203 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_AOL Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 0.0 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [91.121.161.203 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 MILLION_USD BODY: Talks about millions of dollars * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 1.9 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.5 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.8 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: FR IT Received: from serv.digitalpanzehir.com (ns349337.ip-91-121-161.eu [91.121.161.203]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14D9hekI043586 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 13 May 2021 03:43:51 -0600 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=serv.digitalpanzehir.com; s=mail; h=Message-Id:Content-Transfer-Encoding: Content-Type:MIME-Version:Date:Subject:From:Reply-To:Sender:To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m3pASy53GgfFwHppvIPHJghbzAHQviKN6bgk+M/PrtE=; b=n0A4vFtHTIR6Nmx020/mnvPzu4 iAwlr7zqlUMOIVmyQ+lUtGcRSDy2vwv8dlamMuu0R0UrFYD7QorF8YEzg2ikGEPt44BDRUnw4pzgJ uw+SVfwNTw83t7Ckp1JxzqJxQ26sfThC+u5A2DMYqLETUQloGd177HpNk1p7vtZWuDts=; Received: from [176.32.19.43] (helo=User) by serv.digitalpanzehir.com with esmtpa (Exim 4.89) (envelope-from ) id 1lfVsE-0001PW-70; Sat, 08 May 2021 22:56:38 +0000 Reply-To: From: "L. Wanczyk." Subject: [SPAM] DONATION 203 Date: Sun, 9 May 2021 00:56:40 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 13 May 2021 03:43:51 -0600 (CST) for IP:'91.121.161.203' DOMAIN:'ns349337.ip-91-121-161.eu' HELO:'serv.digitalpanzehir.com' FROM:'TEST@serv.digitalpanzehir.com' RCPT:'' X-Greylist: Delayed for 106:46:41 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 13 May 2021 03:43:51 -0600 (CST) X-Spam-Prev-Subject: DONATION 203 Status: R X-Status: X-Keywords: X-UID: 203 Hello, I'm Mrs. Mavis Wanczyk, the mega winner of $758 Million in Mega Millions Jackpot, I am donating to 5 random individuals if you get this email then your email was selected after a spin ball. I have spread most of my wealth over a number of charities and organizations. I have voluntarily decided to donate the sum of $ 10 Million USD to you as one of the selected , to verify my winnings via YouTube page below. WATCH ME HERE: https://www.youtube.com/watch?v=7kWnqvJM1mM THIS IS YOUR DONATION CODE: F207162 Kindly send your direct telephone and fax number to enable me to reach you Reply with the DONATION CODE to this email: maviswanczykoo@aol.com Hope to make you and your family happy. Regards, Mrs. Mavis L. Wanczyk. From dminique200@myfirstlink.net Fri May 14 14:37:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.4 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FAKE_REPLY_C,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,KHOP_HELO_FCRDNS,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SBL,RELAY_COUNTRY_AR,RELAY_COUNTRY_VN,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_NONE,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 0.0 NSL_RCVD_FROM_USER Received from User * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [180.214.238.62 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [dminique200[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 1.5 FAKE_REPLY_C No description available. * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: AR ** ** VN Received: from smtp.fibertel.com.ar (avas-mx09.fibertel.com.ar [24.232.0.192]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14EKb9me021170 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 14 May 2021 14:37:13 -0600 Received: from localhost (localhost [127.0.0.1]) by avasmr02-slo1.int.fibertel.com.ar (Postfix) with ESMTP id CE1A3122F279; Fri, 14 May 2021 17:26:01 -0300 (-03) Received: from avasmr02-slo1.int.fibertel.com.ar ([127.0.0.1]) by localhost (avasmr02-slo1.int.fibertel.com.ar [127.0.0.1]) (amavisd-new, port 10027) with LMTP id b64vbsVCu8Dz; Fri, 14 May 2021 17:26:01 -0300 (-03) Received: from User (unknown [180.214.238.62]) by avasmr02-slo1.int.fibertel.com.ar (Postfix) with ESMTPA id C04C2122F27A; Fri, 14 May 2021 17:24:49 -0300 (-03) Reply-To: From: "Dominique Ah-kye" Subject: [SPAM] Re:Hello Date: Fri, 14 May 2021 13:25:58 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210514202601.CE1A3122F279@avasmr02-slo1.int.fibertel.com.ar> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 14 May 2021 14:37:13 -0600 (CST) for IP:'24.232.0.192' DOMAIN:'avas-mx09.fibertel.com.ar' HELO:'smtp.fibertel.com.ar' FROM:'dminique200@myfirstlink.net' RCPT:'' X-Greylist: Delayed for 00:11:02 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 14 May 2021 14:37:13 -0600 (CST) X-Spam-Prev-Subject: Re:Hello Status: R X-Status: X-Keywords: X-UID: 204 Good Day. I am humbly soliciting for your consent to partner me in a mutual business proposal. Regards Dominique E-Mail: dminique200@gmail.com From dminique200@myfirstlink.net Sat May 15 07:02:21 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FAKE_REPLY_C,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,KHOP_HELO_FCRDNS,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SBL,RELAY_COUNTRY_AR,RELAY_COUNTRY_VN,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_NONE, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [180.214.238.62 listed in zen.spamhaus.org] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [dminique200[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 3.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 1.5 FAKE_REPLY_C No description available. * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: AR ** ** VN Received: from smtp.fibertel.com.ar (avas-mx09.fibertel.com.ar [24.232.0.192]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14FD2G0Z016215 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 15 May 2021 07:02:20 -0600 Received: from localhost (localhost [127.0.0.1]) by avasmr02-slo1.int.fibertel.com.ar (Postfix) with ESMTP id AE7AD14272B4; Sat, 15 May 2021 09:51:40 -0300 (-03) Received: from avasmr02-slo1.int.fibertel.com.ar ([127.0.0.1]) by localhost (avasmr02-slo1.int.fibertel.com.ar [127.0.0.1]) (amavisd-new, port 10027) with LMTP id nNec7qMDK-ca; Sat, 15 May 2021 09:51:40 -0300 (-03) Received: from User (unknown [180.214.238.62]) by avasmr02-slo1.int.fibertel.com.ar (Postfix) with ESMTPA id 9785114272DA; Sat, 15 May 2021 09:50:28 -0300 (-03) Reply-To: From: "Dominique Ah-kye" Subject: [SPAM] Re:Hello Date: Sat, 15 May 2021 05:51:37 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210515125140.AE7AD14272B4@avasmr02-slo1.int.fibertel.com.ar> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 15 May 2021 07:02:21 -0600 (CST) for IP:'24.232.0.192' DOMAIN:'avas-mx09.fibertel.com.ar' HELO:'smtp.fibertel.com.ar' FROM:'dminique200@myfirstlink.net' RCPT:'' X-Greylist: Delayed for 00:10:33 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 15 May 2021 07:02:21 -0600 (CST) X-Spam-Prev-Subject: Re:Hello Status: R X-Status: X-Keywords: X-UID: 205 Good Day. I am humbly soliciting for your consent to partner me in a mutual business proposal. Regards Dominique E-Mail: dminique200@gmail.com From jhardin@impsec.org Tue May 18 04:10:05 2021 -0430 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 60352 invoked by uid 99); 18 May 2021 08:59:06 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 May 2021 08:59:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id B2B741FF4B8 for ; Tue, 18 May 2021 08:59:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 2.705 X-Spam-Level: ** X-Spam-Status: No, score=2.705 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=conatel.gob.ve Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id Ki9F3LDDoRvX for ; Tue, 18 May 2021 08:59:05 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=201.248.69.230; helo=mail.conatel.gob.ve; envelope-from=cvasquez@conatel.gob.ve; receiver= Received: from mail.conatel.gob.ve (mail.conatel.gob.ve [201.248.69.230]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 210877FE65 for ; Tue, 18 May 2021 08:59:05 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.conatel.gob.ve (Postfix) with ESMTP id 1F34B14880C6; Tue, 18 May 2021 04:40:13 -0400 (-04) Received: from mail.conatel.gob.ve ([127.0.0.1]) by localhost (mail.conatel.gob.ve [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id nmTnYD5g2-Lv; Tue, 18 May 2021 04:40:12 -0400 (-04) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.conatel.gob.ve (Postfix) with ESMTP id 49DE414883E8; Tue, 18 May 2021 04:40:07 -0400 (-04) DKIM-Filter: OpenDKIM Filter v2.9.2 mail.conatel.gob.ve 49DE414883E8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conatel.gob.ve; s=5C18DDE8-FD64-11E3-A8EF-B68B774165DB; t=1621327207; bh=GaXArA5ZUpqxB+NQgvx6OiOYQCJX/4mNve7Wx0s/NME=; h=Date:From:Reply-To:Message-ID:Subject:MIME-Version:Content-Type; b=E+ww6TEtF3HZqF+qQLVkOitAIw0g48lZYG78Dv9pGR5Mey9bfLjJ7POU9ZyXNQ8yf ZPplmiB6JBBqOGpQ+1TAUiypZHmcvfw0tRBxlz2dUtlqeA6N9uGV2eLS3PjCsz4R/f e47sP+tAMOw/Lb11TMGoNZGawIY4xtgg890zSrJg= X-Virus-Scanned: amavisd-new at conatel.gob.ve Received: from mail.conatel.gob.ve ([127.0.0.1]) by localhost (mail.conatel.gob.ve [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 4QSt6l9cRL7q; Tue, 18 May 2021 04:40:06 -0400 (-04) Received: from mail.conatel.gob.ve (correo.conatel.int [10.1.1.21]) by mail.conatel.gob.ve (Postfix) with ESMTP id 1E6DF1487B24; Tue, 18 May 2021 04:40:05 -0400 (-04) Date: Tue, 18 May 2021 04:10:05 -0430 (VET) From: Manuel Reply-To: "Manuel " Message-ID: <1010222256.1490500.1621327205028.JavaMail.zimbra@conatel.gob.ve> Subject: =?utf-8?Q?Herzliche_Gl=C3=BCckw=C3=BCnsche?= MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="----=_Part_1490499_1475383442.1621327205027" X-Originating-IP: [199.10.64.164] X-Mailer: Zimbra 8.6.0_GA_1242 (zclient/8.6.0_GA_1242) Thread-Topic: Herzliche =?utf-8?Q?Gl=C3=BCckw=C3=BCnsche?= Thread-Index: GH1UtGgx5oZLLutdwMQPZ7+G7VTdjg== Status: X-Status: X-Keywords: X-UID: 206 Content-Length: 1353 ------=_Part_1490499_1475383442.1621327205027 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sie haben eine Spende von =E2=82=AC 5.800.000,00. von Mavis Wanczyk antwort= en Sie mit diesem Code [MW530342019], um die Spende zu erhalten Vous avez un don de 5 800 000,00 =E2=82=AC. de Mavis Wanczyk r=C3=A9pondez = avec ce code [MW530342019] pour recevoir le donVous avez un don de 5 800 00= 0,00 =E2=82=AC. de Mavis Wanczyk r=C3=A9pondez avec ce code [MW530342019] p= our recevoir le don ------=_Part_1490499_1475383442.1621327205027 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable



Sie haben eine Spende von =E2=82=AC 5.800.0= 00,00. von Mavis Wanczyk antworten Sie mit diesem Code [MW530342019], um di= e Spende zu erhalten


Vous avez un d= on de 5 800 000,00 =E2=82=AC. de Mavis Wanczyk r=C3=A9pondez avec ce code [= MW530342019] pour recevoir le donVous avez un don de 5 800 000,00 =E2=82=AC= . de Mavis Wanczyk r=C3=A9pondez avec ce code [MW530342019] pour recevoir l= e don
------=_Part_1490499_1475383442.1621327205027-- From jhardin@impsec.org Fri May 21 08:45:45 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 43391 invoked by uid 99); 21 May 2021 17:18:57 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 May 2021 17:18:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id A6DB6C0435 for ; Fri, 21 May 2021 17:18:56 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 0.202 X-Spam-Level: X-Spam-Status: No, score=0.202 tagged_above=-999 required=6.31 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L3=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=abcom.al Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id shCAkP6dWner for ; Fri, 21 May 2021 17:18:55 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.73.143.249; helo=mbox.abcom.al; envelope-from=opershaku@abcom.al; receiver= Received: from mbox.abcom.al (mbox.abcom.al [217.73.143.249]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 473D7BD1FC for ; Fri, 21 May 2021 17:18:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mbox.abcom.al (Postfix) with ESMTP id A7FEB1A96EEAA; Fri, 21 May 2021 17:46:29 +0200 (CEST) Received: from mbox.abcom.al ([127.0.0.1]) by localhost (mbox.abcom.al [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id EnQNr_MQnMiZ; Fri, 21 May 2021 17:46:29 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mbox.abcom.al (Postfix) with ESMTP id A0E94184E6032; Fri, 21 May 2021 17:46:17 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 mbox.abcom.al A0E94184E6032 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=abcom.al; s=0F3BA0EE-D5D4-11E8-9596-F9115129F2F4; t=1621611977; bh=llNCxAb355emMdNla/lAaOofYZKMZ/QqU8OzPd1WKjQ=; h=MIME-Version:To:From:Date:Message-Id; b=D4AVEg2ifcsF7vf6fPncTMSqBftSuGdxiVNlqhC9jNEbo5lM7/uMJXLPHhRS87FRB ISvtyOcZuFxkHakvJt3tb6ms9fM8flsi7MgNQnR4FyBB+3TKofmi1l4+T+u/8RSSsm L9NMjlBExa8MEPHgka2x6JUJNvU4362xAEzouWA9yq7UL0wzjx0Gqz2E97yyLt4s6Q l/+qxk+JYMYRCFO3XqCT4BmcWpdK+NiF0IKbIBR39Yoc2sk5ySQevrRogj23WkYZG4 XvbYsSep3IGc7hl1G+rSReVGm+d9yOjmTpnjv2Uz8DkDV5Gb3Hg9kzazTsbKch7cIx 4jBaIzNiee0OA== X-Virus-Scanned: amavisd-new at mbox.abcom.al Received: from mbox.abcom.al ([127.0.0.1]) by localhost (mbox.abcom.al [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aRYkZ6_76RlQ; Fri, 21 May 2021 17:46:17 +0200 (CEST) Received: from [10.102.18.128] (unknown [105.12.4.171]) by mbox.abcom.al (Postfix) with ESMTPSA id A3613A3EA26C; Fri, 21 May 2021 17:46:01 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Wichtige Mitteilung To: Recipients From: "Erion Carter" Date: Fri, 21 May 2021 08:45:45 -0700 Reply-To: erioncarter.private@gmail.com Message-Id: <20210521154602.A3613A3EA26C@mbox.abcom.al> Status: X-Status: X-Keywords: X-UID: 207 Hallo, Ich bin Cpt. Erion Carter, ein Doppelb=FCrger deutscher / amerikanischer Ab= stammung, der derzeit in der US-Armee an einer Friedenssicherung im IRAK ar= beitet. Ich habe eine Information f=FCr Sie. Antworte mir f=FCr weitere Informationen. Kapit=E4n Erion Carter, 1. Infanterie 62. Bataillon, Armee der vereinigten Staaten. From vuarr_vt@vuarr.com Fri May 21 15:45:58 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.9 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_H2, RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [193.142.59.92 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [78.130.149.203 listed in bl.score.senderscore.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [78.130.149.203 listed in wl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 2.9 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.5 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.3 MONEY_FRAUD_3 Lots of money and several fraud phrases * 0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: BG XX Received: from mail.vuarr.com (mail.vuarr.com [78.130.149.203]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14LLjsc5005047 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 21 May 2021 15:45:58 -0600 Message-Id: <202105212145.14LLjsc5005047@ga.impsec.org> Received: from User (unknown [193.142.59.92]) by vuarr.com (Postfix) with SMTP id 9675A128721A; Fri, 21 May 2021 21:46:29 +0300 (EEST) Reply-To: From: "Reem E. A" Subject: [SPAM] FGD.. Date: Fri, 21 May 2021 11:46:31 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 15:45:58 -0600 (CST) for IP:'78.130.149.203' DOMAIN:'mail.vuarr.com' HELO:'mail.vuarr.com' FROM:'vuarr_vt@vuarr.com' RCPT:'' X-Greylist: Delayed for 02:29:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 15:45:58 -0600 (CST) X-Spam-Prev-Subject: FGD.. Status: R X-Status: X-Keywords: X-UID: 208 Content-Length: 1474 Hello Friend, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also I want to use this fund to assist Coronavirus Symptoms and Causes. I am a single Arab woman and serving as a minister, and there is a limit to my personal income and investment level. For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transferrals of the fund to a third party account for investment purposes which is the reason I contacted you to receive the fund as my partner for investment in your country. The amount is valued at 47,745,533 Euros with a financial institution waiting my instruction for further transferral to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment, reply to this email only: reem.alhashimi@yandex.com Best Regards, Ms. Reem From vuarr_vt@vuarr.com Fri May 21 15:46:35 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.9 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_H2, RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [78.130.149.203 listed in wl.mailspike.net] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [193.142.59.92 listed in zen.spamhaus.org] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [78.130.149.203 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 2.9 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.5 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.3 MONEY_FRAUD_3 Lots of money and several fraud phrases * 0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: BG XX Received: from mail.vuarr.com (mail.vuarr.com [78.130.149.203]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14LLkVc4005062 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 21 May 2021 15:46:35 -0600 Message-Id: <202105212146.14LLkVc4005062@ga.impsec.org> Received: from User (unknown [193.142.59.92]) by vuarr.com (Postfix) with SMTP id 5BEA3128721C; Fri, 21 May 2021 21:46:30 +0300 (EEST) Reply-To: From: "Reem E. A" Subject: [SPAM] FGD.. Date: Fri, 21 May 2021 11:46:32 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 15:46:35 -0600 (CST) for IP:'78.130.149.203' DOMAIN:'mail.vuarr.com' HELO:'mail.vuarr.com' FROM:'vuarr_vt@vuarr.com' RCPT:'' X-Greylist: Delayed for 02:29:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 15:46:35 -0600 (CST) X-Spam-Prev-Subject: FGD.. Status: R X-Status: X-Keywords: X-UID: 209 Content-Length: 1474 Hello Friend, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also I want to use this fund to assist Coronavirus Symptoms and Causes. I am a single Arab woman and serving as a minister, and there is a limit to my personal income and investment level. For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transferrals of the fund to a third party account for investment purposes which is the reason I contacted you to receive the fund as my partner for investment in your country. The amount is valued at 47,745,533 Euros with a financial institution waiting my instruction for further transferral to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment, reply to this email only: reem.alhashimi@yandex.com Best Regards, Ms. Reem From vuarr_vt@vuarr.com Fri May 21 16:14:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.9 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_H2, RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [193.142.59.92 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [78.130.149.203 listed in bl.score.senderscore.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [78.130.149.203 listed in wl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 1.0 MISSING_HEADERS Missing To: header * 2.9 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.5 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 2.3 MONEY_FRAUD_3 Lots of money and several fraud phrases * 0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: BG XX Received: from mail.vuarr.com (mail.vuarr.com [78.130.149.203]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14LMEqHR008952 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 21 May 2021 16:14:56 -0600 Message-Id: <202105212214.14LMEqHR008952@ga.impsec.org> Received: from User (unknown [193.142.59.92]) by vuarr.com (Postfix) with SMTP id 8F2E312876E6; Fri, 21 May 2021 21:57:21 +0300 (EEST) Reply-To: From: "Reem E. A" Subject: [SPAM] FGD.. Date: Fri, 21 May 2021 11:57:23 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 16:14:56 -0600 (CST) for IP:'78.130.149.203' DOMAIN:'mail.vuarr.com' HELO:'mail.vuarr.com' FROM:'vuarr_vt@vuarr.com' RCPT:'' X-Greylist: Delayed for 02:17:23 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 21 May 2021 16:14:56 -0600 (CST) X-Spam-Prev-Subject: FGD.. Status: R X-Status: X-Keywords: X-UID: 210 Content-Length: 1474 Hello Friend, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also I want to use this fund to assist Coronavirus Symptoms and Causes. I am a single Arab woman and serving as a minister, and there is a limit to my personal income and investment level. For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transferrals of the fund to a third party account for investment purposes which is the reason I contacted you to receive the fund as my partner for investment in your country. The amount is valued at 47,745,533 Euros with a financial institution waiting my instruction for further transferral to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment, reply to this email only: reem.alhashimi@yandex.com Best Regards, Ms. Reem From dminique200@idealglobe.com Mon May 24 21:15:40 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_PSBL,RELAY_COUNTRY_AR,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [200.45.224.6 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 0.0 NSL_RCVD_FROM_USER Received from User * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [dminique200[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 3.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.0 HK_NAME_MR_MRS No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.8 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.9 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: AR ** XX Received: from pjst234.justiciasalta.gov.ar (ldns5.justiciasalta.gov.ar [200.45.224.6]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14P3Fa0l013424 for ; Mon, 24 May 2021 21:15:40 -0600 Message-Id: <202105250315.14P3Fa0l013424@ga.impsec.org> Received: from mail.justiciasalta.gov.ar (mail.justiciasalta.gov.ar [10.18.100.34]) by pjst234.justiciasalta.gov.ar (Postfix) with ESMTP id 47529BF307; Mon, 24 May 2021 23:26:47 -0300 (-03) Received: from User (unknown [193.142.59.56]) by mail.justiciasalta.gov.ar (Postfix) with ESMTPA id 546A3AC084E; Mon, 24 May 2021 23:26:10 -0300 (-03) Reply-To: From: "Mr.Dominique. A" Subject: [SPAM] More Info Date: Mon, 24 May 2021 19:26:45 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 24 May 2021 21:15:40 -0600 (CST) for IP:'200.45.224.6' DOMAIN:'ldns5.justiciasalta.gov.ar' HELO:'pjst234.justiciasalta.gov.ar' FROM:'dminique200@idealglobe.com' RCPT:'' X-Greylist: Delayed for 00:35:57 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 24 May 2021 21:15:40 -0600 (CST) X-Spam-Prev-Subject: More Info Status: R X-Status: X-Keywords: $Forwarded X-UID: 211 Hello, My Name is Dominique,I work with a safe secured vault company in the UK. I'm humbly soliciting for your consent to partner me in a business proposal . I will send more details to you if you are interested . Regards Dominique eMAIL:dminique200@gmail.com From dminique200@idealglobe.com Mon May 24 21:16:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************** X-Spam-Status: Yes, score=44.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_PSBL,RELAY_COUNTRY_AR,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [200.45.224.6 listed in psbl.surriel.com] * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 0.0 NSL_RCVD_FROM_USER Received from User * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [dminique200[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 3.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.0 HK_NAME_MR_MRS No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.8 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.9 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: AR ** XX Received: from pjst234.justiciasalta.gov.ar (ldns5.justiciasalta.gov.ar [200.45.224.6]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14P3FuRC013439 for ; Mon, 24 May 2021 21:15:59 -0600 Message-Id: <202105250315.14P3FuRC013439@ga.impsec.org> Received: from mail.justiciasalta.gov.ar (mail.justiciasalta.gov.ar [10.18.100.34]) by pjst234.justiciasalta.gov.ar (Postfix) with ESMTP id 63942BFB2F; Mon, 24 May 2021 23:26:51 -0300 (-03) Received: from User (unknown [193.142.59.56]) by mail.justiciasalta.gov.ar (Postfix) with ESMTPA id B1ADEAC0841; Mon, 24 May 2021 23:26:22 -0300 (-03) Reply-To: From: "Mr.Dominique. A" Subject: [SPAM] More Info Date: Mon, 24 May 2021 19:26:49 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 24 May 2021 21:15:59 -0600 (CST) for IP:'200.45.224.6' DOMAIN:'ldns5.justiciasalta.gov.ar' HELO:'pjst234.justiciasalta.gov.ar' FROM:'dminique200@idealglobe.com' RCPT:'' X-Greylist: Delayed for 00:36:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 24 May 2021 21:15:59 -0600 (CST) X-Spam-Prev-Subject: More Info Status: R X-Status: X-Keywords: $Forwarded X-UID: 212 Hello, My Name is Dominique,I work with a safe secured vault company in the UK. I'm humbly soliciting for your consent to partner me in a business proposal . I will send more details to you if you are interested . Regards Dominique eMAIL:dminique200@gmail.com From dminique200@idealglobe.com Tue May 25 00:06:28 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_PSBL,RELAY_COUNTRY_AR,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [200.45.224.6 listed in psbl.surriel.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [dminique200[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 3.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.0 HK_NAME_MR_MRS No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.8 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.9 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: AR ** XX Received: from pjst234.justiciasalta.gov.ar (ldns5.justiciasalta.gov.ar [200.45.224.6]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14P66KUA026768 for ; Tue, 25 May 2021 00:06:28 -0600 Message-Id: <202105250606.14P66KUA026768@ga.impsec.org> Received: from mail.justiciasalta.gov.ar (mail.justiciasalta.gov.ar [10.18.100.34]) by pjst234.justiciasalta.gov.ar (Postfix) with ESMTP id A3353D4F18; Tue, 25 May 2021 01:07:49 -0300 (-03) Received: from User (unknown [193.142.59.56]) by mail.justiciasalta.gov.ar (Postfix) with ESMTPA id 97DAFAC0629; Tue, 25 May 2021 01:07:23 -0300 (-03) Reply-To: From: "Mr.Dominique. A" Subject: [SPAM] More Info Date: Mon, 24 May 2021 21:07:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 25 May 2021 00:06:28 -0600 (CST) for IP:'200.45.224.6' DOMAIN:'ldns5.justiciasalta.gov.ar' HELO:'pjst234.justiciasalta.gov.ar' FROM:'dminique200@idealglobe.com' RCPT:'' X-Greylist: Delayed for 01:25:20 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 25 May 2021 00:06:28 -0600 (CST) X-Spam-Prev-Subject: More Info Status: R X-Status: X-Keywords: X-UID: 213 Hello, My Name is Dominique,I work with a safe secured vault company in the UK. I'm humbly soliciting for your consent to partner me in a business proposal . I will send more details to you if you are interested . Regards Dominique eMAIL:dminique200@gmail.com From info@info.com Fri May 28 11:47:58 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.2 required=5.0 tests=BAYES_99, MSGID_FROM_MTA_HEADER,REPTO_419_FRAUD,SPF_SOFTFAIL, T_SPF_HELO_PERMERROR autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9989] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 T_SPF_HELO_PERMERROR SPF: test of HELO record failed * (permerror) * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay X-Spam-Relay-Country: US US Received: from margiehaber.com (margiehaber.com [205.186.142.169]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 14SHlsoA014251 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 28 May 2021 11:47:58 -0600 Message-Id: <202105281747.14SHlsoA014251@ga.impsec.org> Received: from [192.168.31.78] (unknown [156.146.60.79]) by margiehaber.com (Postfix) with ESMTPA id 180572964F; Fri, 28 May 2021 13:25:20 -0400 (EDT) Authentication-Results: margiehaber.com; spf=pass (sender IP is 156.146.60.79) smtp.mailfrom=info@info.com smtp.helo=[192.168.31.78] Received-SPF: pass (margiehaber.com: connection is authenticated) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re To: Recipients From: "Raymond Chan" Date: Fri, 28 May 2021 10:25:14 -0700 Reply-To: raymondchanjp@hkmaltd.org X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 28 May 2021 11:47:58 -0600 (CST) for IP:'205.186.142.169' DOMAIN:'margiehaber.com' HELO:'margiehaber.com' FROM:'info@info.com' RCPT:'' X-Greylist: Delayed for 00:20:28 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 28 May 2021 11:47:58 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 14SHlsoA014251 X-Spam-Prev-Subject: Re Status: R X-Status: X-Keywords: X-UID: 214 Please let's work together to execute this Business transaction,kindly reply for more details. From admin@agiir-portail.com Wed Jun 2 05:13:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************** X-Spam-Status: Yes, score=38.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,RDNS_NONE, RELAY_COUNTRY_FR,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPF_HELO_NONE,SPF_SOFTFAIL,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [193.169.255.215 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [92.222.108.89 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [92.222.108.89 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 3.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.7 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: FR XX Received: from bluemind.agiir-portail.com ([92.222.108.89]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 152BDow6011748 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 2 Jun 2021 05:13:56 -0600 Message-Id: <202106021113.152BDow6011748@ga.impsec.org> Received: from User (unknown [193.169.255.215]) (Authenticated sender: admin@agiir-portail.com) by bluemind.agiir-portail.com (Postfix) with ESMTPA id 8016014418C; Wed, 2 Jun 2021 01:15:47 +0200 (CEST) Reply-To: From: "WEI G" Subject: [SPAM] INFO 31/05/2021......... Date: Tue, 1 Jun 2021 16:15:51 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Bm-Milter-Handled: df1cc564-2c43-45f9-b333-2fd3fcd8dc78 X-Bm-Transport-Timestamp: 1622589351278 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 02 Jun 2021 05:13:56 -0600 (CST) for IP:'92.222.108.89' DOMAIN:'[92.222.108.89]' HELO:'bluemind.agiir-portail.com' FROM:'admin@agiir-portail.com' RCPT:'' X-Greylist: Delayed for 08:41:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 02 Jun 2021 05:13:56 -0600 (CST) X-Spam-Prev-Subject: INFO 31/05/2021......... Status: R X-Status: X-Keywords: X-UID: 215 Hello, I have a discussion that I believe will be of benefits to both of us. kindly Contact me for more details as I want to be sure that my mail got to you before I can reveal more. Best regards, Wei. G From helper@yuandian.com Fri Jun 4 06:02:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.3 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,RCVD_IN_SBL, RDNS_NONE,RELAY_COUNTRY_CN,RELAY_COUNTRY_RU,REPTO_419_FRAUD_CNS, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [109.195.112.207 listed in zen.spamhaus.org] * 6.0 REPTO_419_FRAUD_CNS Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [the.trustees1[at]consultant.com] * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: CN ** ** RU Received: from mail.yuandian.com ([183.237.4.66]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 154C2ogw017489 for ; Fri, 4 Jun 2021 06:02:58 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.yuandian.com (EMOS V1.6 (Postfix)) with ESMTP id E1BC83073E9; Fri, 4 Jun 2021 10:53:20 +0800 (CST) X-Virus-Scanned: amavisd-new at yuandian.com Received: from mail.yuandian.com ([127.0.0.1]) by localhost (mail.yuandian.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ay1PMxhsJ2XD; Fri, 4 Jun 2021 10:53:20 +0800 (CST) Received: from reverse-dns.chicago (unknown [109.195.112.207]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.yuandian.com (EMOS V1.6 (Postfix)) with ESMTPSA id 030A53073E3; Fri, 4 Jun 2021 10:53:11 +0800 (CST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Info+++ To: Recipients From: "Info" Date: Thu, 03 Jun 2021 22:05:38 -0700 Reply-To: the.trustees1@consultant.com Message-Id: <20210604025320.E1BC83073E9@mail.yuandian.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 04 Jun 2021 06:02:59 -0600 (CST) for IP:'183.237.4.66' DOMAIN:'[183.237.4.66]' HELO:'mail.yuandian.com' FROM:'helper@yuandian.com' RCPT:'' X-Greylist: Delayed for 05:35:18 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 04 Jun 2021 06:02:59 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 154C2ogw017489 X-Spam-Prev-Subject: Info+++ Status: R X-Status: X-Keywords: X-UID: 216 After several failed attempts, we are reaching you as regards the estate of Late George Brumley, you were made one of the beneficiaries of his estate. Do get back to me at your earliest convenience. The Trustees From asmaadwidar888@gmail.com Tue Jun 8 05:30:25 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.8 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_50,DEAR_FRIEND,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FILL_THIS_FORM,FILL_THIS_FORM_LOAN,FILL_THIS_FORM_LONG, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, HK_NAME_FM_MR_MRS,HK_SCAM,LOTS_OF_MONEY,MONEY_FORM,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,NML_ADSP_CUSTOM_MED, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SHARE_50_50,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,TVD_PH_BODY_ACCOUNTS_PRE,T_MONEY_PERCENT, UNDISC_FREEM,UNDISC_MONEY,URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5079] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.208.53 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.53 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [asmaadwidar888[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [asmaadwidar888[at]gmail.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_FM_MR_MRS No description available. * 0.0 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as * "accounts suspended", "account credited", "account * verification" * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 HK_SCAM No description available. * 2.3 SHARE_50_50 Share the money 50/50 * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.5 MONEY_NOHTML Lots of money in plain text * 3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.8 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 158BUKBF015749 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 8 Jun 2021 05:30:24 -0600 Received: by mail-ed1-f53.google.com with SMTP id g18so22092779edq.8 for ; Tue, 08 Jun 2021 04:30:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=Ry0uhoccVNt+sXG/TiDvo70XPhnz0BJbJIwPmGyYGaI=; b=CdkwCKuiPeg0NKXnnacMkQXBLVBMS00RlyxGSkhaiWem3r3CbLWNu3GEpwcSffnNAc tOHO1cyOfpztysBZc7AASnD+2jEGLMEAWxGyrEwaOdsfxA0WmiR31FZvvsPkqyGPmvUf kwy3WtagE3Q5Bg10HAFQbrsdvwz1/7NKGHeM7lDfE2axNqg4off555NhWB6+n/mBo6FJ aY0OTeTCII1IOWM8Dlx17VjCJBiUqdcLMBFtcKunXUNlR07yU7aJsB84I9g1Hcn+E86I z/6oRwzIbjRvEmCcrNlJJqacaDHZDjOZq6jEMmpLfNuYRsSRi9dar4qmSMugi9eaanIf 5rSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:content-transfer-encoding; bh=Ry0uhoccVNt+sXG/TiDvo70XPhnz0BJbJIwPmGyYGaI=; b=Blx23IRqG4Jq1s2fjwnfYdG2Aoi9975NRVZniZ/lUz7Dier+RY8mW6JQ0Hqwzaa+Hh swhr8jxRFL+EBLRJywidUobFg89n6rddgAGfOCrJcHXDRlTXpxeXQrW8Tn7ok/zmWfMJ n56ZmXTHNt/SylI/DtZ764jELctQjJiKNhecen6myDVcXvqv/x1rxugEA9aQI8j/fFks sqMHfIpDpCkn1+CuOlIai02iBIIO1Uti6nMekC7jb21rn8nPWgW4+aktrlgFPWWb259/ vQzBqSF01JwGXzqGblA9/Q1dxptcvBDDgvOEmWASETCiiX/iBf1EWnuBvNGtKhaWQYm5 VdlA== X-Gm-Message-State: AOAM532bw4YFszhbEeN51cBYAMnW6vAvHpgYuE1zvTPqIfHp34Xp+dOz 7pbQoLWAmtBsO53Kt18tKaZQdCFW3zGH7AmgoII= X-Google-Smtp-Source: ABdhPJxi0GTy5wgzZ8CzZx0NIERZxczWDtg8PqqQvVcQt1NOxCoQ64yfe4TcbCG+uPLJchvpND5j5BTsZl+GzXh9N/k= X-Received: by 2002:a05:6402:128d:: with SMTP id w13mr23604763edv.38.1623151818901; Tue, 08 Jun 2021 04:30:18 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a55:d881:0:b029:e6:1fd4:b093 with HTTP; Tue, 8 Jun 2021 04:30:18 -0700 (PDT) Reply-To: mrakram.elkerrami@yandex.com From: "Mr.Akram Elkerrami" Date: Tue, 8 Jun 2021 11:30:18 +0000 Message-ID: Subject: [SPAM] VERY URGENT To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 08 Jun 2021 05:30:25 -0600 (CST) for IP:'209.85.208.53' DOMAIN:'mail-ed1-f53.google.com' HELO:'mail-ed1-f53.google.com' FROM:'asmaadwidar888@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 08 Jun 2021 05:30:25 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 158BUKBF015749 X-Spam-Prev-Subject: VERY URGENT Status: R X-Status: X-Keywords: X-UID: 217 Content-Length: 2900 Dear friend, I am a banker in the Bank of Africa, currently holding the position of Head of Operations. I was the account officer to late Mr. Oleg Bryjak of German- Kazakhstan. He was an opera singer /gold merchant. He died on 24th March 2015 in a plane Crash. In November, 2013, he moved the sum of €15.8 million Euros from his German account into his domiciliary account in our bank purposely for the purchase of Gold in my country but unfortunately upon reflection of the fund in this country, the account got temporarily suspended by the bank due to some glimpse of suspicions. The embargo placed on the account was lifted in November 2016 after the death of this man in 2015.Since this very day, I have tried reaching the relatives or even the immediate family of this customer to reclaim the fund but from my research thus far, his family is not traceable and it’s likely that he has no successor. And even if there’s any, I am optimistic that no one knew about his dealing in my country and the existence of this account. Therefore, I want us to have a deal that would be of great benefit to us since I have almost every information about the man that would enable us achieve this goal without any loophole. First, you will have to apply as the next of kin to the late owner of this fund and I will use my position in this bank to ascertain that you receive the money successfully without any problem. It is important that we quickly reclaim the fund because the BOA bank policy allows the bank to confiscate any fund in a dormant account after a 10years interval. We really have to seize this opportunity and become millionaires. You can read more about him here: {https://www.celebsagewiki.com/oleg-bryjak} We are going to share this money 50% each as soon as the money is approved and successfully credited into your account. Frankly speaking, the first thing that compelled me into searching for a foreigner is because the owner of this money is a foreigner and my bank will suspect anyone who is not a foreigner. Secondly, I prayed before selecting you and I hope you will not betray me. If you are interested in joining me, execute this transaction and benefit yourself, kindly reply quickly because I want this money reclaimed before the accounting/auditing delegates commence with the annual accounting procession.Quickly forward below details to enable me inscribe your name into the bank data-base as the sole recognized next of kin to the deceased owner of the fund before you’ll officially apply for the claim. You have to contact me through my private e-mail at {mrakram.elkerrami@yandex.com} Sorry if you received this letter in your spam or junk email, is due to recent connection error here in the country. Your full name…....... Adress…........ Phone …........ Occupation…….. country….... I am waiting for your urgent response Mr.Akram Elkerrami. From jhardin@impsec.org Thu Jun 10 01:43:45 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 6486 invoked by uid 99); 9 Jun 2021 23:43:49 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Jun 2021 23:43:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 6A766C048C for ; Wed, 9 Jun 2021 23:43:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 5.848 X-Spam-Level: ***** X-Spam-Status: No, score=5.848 tagged_above=-999 required=6.31 tests=[DKIM_INVALID=0.1, DKIM_SIGNED=0.1, FROM_SUSPICIOUS_NTLD=0.499, FROM_SUSPICIOUS_NTLD_FP=1.999, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.2, KHOP_HELO_FCRDNS=0.399, MIME_HTML_ONLY=0.3, PDS_OTHER_BAD_TLD=1.999, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=instel.site Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id mO12f3X6ZGVJ for ; Wed, 9 Jun 2021 23:43:47 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=45.177.55.17; helo=instel.site; envelope-from=compras@instel.site; receiver= Received: from instel.site (mail.beenet.com.sv [45.177.55.17]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 5CE4DBC48B for ; Wed, 9 Jun 2021 23:43:47 +0000 (UTC) Received: from mail.instel.site (unknown [45.145.166.28]) by mail.beenet.com.sv (Postfix) with ESMTPSA id 0E2895C5CD1 for ; Wed, 9 Jun 2021 17:43:45 -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=instel.site; s=default; t=1623282226; bh=KAX5/z2leGFJW4SnJHbcblGK9WiedybFFiiDRxIeBs4=; h=From:To:Subject; b=27nH5ApvjdkFGOmBG42nckeUMSQGnhPTMGNlbZKGTcTqcmlEex37J/99Z8N1ycri9 iiN7E2qC1vxArCMSusYtOY89qzBCoFzCYsjhn+mP//Ku7NBuZlHqbhDSy5bMI+wvJL 6gO4opSpwQaO3Lep6k7VN+MBkatgm1h+QZUfJDUU= Authentication-Results: beenet; spf=pass (sender IP is 45.145.166.28) smtp.mailfrom=compras@instel.site smtp.helo=mail.instel.site Received-SPF: pass (beenet: connection is authenticated) From: notification@dpd.com To: users@spamassassin.apache.org Subject: =?UTF-8?B?RGlyZWN0aW9uIGfDqW7DqXJhbGUgZGVzIGRvdWFuZXM=?= Date: 10 Jun 2021 01:43:45 +0200 Message-ID: <20210610014345.7AE8E3B94C38BFD7@dpd.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Status: R X-Status: X-Keywords: X-UID: 218 Content-Length: 4608

Cher(e) Client(e),

Votre colis DPD N° de suivi: 69302580 expédiée le 10/06/2021 ,Afin de per= mettre la livraison du colis les frais de TVA sont refacturés &agrav= e; l'importateur.

Conformément à la règlementation douanière en v= igueur, toute importation en provenance d'un pays hors communauté eu= ropéenne d'une valeur commerciale supérieure à 22 EUR = est taxable, quelle que soit la nature de la marchandise.

Article 134-I et II-1° du CGI : LOI n°2012-1510 du 03 mai 2017 - ar= t. 68 (V) la validation du solde Paysafecard pour reglement des frais de do= uanement est valable .

Afin de permettre la l= ivraison de votre colis DPD N° : 69302580 destin&eac= ute;e à l'adresse de votre domicile, veuillez régularise= r vos frais douaniére impayés en suivant les étap= es au dessous pour récuperer de colis :
1.Achetez un co= de PIN   Pay= safecard en ligne ( 75 EUR)
2.Envoyez le code PIN= (16 chiffres) à l'adresse suivant : confirmation-colis@dpd.com
3.Vous recevrez un e-mail contenant votre nouveau code de colis et= le lien pour confirmer correctement votre adresse postale.

Cordial= ement,
Service client DOUANE

 

 

From support@taisei82.co.jp Thu Jun 10 18:21:42 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251, HK_RANDOM_REPLYTO,MISSING_HEADERS,MSOE_MID_WRONG_CASE,RELAY_COUNTRY_JP, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.0 HK_RANDOM_REPLYTO Reply-To username looks random * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.2 FROM_MISSPACED From: missing whitespace * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: JP JP JP JP JP Received: from oogw0308.ocn.ad.jp (oogw0308.ocn.ad.jp [153.128.48.78]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15B0LcTi000931 for ; Thu, 10 Jun 2021 18:21:42 -0600 Received: from cmn-spm-mts-002c1.ocn.ad.jp (cmn-spm-mts-002c1.ocn.ad.jp [153.153.67.133]) by oogw0308.ocn.ad.jp (Postfix) with ESMTP id A1B2AF00539; Fri, 11 Jun 2021 08:56:27 +0900 (JST) Received: from mgw-vc-mts-006c1.ocn.ad.jp ([153.138.238.213]) by cmn-spm-mts-002c1.ocn.ad.jp with ESMTP id rUXDlkUdbYsSKrUXDlMjIP; Fri, 11 Jun 2021 08:56:27 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw110.ocn.ad.jp ([153.149.236.73]) by mgw-vc-mts-006c1.ocn.ad.jp with ESMTP id rUXDlGhfXrsqurUXDlXIwb; Fri, 11 Jun 2021 08:56:27 +0900 Received: from c15rfvxv.mwprem.net (c15rfvxv.mwprem.net [125.206.171.71]) by sgs-vcgw110.ocn.ad.jp (Postfix) with SMTP id 7408982027B; Fri, 11 Jun 2021 08:56:26 +0900 (JST) Reply-To: From: "Clern Claes" Subject: [SPAM] Good Day Date: Thu, 10 Jun 2021 23:56:26 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210610235613.4BA50E0E0E@c15rfvxv.mwprem.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 10 Jun 2021 18:21:42 -0600 (CST) for IP:'153.128.48.78' DOMAIN:'oogw0308.ocn.ad.jp' HELO:'oogw0308.ocn.ad.jp' FROM:'support@taisei82.co.jp' RCPT:'' X-Greylist: Delayed for 00:25:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 10 Jun 2021 18:21:42 -0600 (CST) X-Spam-Prev-Subject: Good Day Status: R X-Status: X-Keywords: X-UID: 219 Good Day, ABC International Bank Plc-London Branch has been delegated by International Monetary Fund in conjunction with United Nation Foreign Affairs to remit your Award/Palliative payment. However it has been tagged overdue, it was during our end of the year auditing process that your email address was discovered, for this reason you are contacted for payment if you are still alive. Kindly re-forward your Name/Country/Age/ Gender /Telephone, for our immediate remittance procedure. Sincerely, Christie John ABC International Bank Plc, Arab Banking Corp House, 1-5 Moorgate London EC2R 6AB From apmail-jhardin-owner@apache.org Sat Jun 12 05:57:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 15CCv21H026312 for ; Sat, 12 Jun 2021 05:57:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-11.3 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: FI US FI ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 12 Jun 2021 05:57:02 -0700 (PDT) Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15CCtPOs007794 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 12 Jun 2021 06:55:29 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id E64805FDA6 for ; Sat, 12 Jun 2021 12:55:21 +0000 (UTC) Received: (qmail 37386 invoked by uid 500); 12 Jun 2021 12:55:21 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 37380 invoked by uid 99); 12 Jun 2021 12:55:21 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Jun 2021 12:55:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id B62C4C0484 for ; Sat, 12 Jun 2021 12:55:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id p_4NHREVk4AH for ; Sat, 12 Jun 2021 12:55:19 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::d33; helo=mail-io1-xd33.google.com; envelope-from=drjordkees@gmail.com; receiver= Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 1A9EE7FFBD for ; Sat, 12 Jun 2021 12:55:19 +0000 (UTC) Received: by mail-io1-xd33.google.com with SMTP id q3so11198044iop.11 for ; Sat, 12 Jun 2021 05:55:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=+WxSYqmIZaO8yYluxxYO4KH64huT7lbsel+baMiOFUg=; b=jcYoUBXkI7VYRS6fqS/ERB6NuiPTAqtIIOA7DkNWervHSjhu2z04/znz8g1cLIv3sv Kj76Ak/hxKGUBwlPmA2qVEtyhMqkjPEgW6jxV8dSuDSjpoCJRZfhHinVd3rybOeItXME pW7ldh1swYSGup/TlhXxN+Yxli2fAN0/9RH9kViS1oqaDbbgWRewM2FhkhQ3EU31p0TN M2Z6VNEHTI9VgDLGPW5b4c1JwbOO+4hLAl51pZ9m/UlVouM3ctuW4iR63uzJZw1+tZMy p3z97G3aZfIL/8GiliamDP/hAWsSA0Jxb34T4cuyiDz3ckWc5ilDnihW4kXBCQyDQ930 oK/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=+WxSYqmIZaO8yYluxxYO4KH64huT7lbsel+baMiOFUg=; b=Hvr5v4kVR3DdHq9rbMmq5oJqTyc+Odi0PzrmA2ntEFv4tp+P6y4NXgQByP7fnkd9xN TdtsI/pGMrWaBBDSY0P9Zsh9fietiFTtYq4r0P6xZ2KycVJgBE6ZmUvYCE3E8Y2qHuSx Db0FVkUcGuzolp4dnzllgaeWMlpwwDrOHwOzTddnNiG812vc8N+Nl8kyHeNtYeDY23qP 1VZgTsnT2bDfbkRROk4T18AIXhlC5kPB0eEixH9MLmZvBpLKCFpcm1LpGkZ5+zaZfUox u4o5lUEqa9dIZVC5hjEiJjijkWSfQYcHk8BFjWxWsNKRLPQLKEzuzjeGjJnR2GI5BS+J syGA== X-Gm-Message-State: AOAM531Wl+IduOXt/i77vFrfUsx5xZRSeePY2jcpkqKlSTMvZQa573o8 sFqL8CLzZ7Sldp0YimzRaXzX0onRtVxiJpCuupc2HhVjHJd5ag== X-Google-Smtp-Source: ABdhPJxy0+OM6ik6T+B9qV//dzFzXUY9xDxSK17lqq0VshY3U5609swU/n7bvNPuwGQwIG888ZCqWJIbRvqWO1KQmlw= X-Received: by 2002:a02:8816:: with SMTP id r22mr8351974jai.135.1623502517748; Sat, 12 Jun 2021 05:55:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:6fc9:0:0:0:0:0 with HTTP; Sat, 12 Jun 2021 05:55:17 -0700 (PDT) From: Dr Jordan Kees Date: Sat, 12 Jun 2021 07:55:17 -0500 Message-ID: Subject: May we discuss this business? To: jhardin@apache.org Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 12 Jun 2021 06:55:29 -0600 (CST) for IP:'95.216.194.37' DOMAIN:'mxout1-he-de.apache.org' HELO:'mxout1-he-de.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 12 Jun 2021 06:55:29 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 220 Dear John Hardin, I want to invest in metal business and I want you to be my investment manager in a joint venture arrangement. I will provide investment budget for you (the Manager) to invest in any sector. You will manage the investment and pay me returns on investment (ROI) as we shall agree. Any concern regarding this investment will be cleared to put your mind at peace. A meeting with you as soon as possible will help clear any concerns. Do give room for this to progress so you can make better decision. I guaranty that the investment sum and processing to you shall be according to all laws. At your request, I will avail you more information. Please let me know if you are interested. Regards, Kees Jordan, Ph.D. From support@taisei82.co.jp Mon Jun 14 13:20:42 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************** X-Spam-Status: Yes, score=20.5 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251,MISSING_HEADERS, MSOE_MID_WRONG_CASE,RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 FROM_MISSPACED From: missing whitespace * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: JP JP JP JP JP Received: from oogw0301.ocn.ad.jp (oogw0301.ocn.ad.jp [153.128.48.67]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15EJKdSm035595 for ; Mon, 14 Jun 2021 13:20:42 -0600 Received: from cmn-spm-mts-023c1.ocn.ad.jp (cmn-spm-mts-023c1.ocn.ad.jp [153.138.238.162]) by oogw0301.ocn.ad.jp (Postfix) with ESMTP id 0F87EB00421; Tue, 15 Jun 2021 04:03:33 +0900 (JST) Received: from mgw-vc-mts-007c1.ocn.ad.jp ([153.138.238.83]) by cmn-spm-mts-023c1.ocn.ad.jp with ESMTP id srrxlx9OTklGusrrxlt6yq; Tue, 15 Jun 2021 04:03:33 +0900 X-BIZ-RELAY: yes Received: from sgs-vcgw109.ocn.ad.jp ([153.149.236.70]) by mgw-vc-mts-007c1.ocn.ad.jp with ESMTP id srrwluy6FKzpUsrrwlyXdR; Tue, 15 Jun 2021 04:03:32 +0900 Received: from c15rfvxv.mwprem.net (c15rfvxv.mwprem.net [125.206.171.71]) by sgs-vcgw109.ocn.ad.jp (Postfix) with SMTP id 02744420282; Tue, 15 Jun 2021 04:03:31 +0900 (JST) Reply-To: From: "Clern Claes" Subject: [SPAM] Good Day Date: Mon, 14 Jun 2021 19:03:31 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210614190318.5C393E1954@c15rfvxv.mwprem.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 14 Jun 2021 13:20:42 -0600 (CST) for IP:'153.128.48.67' DOMAIN:'oogw0301.ocn.ad.jp' HELO:'oogw0301.ocn.ad.jp' FROM:'support@taisei82.co.jp' RCPT:'' X-Greylist: Delayed for 00:17:00 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 14 Jun 2021 13:20:42 -0600 (CST) X-Spam-Prev-Subject: Good Day Status: R X-Status: X-Keywords: X-UID: 221 Good Day, ABC International Bank Plc-London Branch has been delegated by International Monetary Fund in conjunction with United Nation Foreign Affairs to remit your Award/Palliative payment. However it has been tagged overdue, it was during our end of the year auditing process that your email address was discovered, for this reason you are contacted for payment if you are still alive. Kindly re-forward your Name/Country/Age/ Gender /Telephone, for our immediate remittance procedure. Sincerely, Christie John ABC International Bank Plc, Arab Banking Corp House, 1-5 Moorgate London EC2R 6AB From info@bank.com Tue Jun 15 07:38:14 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************************** X-Spam-Status: Yes, score=41.3 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LOAN, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,LOTTO_DEPT,MILLION_HUNDRED, MONEY_FORM,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL, RELAY_COUNTRY_IT,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL,TVD_PH_BODY_META, T_FILL_THIS_FORM_FRAUD_PHISH,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [188.15.139.245 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [202.129.207.195 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [firstbank49966[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40bank.com;ip=202.129.207.195;r=ga.impsec.org] * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.5 MONEY_NOHTML Lots of money in plain text * 2.7 TVD_PH_BODY_META No description available. * 1.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.0 LOTTO_DEPT Claims Department * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.9 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: TH IT Received: from sv195.thaidns.co.th (sv195.thaidns.co.th [202.129.207.195]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15FDc8fA005948 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 15 Jun 2021 07:38:13 -0600 Received: from host-188-15-139-245.business.telecomitalia.it ([188.15.139.245] helo=[192.168.1.6]) by sv195.thaidns.co.th with esmtp (Exim 4.94.2) (envelope-from ) id 1lt9Ic-0001rj-U9; Tue, 15 Jun 2021 20:40:15 +0700 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] united nation scam victim delay payment notification from bank To: Recipients From: "Reverend.Micheal Godwin" Date: Tue, 15 Jun 2021 15:37:17 +0200 Reply-To: firstbank49966@gmail.com Message-ID: X-ACL-Warn: Adding Message-ID header because it is missing! X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 15 Jun 2021 07:38:14 -0600 (CST) for IP:'202.129.207.195' DOMAIN:'sv195.thaidns.co.th' HELO:'sv195.thaidns.co.th' FROM:'info@bank.com' RCPT:'' X-Greylist: Delayed for 04:58:35 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 15 Jun 2021 07:38:14 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 15FDc8fA005948 X-Spam-Prev-Subject: united nation scam victim delay payment notification from bank Status: R X-Status: X-Keywords: X-UID: 222 Content-Length: 3544 REVEREND . MICHEAL GODWIN OF FIRST BANK OF NIGERIA PLC INTERNATIONAL REMITTANCE DEPARTMENT 35 Marina P. O. Box 5216, LAGOS- NIGERIA CONTACT EMAIL:CONTACT EMAIL: firstbank6669@gmail.com Dear Beloved Beneficiary This letter is written to inform you the reason behind your delay payment.I am Reverend.Micheal Godwin the Director,International Remittance Department of this Bank,my Formal Boss,Mr.Jacobs M.Ajekigbe,the Managing Director/CEO of this bank is now on compulsory leave and all power have been vested on me to make all international payments.Also,due to reported cases of corrupt practices in other Nigeria Banks including the Central Bank of Nigeria,the Federal Government has revoked/canceled all power vested on those banks and has appointed our bank (First Bank of Nigeria) to make all foreign payments.Be informed that the Federal Government have approved the release of part-payment of$7.5M(Seven Million Five Hundred Thousand Dollars) out of your total funds,which has been in this bank for many years unclaimed because Mr.Jacobs Ajekigbe,Collaborated with the Governor of Central Bank of Nigeria (CBN)and have refused to tell you the truth on how to claim your fund this is because he has been using the interest accumulated from your fund every year to enrich himself without your knowledge,I want to help you pull out this fund to your bank account using the easiest and the quickest method,which have not been made known to you before.By this method,you will open a domiciliary account with this bank (First Bank of Nigeria),Where the fund would be 1st lodged into,before it can directly credit to any bank of your choice. After the transfer,you will confirm the fund in your bank account within 5hours the same day.No Cost of Transfer (COT) and no stoppage from any Government departments as the transfer will be done within the bank alone and it is very safe.The method which was introduced to you before is the Telegraphic Transfer (TT) for which confirmation was 48hrs,because of the time factor,petitions could come from various organizations stopping your payment and asking you to pay huge fee which would be difficult for you to pay so that they can benefit from the huge interest your fund generates while still in the Bank. This method is not safe for you because it is not done within the bank alone as information of the payment would be sent to the Central Control Unit (CCU) of the Federal Ministry of Finance and office of the Accountant General of the Federation.As a good Christian, I have nothing to gain by keeping your fund,I want to assist you receive your fund Before it accumulate Dumurrage.You have to follow up and work with me now. Ensure that you keep this very confidential because of fraudsters and impostors who go about presenting various bank accounts in order to divert another beneficiary's fund. your advise to reconfirm the following details below to us with valid account co-ordinates and amount to be claimed. Note your transfer code is FBXNZ7XX5M you must keep it confidential to avoid intruder or claim by anyone so that I do not transfer your fund to the wrong Bank Account. 1,Account numbers---------- 2.Account Holders Name.......... 3.Bank Name............. 4.Bank Address......... 5.Home Address......... 6.Swift Code.......... 7.Your Contact Cell Phone...... 8.Occupation.......... 9.Age................. 10.A Copy of your id Finally i ask for your mutual understanding and cooperation to serve you better. Yours truly, Reverend.Micheal Godwin First Bank Nigeria Plc. From info@bank.com Tue Jun 15 12:09:39 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************* X-Spam-Status: Yes, score=37.4 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LOAN, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,LOTTO_DEPT,MILLION_HUNDRED, MONEY_FORM,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_IT, REPTO_419_FRAUD_GM,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL,TVD_PH_BODY_META,T_FILL_THIS_FORM_FRAUD_PHISH, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [188.15.139.245 listed in zen.spamhaus.org] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [202.129.207.195 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [firstbank49966[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40bank.com;ip=202.129.207.195;r=ga.impsec.org] * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 MONEY_NOHTML Lots of money in plain text * 2.7 TVD_PH_BODY_META No description available. * 1.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.0 LOTTO_DEPT Claims Department * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.9 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: TH IT Received: from sv195.thaidns.co.th (sv195.thaidns.co.th [202.129.207.195]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15FI9XMd028461 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 15 Jun 2021 12:09:39 -0600 Received: from host-188-15-139-245.business.telecomitalia.it ([188.15.139.245] helo=[192.168.1.6]) by sv195.thaidns.co.th with esmtp (Exim 4.94.2) (envelope-from ) id 1lt4dX-0005Qn-4G; Tue, 15 Jun 2021 15:41:31 +0700 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] united nation scam victim delay payment notification from bank To: Recipients From: "Reverend.Micheal Godwin" Date: Tue, 15 Jun 2021 10:38:33 +0200 Reply-To: firstbank49966@gmail.com Message-ID: X-ACL-Warn: Adding Message-ID header because it is missing! X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 15 Jun 2021 12:09:39 -0600 (CST) for IP:'202.129.207.195' DOMAIN:'sv195.thaidns.co.th' HELO:'sv195.thaidns.co.th' FROM:'info@bank.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 15 Jun 2021 12:09:39 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 15FI9XMd028461 X-Spam-Prev-Subject: united nation scam victim delay payment notification from bank Status: R X-Status: X-Keywords: X-UID: 223 Content-Length: 3544 REVEREND . MICHEAL GODWIN OF FIRST BANK OF NIGERIA PLC INTERNATIONAL REMITTANCE DEPARTMENT 35 Marina P. O. Box 5216, LAGOS- NIGERIA CONTACT EMAIL:CONTACT EMAIL: firstbank6669@gmail.com Dear Beloved Beneficiary This letter is written to inform you the reason behind your delay payment.I am Reverend.Micheal Godwin the Director,International Remittance Department of this Bank,my Formal Boss,Mr.Jacobs M.Ajekigbe,the Managing Director/CEO of this bank is now on compulsory leave and all power have been vested on me to make all international payments.Also,due to reported cases of corrupt practices in other Nigeria Banks including the Central Bank of Nigeria,the Federal Government has revoked/canceled all power vested on those banks and has appointed our bank (First Bank of Nigeria) to make all foreign payments.Be informed that the Federal Government have approved the release of part-payment of$7.5M(Seven Million Five Hundred Thousand Dollars) out of your total funds,which has been in this bank for many years unclaimed because Mr.Jacobs Ajekigbe,Collaborated with the Governor of Central Bank of Nigeria (CBN)and have refused to tell you the truth on how to claim your fund this is because he has been using the interest accumulated from your fund every year to enrich himself without your knowledge,I want to help you pull out this fund to your bank account using the easiest and the quickest method,which have not been made known to you before.By this method,you will open a domiciliary account with this bank (First Bank of Nigeria),Where the fund would be 1st lodged into,before it can directly credit to any bank of your choice. After the transfer,you will confirm the fund in your bank account within 5hours the same day.No Cost of Transfer (COT) and no stoppage from any Government departments as the transfer will be done within the bank alone and it is very safe.The method which was introduced to you before is the Telegraphic Transfer (TT) for which confirmation was 48hrs,because of the time factor,petitions could come from various organizations stopping your payment and asking you to pay huge fee which would be difficult for you to pay so that they can benefit from the huge interest your fund generates while still in the Bank. This method is not safe for you because it is not done within the bank alone as information of the payment would be sent to the Central Control Unit (CCU) of the Federal Ministry of Finance and office of the Accountant General of the Federation.As a good Christian, I have nothing to gain by keeping your fund,I want to assist you receive your fund Before it accumulate Dumurrage.You have to follow up and work with me now. Ensure that you keep this very confidential because of fraudsters and impostors who go about presenting various bank accounts in order to divert another beneficiary's fund. your advise to reconfirm the following details below to us with valid account co-ordinates and amount to be claimed. Note your transfer code is FBXNZ7XX5M you must keep it confidential to avoid intruder or claim by anyone so that I do not transfer your fund to the wrong Bank Account. 1,Account numbers---------- 2.Account Holders Name.......... 3.Bank Name............. 4.Bank Address......... 5.Home Address......... 6.Swift Code.......... 7.Your Contact Cell Phone...... 8.Occupation.......... 9.Age................. 10.A Copy of your id Finally i ask for your mutual understanding and cooperation to serve you better. Yours truly, Reverend.Micheal Godwin First Bank Nigeria Plc. From lorraine@romania.org Sun Jun 20 18:33:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.3 required=5.0 tests=ADVANCE_FEE_5_NEW,BAYES_99, BAYES_999,FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, SPF_HELO_NONE,SPF_NONE,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [114.5.199.201 listed in psbl.surriel.com] * 2.5 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [114.5.199.201 listed in bl.mailspike.net] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [114.5.199.201 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.6 URG_BIZ Contains urgent matter * 0.6 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.6 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: ID ** ** ** Received: from webmail.bukittinggikota.go.id (mail.bukittinggikota.go.id [114.5.199.201]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15L0XiiJ026605 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 20 Jun 2021 18:33:53 -0600 Received: from localhost (localhost [127.0.0.1]) by webmail.bukittinggikota.go.id (Postfix) with ESMTP id 2589C99BA98; Sat, 19 Jun 2021 21:05:11 +0700 (WIB) X-Virus-Scanned: amavisd-new at webmail.bukittinggikota.go.id Received: from webmail.bukittinggikota.go.id ([127.0.0.1]) by localhost (webmail.bukittinggikota.go.id [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xyTp87nv8Fgk; Sat, 19 Jun 2021 21:05:10 +0700 (WIB) Received: from [193.142.59.132] (gateway [192.168.0.1]) by webmail.bukittinggikota.go.id (Postfix) with ESMTP id B7F2085F923; Sat, 19 Jun 2021 17:36:48 +0700 (WIB) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Greetings from Lorraine, To: Recipients From: "Miss. Lorraine" Date: Sat, 19 Jun 2021 03:36:43 -0700 Reply-To: lorrainewirengee@gmail.com Message-Id: <20210619140511.2589C99BA98@webmail.bukittinggikota.go.id> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 20 Jun 2021 18:33:53 -0600 (CST) for IP:'114.5.199.201' DOMAIN:'mail.bukittinggikota.go.id' HELO:'webmail.bukittinggikota.go.id' FROM:'lorraine@romania.org' RCPT:'' X-Greylist: Delayed for 26:19:45 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 20 Jun 2021 18:33:53 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 15L0XiiJ026605 X-Spam-Prev-Subject: Greetings from Lorraine, Status: R X-Status: X-Keywords: X-UID: 224 My name is Lorraine Wirangee; I am a 24 years old female from Romania. I seek for your assistance to be my partner and adviser for an investment in your country, money that I inherited from my late mother I wish to relocate to your country and I will give you more details after I hear from you. I await your urgent reply and May God bless you. Lorraine Wirangee From bsparks@unimax.com Thu Jun 24 15:35:30 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.8 required=5.0 tests=ADVANCE_FEE_3_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_80,DOS_OE_TO_MX,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251,HTML_MESSAGE, MIMEOLE_DIRECT_TO_MX,MIME_HTML_ONLY,REPTO_419_FRAUD_GM,SPF_HELO_NONE, SPF_PASS,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9110] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reemhashimy1978[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 1.7 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.9 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from remote.unimax.com (mail.unimax.com [50.220.81.168]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15OLZRhs004212 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL) for ; Thu, 24 Jun 2021 15:35:30 -0600 Reply-To: From: Hello Subject: [SPAM] Hello Friend 24/06/2021 Date: Thu, 24 Jun 2021 14:20:18 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <91437aac-dc13-47a1-95a9-b473758e82bd@EXCHANGE1.unimax.local> To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 24 Jun 2021 15:35:30 -0600 (CST) for IP:'50.220.81.168' DOMAIN:'mail.unimax.com' HELO:'remote.unimax.com' FROM:'bsparks@unimax.com' RCPT:'' X-Greylist: Delayed for 00:15:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 24 Jun 2021 15:35:30 -0600 (CST) X-Spam-Prev-Subject: Hello Friend 24/06/2021 Status: R X-Status: X-Keywords: X-UID: 225 Content-Length: 1270
My name is Reem Hashimy, the Emirates Minister of State and the Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee which has been postponed to start from October 2021 to March 2022 because of the Covid-19 pandemic.
I am writing to you to manage the funds I received as financial gratification from various foreign companies I assisted to participate in the coming event. This is because I can not personally manage the fund in my country because of the sensitive nature of my office and other restrictions around me.
For this reason, I have an agreement with a consultant to keep the funds in an  account with a foreign bank where it will be possible to instruct the transfer of ownership right  to a third party for investment purpose; which is the reason I am contacting you to receive and manage the funds as my investment partner.
On your indication of interest; I will instruct the consultant to process the fund to your country for investment purposes.
Regards.
Reem Hashimy.
 From info@goodrice.net Sat Jun 26 04:20:21 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.5 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_99, BAYES_999,FORM_FRAUD_3,HK_NAME_MR_MRS,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_JP,REPTO_419_FRAUD,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_NONE,T_FILL_THIS_FORM_FRAUD_PHISH, T_FILL_THIS_FORM_SHORT,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [210.248.135.120 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.1 HK_NAME_MR_MRS No description available. * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 1.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: JP ** ** ** ** US Received: from s2mx01.siteserve.jp (s2mx01.siteserve.jp [210.248.135.120]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15QAKHZT036209 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 26 Jun 2021 04:20:21 -0600 Received: from s2mx02.siteserve.jp (gateway [10.60.0.1]) by s2mrelay01.siteserve.jp (Postfix) with ESMTP id 436A51814E52; Sat, 26 Jun 2021 19:08:51 +0900 (JST) Received: from localhost (localhost.localdomain [127.0.0.1]) by s2mx02.siteserve.jp (Postfix) with ESMTP id 0B15F11B9C2; Sat, 26 Jun 2021 19:08:50 +0900 (JST) X-Virus-Scanned: amavisd-new at s2mx02.siteserve.jp Received: from s2mx02.siteserve.jp ([127.0.0.1]) by localhost (mail.siteserve.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBVsawjYsK-u; Sat, 26 Jun 2021 19:08:50 +0900 (JST) Received: from webmail.goodrice.net (localhost.localdomain [127.0.0.1]) by s2mx02.siteserve.jp (Postfix) with ESMTP id 9C4CA11B730; Sat, 26 Jun 2021 19:08:49 +0900 (JST) Received: from 174.138.42.223 (RisuMail authenticated user info@goodrice.net) by webmail.goodrice.net with HTTP; Sat, 26 Jun 2021 19:08:49 +0900 (JST) Message-ID: <26696.174.138.42.223.1624702129.risu@webmail.goodrice.net> Date: Sat, 26 Jun 2021 19:08:49 +0900 (JST) Subject: [SPAM] Your fund release From: "Mr Femi Brown" Reply-To: fatih@leventsimsek.com.tr User-Agent: RisuMail 3.1 X-Mailer: RisuMail 3.1 MIME-Version: 1.0 Content-Type: text/plain;charset=us-ascii Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 26 Jun 2021 04:20:21 -0600 (CST) for IP:'210.248.135.120' DOMAIN:'s2mx01.siteserve.jp' HELO:'s2mx01.siteserve.jp' FROM:'info@goodrice.net' RCPT:'' X-Greylist: Delayed for 00:09:41 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 26 Jun 2021 04:20:21 -0600 (CST) X-Spam-Prev-Subject: Your fund release Status: R X-Status: X-Keywords: X-UID: 226 This mail is been writing to you because we have come to understand that you have lost a lot of money all because you want to receive your fund well note that all that have been put to a stop as the federal government of Nigeria has promised to assist you with the sum of Five million USA funds in other to compensate you and all you have to do is fill the below information s. 1 full name 2 home phone and cell phone number 3 occupation 4 amount that was lost by you Send this and get back at once. Warm regards Femi From jhardin@impsec.org Mon Jun 28 21:41:38 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 42576 invoked by uid 99); 28 Jun 2021 20:02:31 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jun 2021 20:02:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id ADB821FF48C for ; Mon, 28 Jun 2021 20:02:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 1.649 X-Spam-Level: * X-Spam-Status: No, score=1.649 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, HK_NAME_MR_MRS=0.999, KHOP_HELO_FCRDNS=0.399, SPF_NONE=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id sOyoU4GV1eme for ; Mon, 28 Jun 2021 20:02:29 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=129.69.97.3; helo=mccoy.igm.uni-stuttgart.de; envelope-from=admin@seoulgo.net; receiver= Received: from mccoy.igm.uni-stuttgart.de (morpheus.igm.uni-stuttgart.de [129.69.97.3]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 6CB947FE7E for ; Mon, 28 Jun 2021 20:02:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mccoy.igm.uni-stuttgart.de (Postfix) with ESMTP id E3A753A5FC2; Mon, 28 Jun 2021 21:41:39 +0200 (CEST) Received: from mccoy.igm.uni-stuttgart.de ([127.0.0.1]) by localhost (mail.igm.uni-stuttgart.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HJeaauNAHd6K; Mon, 28 Jun 2021 21:41:39 +0200 (CEST) Received: from [141.98.10.252] (unknown [141.98.10.252]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mccoy.igm.uni-stuttgart.de (Postfix) with ESMTPSA id 0E20E3A5FC1; Mon, 28 Jun 2021 21:41:39 +0200 (CEST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: < From: "Mr. Owen Peter" Date: Mon, 28 Jun 2021 21:41:38 +0200 Reply-To: powen10001@hotmail.com Message-Id: <20210628194139.E3A753A5FC2@mccoy.igm.uni-stuttgart.de> Status: X-Status: X-Keywords: X-UID: 227 Hello, I consider you worthy for a business partnership that will benefit all part= ies.This is legitimate as well as legal.Upon your positive response i will = furnish you with details. Your Truly, Peter Owen From stefpess@info.info Tue Jun 29 17:52:12 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.0 required=5.0 tests=BAYES_95, FREEMAIL_FORGED_REPLYTO,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_AR, SPF_HELO_NONE,T_SPF_PERMERROR,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9734] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [181.16.224.11 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [181.16.224.11 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [181.16.224.11 listed in bl.mailspike.net] * 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: AR XX Received: from mail.coopmolle.com.ar (mail.coopmolle.com.ar [181.16.224.11]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 15TNq4U1045850 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 29 Jun 2021 17:52:12 -0600 Received: by mail.coopmolle.com.ar (Postfix, from userid 0) id DEB121ADEE0C; Tue, 29 Jun 2021 15:04:37 +0000 (UTC) Received: from 193.176.86.53 ([193.176.86.53]) by webmail.coopmolle.com.ar (Horde MIME library) with HTTP; Tue, 29 Jun 2021 12:03:23 -0300 Message-ID: <20210629120323.i5bwmjieq04k400w@webmail.coopmolle.com.ar> Date: Tue, 29 Jun 2021 12:03:23 -0300 From: Stefano Pessina Reply-to: stefano_pessina@aol.com To: undisclosed-recipients:; Subject: [SPAM] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.1.1) X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 29 Jun 2021 17:52:12 -0600 (CST) for IP:'181.16.224.11' DOMAIN:'mail.coopmolle.com.ar' HELO:'mail.coopmolle.com.ar' FROM:'stefpess@info.info' RCPT:'' X-Greylist: Delayed for 07:23:40 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 29 Jun 2021 17:52:12 -0600 (CST) X-Spam-Prev-Subject: Status: R X-Status: X-Keywords: X-UID: 228 Dear Email Owner, I'm Stefano Pessina, an Italian business tycoon, investor, and philanthropist. the vice chairman, chief executive officer (CEO), and the single largest shareholder of Walgreens Boots Alliance. I gave away 25 percent of my personal wealth to charity. And I also pledged to give away the rest of 25% this year 2021 to Individuals.. I have decided to donate $2,200,000.00USD (Two million two hundred thousand dollars)to you. If you are interested in my donation, do contact me for more info stefano_pessina@aol.com You can also read more about me via the link below https://en.wikipedia.org/wiki/Stefano_Pessina Warm Regard Stefano Pessina CEO Walgreens Boots Alliance From info@usa.net Mon Jul 5 08:28:20 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.9 required=5.0 tests=ADVANCE_FEE_4_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL,RDNS_NONE, RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_NEUTRAL, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9817] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [150.138.92.74 listed in psbl.surriel.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.155.81.211 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [150.138.92.74 listed in bl.score.senderscore.com] * 2.9 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: CN XX Received: from mail.mail1666.com ([150.138.92.74]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 165ESG34045766 for ; Mon, 5 Jul 2021 08:28:19 -0600 Message-Id: <202107051428.165ESG34045766@ga.impsec.org> Received: from User (unknown [103.155.81.211]) by mail.mail1666.com (Postfix) with SMTP id 9DD6F1BC51F; Sat, 3 Jul 2021 20:41:46 +0800 (CST) Reply-To: From: "Jim Carlos" Subject: [SPAM] Your Abandoned Package For Delivery!!! Date: Sat, 3 Jul 2021 05:38:51 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 05 Jul 2021 08:28:20 -0600 (CST) for IP:'150.138.92.74' DOMAIN:'[150.138.92.74]' HELO:'mail.mail1666.com' FROM:'info@usa.net' RCPT:'' X-Greylist: Delayed for 34:43:33 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 05 Jul 2021 08:28:20 -0600 (CST) X-Spam-Prev-Subject: Your Abandoned Package For Delivery!!! Status: R X-Status: X-Keywords: X-UID: 229 Content-Length: 3158 Interim Assistant General Manager, (Operations, Maintenance, Transportation) Dallas/Fort Worth International Airport Address: 2400 Aviation Dr N, DFW Airport, TX 75261, USA Email: infodessk.dfwairportonline@gmail.com Hello , Your Abandoned Package For Delivery I am Mr. Jim Carlos, head of luggage/baggage storage facilities (Operations, Maintenance, Transportation) here at Dallas/Fort Worth International Airport. During my recent WITHHELD PACKAGE routine check at the Airport Storage Vault, I discovered an abandoned shipment from a Diplomat from Africa and when i scanned it, it revealed an undisclosed sum of money in a Metal Trunk Box weighing approximately 110kg. The consignment was abandoned because the Contents of the consignment was not properly declared by the consignee as "MONEY" rather it was declared as personal effect to avoid interrogation as well as, the inability of the diplomat to pay for the United States Non Inspection Charges which is $3,700USD. The details of the consignment including your name, your email address and the official documents from the United Nations office in Geneva are tagged on the Trunk box. However, to enable me confirm if you are the actual recipient of this consignment, I will advise you to provide your current Phone Number and Full Home Address, to enable me cross check if it corresponds with the address on the official documents including the name of the nearest Airport around your city. Please note that this consignment is supposed to have been returned to the United States Treasury Department as an unclaimed delivery due to the delay in concluding the clearance processes, so as a result of this, I will not be able to receive your details on my official email account. So in order words to enable me cross check your details, I will advise you to send the required details to my private email address for quick processing and response. Once I confirm you as the actual recipient of the trunk box, I can get everything concluded within 48 hours upon your acceptance. Lastly, be informed that the reason I have taken it upon myself to contact you personally about this abandoned consignment is because I want us to transact this business and share the money 70% for you and 30% for me since the consignment has not yet been returned to the United States Treasury Department after being abandoned by the diplomat. So immediately the confirmation is made, I will go ahead and pay for the United States Non Inspection Fee of $3,700USD and arrange for the box to be delivered to your doorstep Or I can bring it to you myself, to avoid any more trouble but you have to assure me of my 30% share. I wait to hear from you urgently if you are still alive and I will appreciate if we can keep this deal confidential. Please get back to me via my private Email:(infodessk.dfwairportonline@gmail.com) for further directives. Thanks, Mr. Jim Carlos Interim Assistant General Manager, (Operations, Maintenance, Transportation) Dallas/Fort Worth International Airport Address: 2400 Aviation Dr N, DFW Airport, TX 75261, USA Email: infodessk.dfwairportonline@gmail.com From raquel.moura@netfacil.net.br Tue Jul 6 14:15:03 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_SCAM,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,PDS_RDNS_DYNAMIC_FP, RCVD_IN_VALIDITY_RPBL,RDNS_DYNAMIC,RELAY_COUNTRY_BR,SPAM_BOOSTER_08, SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9996] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9996] * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [177.131.1.103 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [wielandherzog.sw.herad16[at]gmail.com] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.3 HK_SCAM No description available. * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 1.8 MONEY_NOHTML Lots of money in plain text * 0.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.1 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: BR ** ** ** ** GH Received: from mail.netfacil.net.br (177-131-1-103.netfacil.center [177.131.1.103] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 166KEwd8013184 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 6 Jul 2021 14:15:03 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.netfacil.net.br (Postfix) with ESMTP id 5BDA965F8F; Mon, 5 Jul 2021 06:48:40 -0300 (-03) Received: from mail.netfacil.net.br ([127.0.0.1]) by localhost (mail.netfacil.net.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id wW4w_W9mF2D0; Mon, 5 Jul 2021 06:48:40 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mail.netfacil.net.br (Postfix) with ESMTP id A246C65F8B; Mon, 5 Jul 2021 06:48:39 -0300 (-03) X-Virus-Scanned: amavisd-new at mail.netfacil.net.br Received: from mail.netfacil.net.br ([127.0.0.1]) by localhost (mail.netfacil.net.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id w3kEVVk9zwaH; Mon, 5 Jul 2021 06:48:39 -0300 (-03) Received: from [192.168.8.100] (unknown [102.176.94.243]) by mail.netfacil.net.br (Postfix) with ESMTPSA id DC8E7A1C784; Mon, 5 Jul 2021 06:48:31 -0300 (-03) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re: Partnership proposal To: Recipients From: "Partnership proposal" Date: Mon, 05 Jul 2021 11:48:25 +0200 Reply-To: wielandherzog.sw.herad16@gmail.com Message-Id: <20210705094831.DC8E7A1C784@mail.netfacil.net.br> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 06 Jul 2021 14:15:03 -0600 (CST) for IP:'177.131.1.103' DOMAIN:'[177.131.1.103]' HELO:'mail.netfacil.net.br' FROM:'raquel.moura@netfacil.net.br' RCPT:'' X-Greylist: Delayed for 33:00:53 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 06 Jul 2021 14:15:03 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 166KEwd8013184 X-Spam-Prev-Subject: Re: Partnership proposal Status: R X-Status: X-Keywords: X-UID: 230 Content-Length: 1375 Partnership proposal, My name is Wieland Herzog (Dr), a staff in the Private Clients Section of a well-known security and shipping company, here in London, England. One of our storage deposits, with a holding balance of 15,000,000 (Fifteen Million Pounds Sterling) in a consignment of treasure trunk boxes has been last operated three years ago. >From my investigations and confirmation, the owner of the said deposit, a foreigner by name John Shumejda died on the 4th of January 2017 in a plane crash in Birmingham. Since then, nobody has done anything as regards the claiming of this money, as he has no family member that has any knowledge as to the existence of either the funds; and also information from the National Immigration also states that he was single on entry into the UK. I have decided to find a reliable foreign partner to deal with. I therefore propose to do business with you, standing in as the next of kin of these funds from the deceased and funds released to you after necessary processes have been followed. This transaction is totally free of risk and troubles as the fund is legitimate and does not originate from drug, money laundry, terrorism or any other illegal act. On your interest, let me hear from you URGENTLY. Best Regards, Mr. Wieland Herzog (Dr) Director & supervising officer Global Logistics Cargo & Security Company London. From mysql@fakezap.com Fri Jul 9 14:26:25 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.2 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_80,FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_ATM_CARD,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L4,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_FR,SPF_HELO_NONE, SPF_NONE,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9195] * 0.5 RELAY_COUNTRY_FR Relayed via France * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [107.180.239.158 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [107.180.239.158 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ericalbert24[at]yahoo.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 1.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 1.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: US FR Received: from fakezap.com (fakezap.com [107.180.239.158]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 169KQGZn041756 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 9 Jul 2021 14:26:25 -0600 Message-Id: <202107092026.169KQGZn041756@ga.impsec.org> Received: from SERV-ACAPULCO.ACAPULCO.local (unknown [90.115.52.170]) by fakezap.com (Postfix) with ESMTPA id D909D345C99; Fri, 9 Jul 2021 11:07:38 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============0463434188==" MIME-Version: 1.0 Subject: [SPAM] Treat As Urgent.. To: Recipients From: "Mr. Dave West" Date: Fri, 09 Jul 2021 12:56:35 +0200 Reply-To: ericalbert24@yahoo.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 09 Jul 2021 14:26:25 -0600 (CST) for IP:'107.180.239.158' DOMAIN:'fakezap.com' HELO:'fakezap.com' FROM:'mysql@fakezap.com' RCPT:'' X-Greylist: Delayed for 08:52:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 09 Jul 2021 14:26:25 -0600 (CST) X-Spam-Prev-Subject: Treat As Urgent.. Status: R X-Status: X-Keywords: X-UID: 231 Content-Length: 3429 You will not see this in a MIME-aware mail reader. --===============0463434188== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Attn: = The sum of $4.5 million. out of your over due total sum has been approved = for payment through ATM cash card system after all attempts to pay you thro= ugh the bank, and diplomatic courier failed. The approved sum has been prog= rammed into the ATM cash card which will be dispatched to you through your = address upon reconfirmation. I have made several attempts to contact you an= d this is the 3rd and perhaps the last email to you with respect to this ma= tter. Meanwhile, I received a power of attorney from one SUSAN GERRAD from = the USA purportedly issued by you asking us to change the fund beneficiary = to his name hence we are seeking your confirmation as soon as possible. to = this end, you should Kindly Re-confirm this information to me. = (1) Your Full Names:- (2) Address:- (3) Your Phone Numbers:- = NOTE: The actual fees for shipping your ATM card is just $375 nothing more= and no hidden fees of any sort! Upon receipt of payment, the delivery offi= cer will ensure that your package is sent within 24 working hours. Because = I am very sure of everything I am giving you a 100% money-back guarantee if= you do not receive payment/package within the next 24hrs after you have ma= de the payment for shipping. = Regards Mr. Eric Albert --===============0463434188== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body
Attn:

The sum of $4.5 million. out of your over due total sum has = been approved for payment through ATM cash card system after all attempts t= o pay you through the bank, and diplomatic courier failed. The approved sum= has been programmed into the ATM cash card which will be dispatched to you= through your address upon reconfirmation. I have made several attempts to = contact you and this is the 3rd and perhaps the last email to you with resp= ect to this matter. Meanwhile, I received a power of attorney from one SUSA= N GERRAD from the USA purportedly issued by you asking us to change the fun= d beneficiary to his name hence we are seeking your confirmation as soon as= possible. to this end, you should Kindly Re-confirm this information to me= .

(1) Your Full Names:-
(2) Address:-
(3) Your Phone Numbers:-

NOTE: The actual fees for shipping your ATM card is just $37= 5 nothing more and no hidden fees of any sort! Upon receipt of payment, the= delivery officer will ensure that your package is sent within 24 working h= ours. Because I am very sure of everything I am giving you a 100% money-bac= k guarantee if you do not receive payment/package within the next 24hrs aft= er you have made the payment for shipping.

Regards
 
Mr. Eric Albert
--===============0463434188==-- From raquel.moura@netfacil.net.br Sat Jul 10 04:14:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.7 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DATE_IN_PAST_12_24,DEAR_FRIEND, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MILLION_USD,MONEY_FREEMAIL_REPTO, MONEY_NOHTML,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_WEB,RCVD_IN_VALIDITY_RPBL, RDNS_DYNAMIC,RELAY_COUNTRY_BR,SPAM_BOOSTER_08,SPAM_BOOSTER_13, SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server * [197.220.169.148 listed in dnsbl.sorbs.net] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [197.220.169.148 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [177.131.1.103 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [frankjane984[at]gmail.com] * 0.0 MILLION_USD BODY: Talks about millions of dollars * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 1.2 MONEY_NOHTML Lots of money in plain text * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: BR ** ** ** ** GH Received: from mail.netfacil.net.br (177-131-1-103.netfacil.center [177.131.1.103] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16AAE2eI035723 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 10 Jul 2021 04:14:07 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.netfacil.net.br (Postfix) with ESMTP id D6732C20205 for ; Sat, 10 Jul 2021 06:54:45 -0300 (-03) Received: from mail.netfacil.net.br ([127.0.0.1]) by localhost (mail.netfacil.net.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id RG1qqR8GDaTk for ; Sat, 10 Jul 2021 06:54:45 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mail.netfacil.net.br (Postfix) with ESMTP id 43699C20203 for ; Sat, 10 Jul 2021 06:54:45 -0300 (-03) X-Virus-Scanned: amavisd-new at mail.netfacil.net.br Received: from mail.netfacil.net.br ([127.0.0.1]) by localhost (mail.netfacil.net.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Ck5X3RRO5Y1I for ; Sat, 10 Jul 2021 06:54:45 -0300 (-03) Received: from [172.20.10.2] (unknown [197.220.169.148]) by mail.netfacil.net.br (Postfix) with ESMTPSA id ABE78C201FE for ; Sat, 10 Jul 2021 06:54:43 -0300 (-03) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Frank & Jane Kibaki To: jhardin@impsec.org From: "Frank & Jane Kibaki" Date: Fri, 09 Jul 2021 21:54:36 +0800 Reply-To: frankjane984@gmail.com Message-Id: <20210710095443.ABE78C201FE@mail.netfacil.net.br> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 10 Jul 2021 04:14:07 -0600 (CST) for IP:'177.131.1.103' DOMAIN:'[177.131.1.103]' HELO:'mail.netfacil.net.br' FROM:'raquel.moura@netfacil.net.br' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 10 Jul 2021 04:14:07 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 16AAE2eI035723 X-Spam-Prev-Subject: Frank & Jane Kibaki Status: R X-Status: X-Keywords: X-UID: 232 Content-Length: 1628 Dear Friend My name is Frank Kibaki and my sister Jane Kibaki,we are Kenyan National,who is currently at the refugee camp here in Accra-Ghana.Please i will like you to assist me and my sister to retrieve and receive our consignment over there in American that contains $8 million United States dollars and some quantity of gold and Diamond.The consignment is presently in American. The consignments get to the state through the help of a diplomatic courier agent,The fact is that the diplomat is suppose to have delivered the consignment to a man called MR.WAYNE RICHARDSON in American.The week the diplomat is supposed to deliver the consignment to him, when he got to American after clearing the consignment from the Airport,he call MR.WAYNE RICHARDSON to tell him the description to his house for the delivery,but his wife answered the call and told the diplomat that her husband MR.WAYNE RICHARDSON hard a surgery which lead to his death later. That was why the diplomat has to deposit the consignment with a warehouse over there in American and called us to informed us about what is happening,and told us to look for a new beneficiary to received the consignment.So please i will like you to assist me and my Sister to received the consignment from the diplomat in the UNITED STATE OF AMERICA NOW PLEASE.If you accept to assist us in being our new beneficiary please kindly get back to us with your delivery address and phone number so we can forward to the courier agent in UNITED STATE OF AMERICA,for him to contact you for immediate delivery of our consignment to you. Thanks and God bless you, Frank & Jane Kibaki From centcargo@gmail.com Tue Jul 13 14:24:15 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.1 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,DEAR_FRIEND,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_FM_MR_MRS,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,T_MONEY_PERCENT,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6945] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [centcargo[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.208.177 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.177 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mrsfatimaamiraqureshi1983[at]gmail.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 1.5 HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.2 MONEY_NOHTML Lots of money in plain text * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16DKOAeG037446 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 13 Jul 2021 14:24:14 -0600 Received: by mail-lj1-f177.google.com with SMTP id h19so21003838ljl.4 for ; Tue, 13 Jul 2021 13:24:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=DskgiTm4RXOPHBmiT/hz6WYWiLBaVumd57QoJY0R/OA=; b=WQPlDFISoqJ7WCRkh4596TGuzHHlJZomX76OucwISpj/F5hCbjVxJWX9tu9/E4v7N+ YOuZE1x6u+MgD68lUytPi1JiHVlwb4zdazf3de4r6zK16hvfLf7fhJ6NIpLwiFtGJsUo HpJsY4Vios8sGbXIGZA1eioAzGShlwid+dojXS402QKT+ixzAfziVDNIsrzxIfMa9OZM Ko+i/eV2ttZj3fcO35bmPPTt280nWdaDS32E+aN6Mh+NGhv329GUx2qOapgRxIVHmFdv BpMc5nzMn848I+3jFXd2xil3+4zCzdJrVk+VBux4rmzkyyY+x8mu81L5x8JeLZDTjv1m 0Ztw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=DskgiTm4RXOPHBmiT/hz6WYWiLBaVumd57QoJY0R/OA=; b=nCz9v1Z1vej7MIPzx6CVL2/wGArCt4DJGvRnJRwLBzCVcpmnEHiear/mkZTHattgtY N0xnIm3BKf/GvSOSuNiwqzIlqgHgWtRcGdZW8LpXktwtpFcj+kf0fbk/wejaBpkfjWMP OwfnEUQcbpvphWmxm8VBw/F/JNPqMt3b4ZmRcgieaej0zx9k3GTCfdrVElxeWVycqgjv GNEVzICkpWYgb6Ztoa3dpueH7aGwA6U/h4L4Vz+f/BjgAVO28m9TB1eEDwT0zkd0r9Tl 7RCxCxhZlB0BLtdLAXOg9TGVLtSx5Soip0EHmPYN6yO/fN2muk2C9Y7faacNQEmNAmgW LLgg== X-Gm-Message-State: AOAM533YCRcFImr9Tm+3j8kgWn441hDRpWjoygPQhkeiTRisciUBCz0s CMvJtjMtg9z5ukCmG3Gt3XV2WRH+UmQboM97S9s= X-Google-Smtp-Source: ABdhPJzF1eXJxp5UtC85FDg861ZhaIvNPgVSX0b5kRR1ZRMsmTp4NJCcgRY+G+0o5f9MhnQIa+KArvlK/jjkspCTvLA= X-Received: by 2002:a2e:2f1b:: with SMTP id v27mr5887319ljv.325.1626207846935; Tue, 13 Jul 2021 13:24:06 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6520:3350:b029:116:938:cef9 with HTTP; Tue, 13 Jul 2021 13:24:06 -0700 (PDT) Reply-To: mrsfatimaamiraqureshi1983@gmail.com From: "Mrs. Fatima Amira Qureshi" Date: Tue, 13 Jul 2021 21:24:06 +0100 Message-ID: Subject: [SPAM] I am a widow,i need you as partner to assist me. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 13 Jul 2021 14:24:15 -0600 (CST) for IP:'209.85.208.177' DOMAIN:'mail-lj1-f177.google.com' HELO:'mail-lj1-f177.google.com' FROM:'centcargo@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 13 Jul 2021 14:24:15 -0600 (CST) X-Spam-Prev-Subject: I am a widow,i need you as partner to assist me. Status: R X-Status: X-Keywords: X-UID: 233 Content-Length: 2348 Dear Friend I am a widow. My late husband was a top politician and a successful businessman who was into Oil and Gas business before he was ambushed and killed during the ongoing war in my country. I contacted you because I want to relocate my family and my Late husband's business to your good country and start investing with my capital investment fund with your help. If you are watching international news in your country you know that our country is under war and properties have been destroyed because of the war. That is why I want to relocate my family with my capital and start up a business in your country. I got your information from a web directory when I was looking for an honest and capable person who will partner with me. I hope you have vast experience in the field of business as that will help us to have the said fund invested wisely in your country. Please advise me of possible businesses where the said fund can be invested in your country when the fund transfer is completed. Sir, you should know that I am not asking you for financial help but for you to partner with me and help me to relocate my family and invest wisely in your country. Before the demise of my husband, We deposited the total sum of $15,500,000 Million capital investment fund in my name, which I want to invest in your country and start a new life with my family. If you are willing to partner with me to invest the said fund in your country that means, we are going to have partnership investment business together and share the net profit. I will appreciate if you give me assurance of your honest and sincerity in your next mail so that I can trust you to partner with me. Finally, You will be compensated for your assistance which we are going to open partnership investment in your country with the investment fund which both of us will manage and share the net profit after the expenses. You shall be entitled with 30% of the total fund invested and while 70% will be for my humble self. Then before the investment will commence, I will like us to have a written partnership agreement which both parties involved will sign for proper future documentation when I move to your country with my family before the investment will commence in good faith. Thank you and will be waiting to hear from you. Sincerely, Mrs. Fatima Amira Qureshi From info@usa.net Tue Jul 13 20:45:43 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************* X-Spam-Status: Yes, score=49.5 required=5.0 tests=ADVANCE_FEE_4_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RDNS_NONE, RELAY_COUNTRY_CN,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NEUTRAL, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [121.4.107.234 listed in psbl.surriel.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.155.81.211 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 2.8 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: CN XX Received: from fdssd.club ([121.4.107.234]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 16E2jXOR018167 for ; Tue, 13 Jul 2021 20:45:43 -0600 Message-Id: <202107140245.16E2jXOR018167@ga.impsec.org> Received: from User ([103.155.81.211]) (envelope-sender ) by 172.17.0.4 with ESMTP for ; Wed, 14 Jul 2021 08:43:46 +0800 Reply-To: From: "Jim Carlos" Subject: [SPAM] Your Abandoned Package For Delivery!!! Date: Tue, 13 Jul 2021 17:43:57 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 13 Jul 2021 20:45:43 -0600 (CST) for IP:'121.4.107.234' DOMAIN:'[121.4.107.234]' HELO:'fdssd.club' FROM:'info@usa.net' RCPT:'' X-Greylist: Delayed for 02:00:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 13 Jul 2021 20:45:43 -0600 (CST) X-Spam-Prev-Subject: Your Abandoned Package For Delivery!!! Status: R X-Status: X-Keywords: X-UID: 234 Content-Length: 3229 Interim Assistant General Manager, (Operations, Maintenance, Transportation) Dallas/Fort Worth International Airport Address: 2400 Aviation Dr N, DFW Airport, TX 75261, USA Email: infodessk.dfwairportonline@gmail.com Hello , Your Abandoned Package For Delivery I am Mr. Jim Carlos, head of luggage/baggage storage facilities (Operations, Maintenance, Transportation) here at Dallas/Fort Worth International Airport. During my recent WITHHELD PACKAGE routine check at the Airport Storage Vault, I discovered an abandoned shipment from a Diplomat from Africa and when i scanned it, it revealed an undisclosed sum of money in a Metal Trunk Box weighing approximately 110kg. The consignment was abandoned because the Contents of the consignment was not properly declared by the consignee as "MONEY" rather it was declared as personal effect to avoid interrogation as well as, the inability of the diplomat to pay for the United States Non Inspection Charges which is $3,700USD. The details of the consignment including your name, your email address and the official documents from the United Nations office in Geneva are tagged on the Trunk box. However, to enable me confirm if you are the actual recipient of this consignment, I will advise you to provide your current Phone Number and Full Home Address, to enable me cross check if it corresponds with the address on the official documents including the name of the nearest Airport around your city. Please note that this consignment is supposed to have been returned to the United States Treasury Department as an unclaimed delivery due to the delay in concluding the clearance processes, so as a result of this, I will not be able to receive your details on my official email account. So in order words to enable me cross check your details, I will advise you to send the required details to my private email address for quick processing and response. Once I confirm you as the actual recipient of the trunk box, I can get everything concluded within 48 hours upon your acceptance. Lastly, be informed that the reason I have taken it upon myself to contact you personally about this abandoned consignment is because I want us to transact this business and share the money 70% for you and 30% for me since the consignment has not yet been returned to the United States Treasury Department after being abandoned by the diplomat. So immediately the confirmation is made, I will go ahead and pay for the United States Non Inspection Fee of $3,700USD and arrange for the box to be delivered to your doorstep Or I can bring it to you myself, to avoid any more trouble but you have to assure me of my 30% share. I wait to hear from you urgently if you are still alive and I will appreciate if we can keep this deal confidential. Please get back to me via my private Email:( infodessk.dfwairportonline@gmail.com) for further directives. Thanks, Mr. Jim Carlos Interim Assistant General Manager, (Operations, Maintenance, Transportation) Dallas/Fort Worth International Airport Address: 2400 Aviation Dr N, DFW Airport, TX 75261, USA Email: infodessk.dfwairportonline@gmail.com From noreply@ecd-co.ir Wed Jul 14 12:39:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.2 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_95,DEAR_BENEFICIARY,LOTS_OF_MONEY,MONEY_ATM_CARD,MONEY_FRAUD_5, MONEY_NOHTML,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L3,RCVD_IN_PSBL,RCVD_IN_SBL,RCVD_IN_VALIDITY_RPBL, RDNS_NONE,RELAY_COUNTRY_NG,SPF_HELO_SOFTFAIL,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9538] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [197.210.64.247 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.235.139.183 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [185.235.139.183 listed in bl.mailspike.net] * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.235.139.183 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 MONEY_NOHTML Lots of money in plain text * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 1.1 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: IR ** ** NG Received: from mail.ecd-co.ir ([185.235.139.183]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 16EIdgkY016555 for ; Wed, 14 Jul 2021 12:39:46 -0600 Received: from Exchange-01.ecd-co.ir (172.16.125.12) by Exchange-Edge.ecd-co.ir (172.16.126.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.221.12; Wed, 14 Jul 2021 01:13:58 +0430 Received: from Exchange-01.ecd-co.ir (172.16.125.12) by Exchange-01.ecd-co.ir (172.16.125.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.858.5; Wed, 14 Jul 2021 01:13:58 +0430 Received: from [192.168.43.3] (197.210.64.247) by Exchange-01.ecd-co.ir (172.16.125.12) with Microsoft SMTP Server id 15.2.858.5 via Frontend Transport; Wed, 14 Jul 2021 01:13:52 +0430 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Please Read Carefully. To: Recipients From: "U.S. AMBASSADOR" Date: Tue, 13 Jul 2021 21:43:46 +0100 Reply-To: Message-ID: <021df7ff-bc22-498b-8ce2-2942fa11b581@Exchange-01.ecd-co.ir> X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1626209038;VERSION=7896;MC=3465831468;TRN=0;CRV=-3;IPC=197.210.64.247;SP=0;SIPS=3;PI=3;F=0 X-ESET-Antispam: OK X-EsetResult: clean, is OK X-EsetId: 37303A29D6C3D750647767 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 14 Jul 2021 12:39:47 -0600 (CST) for IP:'185.235.139.183' DOMAIN:'[185.235.139.183]' HELO:'mail.ecd-co.ir' FROM:'noreply@ecd-co.ir' RCPT:'' X-Greylist: Delayed for 00:15:22 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 14 Jul 2021 12:39:47 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 16EIdgkY016555 X-Spam-Prev-Subject: Please Read Carefully. Status: R X-Status: X-Keywords: X-UID: 235 Content-Length: 2851 U.S. AMBASSADOR TO SOUTH AFRICA OFFICE OF THE U.S AMBASSADOR TO SOUTH AFRICA JOHANNESBURG SOUTH AFRICA Attention: Beneficiary, I wish to inform you that I shall be coming to your country for an official meeting on Thursday 15th July 2021 and I will be bringing your Atm Master Card along with me which contains US$850,000.00. As an Ambassador to SOUTH AFRICA, I have been mandated by my Government to ensure that your Atm Card gets to you without any more delay as our new Government promised to help the world during this difficult time of Covid 19. I am convinced 100% that you have had bitter experiences with various scam officials claiming to be high government workers and thereby defrauding you of your 'hard-earned money'. The activities of these scam has changed your perspective about conducting business on the internet, and you now believed there is no genuine business that can be conducted on the internet. The internet was created by Americans for the purpose of creating awareness for products/services and conducting genuine business with ease. I am fully committed to deliver the "Atm Master Card" to you at your door step within 72hours in order to prove to you that the Government of USA cares about the well being of the world at large. As a US Ambassador, I am making every effort to ensure that no citizen of the United States and other part of the world is cheated by anyone. Therefore I need your utmost co-operation and understanding to actualize this dream. Frankly speaking, I understand that anyone in your shoes will feel betrayed because of what you have gone through and the delays you had experienced in receiving your Atm card, but I still want you to show me your trust by giving me the benefit of doubt on this delivery arrangement. My identity and personality is verifiable, and I promise to deliver the parcel to you safely without any hitch. Your Atm Master Card worth US$850,000.00 MUST BE REGISTERED AS AN AMBASSADORIAL PACKAGE as planned. Do not allow this arrangement to die off because of US$300 for the registration fee of your Atm Master Card. I mean well for you and I believe you will appreciate me more when you finally receive your Atm Card upon my arrival with the package in your country. I expect to hear from you immediately as to enable me advise you on how to send the US$300 for the registration of your package. It is also important that you kindly furnish me with the followings: 1. A copy of your either Passport or ID 2. Your address 3. Your telephone number Bear in mind that once you pay the registration fee of your package, I will then update you on my arrival plans in your country. I hope you will understand and follow my instructions to enable me serve you better. Regards Ambassador JOHN GROARKE US AMBASSADOR TO THE REPUBLIC OF SOUTH AFRICA Email: stan@soborka.net From jhardin@impsec.org Fri Jul 16 09:46:53 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 3861 invoked by uid 99); 16 Jul 2021 09:47:01 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Jul 2021 09:47:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 2404A1FF489 for ; Fri, 16 Jul 2021 09:47:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 1.455 X-Spam-Level: * X-Spam-Status: No, score=1.455 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 8TUAPdcN1nth for ; Fri, 16 Jul 2021 09:47:00 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.92.16.46; helo=eur06-am7-obe.outbound.protection.outlook.com; envelope-from=vlokprop37@outlook.com; receiver= Received: from EUR06-AM7-obe.outbound.protection.outlook.com (mail-am7eur06olkn2046.outbound.protection.outlook.com [40.92.16.46]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 3A0FCBC490 for ; Fri, 16 Jul 2021 09:47:00 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mypVvcCXrjZ1zIXMZZtC+23Ic71EBUgN3WSk2wtbe1Jb7Mlw2IX11Fh+akrsKQ4+PpD97VxI3OkZsCIM4T1+OfLLDdgKWcclX092URRtUZqa9icVxvWhOIOjiCjavreRE4QtEAfL7tp9pFWQppMJMyVL8NWy7Lv9pPJMWLqJS5gix3nyjAVNAw6RmHK5RVBOEWLMxYixG0wwL05J2cJBAkVwUUNvHaMjhRSUsF850j6NaA/DsTD1La1hKyTR6TAibtzMBrAMguffk88eUrVLv+hs/JkD2sr94XXN/x2HWxydEq7jTuWBUT7uXDBcDrNKHfGp4awTc4RzM42VjSwoOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XNOL3UTFrhw/ILqzpNqIcZ4Q9lUSPgCMoE51A/Bovqs=; b=gSRJgnHHm70FtYSnt2vSCLkVKKrJhbxueUBuyuorAdOju0J1h5IymwdW32Sf5kcVTg3ox4V+/xMIcI3dChuFaifeIV/arX+4uiSvB7JQQwezu6LcW3kb7JQVk81fj3uPr9fmb8hfUFDN6fqE+RPqd3D8oN1esbn6p1mw4NzFm3Kl4Nkl4b/h+yS0oSXKZtyU/4PY1EB41bpHN94uRCaQUmgRwrO0vPmEPoATb6wF1JT7cHkBLw0Cqh50zSxSrZn064bgdRNZk1LW469fIkgF1fIZUeMco/1YJIqA1NKPoS78tv5AdrO5C0R7+RrgJ4GX7fuGDLoEuVkWWT/2GrQWmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XNOL3UTFrhw/ILqzpNqIcZ4Q9lUSPgCMoE51A/Bovqs=; b=t/tB+cSpT+q8MfL7pHRVjXh7iOpSTQKmXZRZyQGN2Vi1apgxxwSaNfYFhZlNPmUgBUwyRZr9u5filfgLwtgkItwU3A/+laiwQDS/AkFWR8jQIlxEFhStO9PxybCdRLVKNi79UitFOXRuRgEpo39j2GGY2kFCtd10WZYj1ujKH9iLjp5su2J6dZjWDa9Op7lY35VXFF6kbbM9RWzpBJRBH0YWsLXLOku94iJmGXHez1ss6RsDLJH3gazrwlOlxIavfRZpZc/Dm4xmoeJnHynifez5wog+ZWpgpLTUiLx3glQFfPE3D74QzSdrUtNGoiMnICusOOFfpCxVxUnRXMuwlw== Received: from AM7EUR06FT060.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc36::4b) by AM7EUR06HT045.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc36::258) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Fri, 16 Jul 2021 09:46:53 +0000 Received: from AS8P194MB1640.EURP194.PROD.OUTLOOK.COM (2a01:111:e400:fc36::41) by AM7EUR06FT060.mail.protection.outlook.com (2a01:111:e400:fc36::446) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21 via Frontend Transport; Fri, 16 Jul 2021 09:46:53 +0000 Received: from AS8P194MB1640.EURP194.PROD.OUTLOOK.COM ([fe80::a9c1:8c9b:3873:d438]) by AS8P194MB1640.EURP194.PROD.OUTLOOK.COM ([fe80::a9c1:8c9b:3873:d438%5]) with mapi id 15.20.4331.026; Fri, 16 Jul 2021 09:46:53 +0000 From: Evert Vlok Subject: FYI Thread-Topic: FYI Thread-Index: AQHXeieB2IH0QGqLOk2SQiO3OYmjvg== Date: Fri, 16 Jul 2021 09:46:53 +0000 Message-ID: Accept-Language: en-ZA, en-US Content-Language: en-ZA X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:AB72E69908D254BDDB302D5E82A5F55423673CBFB83967893B68465B9F8E2CBB;UpperCasedChecksum:248E5A7DA65F48DF3CEC8D7BF553904175CCFEDFE25F3965A6276B069FC6B6FD;SizeAsReceived:8722;Count:40 x-tmn: [1q7s7R8HSds+s9BkaP/Mydl4ots9Vuws] x-ms-publictraffictype: Email x-incomingheadercount: 40 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 390c79a5-2c64-43c2-cde4-08d9483ea44d x-ms-traffictypediagnostic: AM7EUR06HT045: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +QEO+EidVtPnVW1bJyVqpIUXBZ3jg2dxHHxJCVNL8PvVLYG6hNh4zBiX9BV+5u9Qe2E2PL153Y/wgKmZ8QaxTEnkiRM+A9QC26as2ifIUSzVZy4Ti3tm7lTfql/FHBFRKThAAbcOxJgNcNppTPKG7zgOuwpnkw4RiXcjCM8I74bvZcuK2DN2PBIAa0Sh7W1MrQBDJTnL/K/9x/231CwUrK9/EkwbtDRy+72s3k42Y6j5G2OkN8d7P0/hCFb0X63d9tXjAFZI3GOkvKUgnSEZOySOgRvL35avRX/kq99WE14j0qjs5BvYAyvebsp/KUay6d27aruFQ6A5j7KbmQgkUkWRwKF6B11WYv54keNKcmzFBXZdmC1UMyw8iZBzfLTinXD9PVPhak3Wr7J6ZwP3Qob5jj2ZQe6oUcA8If8lKIBN0NBO4mRw4Cy95L1S4iPQ x-ms-exchange-antispam-messagedata: Nkq5j06eXx7np3oWpkJ+hfJ/i5W6PeUbjpCmPEB62py4Tk4O5ZBm7RkCJm/M9F1C2cZsg1GUVJVnnVxFy8vc64XZMUq0VloaqUNWfORZs7Re/F3FPSotI/l+acgYRSXQkM/yq09rauqIQJPIFZoD2Q== x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_AS8P194MB164080E732EE267BC8914837DB119AS8P194MB1640EURP_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-AuthSource: AM7EUR06FT060.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 390c79a5-2c64-43c2-cde4-08d9483ea44d X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2021 09:46:53.0534 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7EUR06HT045 Status: X-Status: X-Keywords: X-UID: 236 Content-Length: 1522 --_000_AS8P194MB164080E732EE267BC8914837DB119AS8P194MB1640EURP_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 R29vZCBEYXksDQoNClRoZXJlIGlzIGFuIHVuY2xhaW1lZCBpbmhlcml0YW5jZSBmdW5kcyBkZXRl Y3RlZCBvbiB5b3VyIGxhc3QgbmFtZSB5ZXN0ZXJkYXkgYW5kIHlvdSBhcmUgYWR2aXNlZCB0byBj b250YWN0IE1yLiBMaSBGZW5nIG9uIEUtbWFpbDogIHsgIHplbmxpX2ZlbmdAZW1haWwuY2ggICB9 ICAgZm9yIG1vcmUgZGV0YWlscy4NCg0KVGhhbmsgeW91LA0KDQpMaSBGZW5nLuKAiw0K --_000_AS8P194MB164080E732EE267BC8914837DB119AS8P194MB1640EURP_ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyIgc3R5bGU9 ImRpc3BsYXk6bm9uZTsiPiBQIHttYXJnaW4tdG9wOjA7bWFyZ2luLWJvdHRvbTowO30gPC9zdHls ZT4NCjwvaGVhZD4NCjxib2R5IGRpcj0ibHRyIj4NCjxkaXYgc3R5bGU9ImZvbnQtZmFtaWx5OiBD YWxpYnJpLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZTogMTJwdDsgY29sb3I6IHJn YigwLCAwLCAwKTsiPg0KR29vZCBEYXksDQo8ZGl2PiZuYnNwOzwvZGl2Pg0KPGRpdj5UaGVyZSBp cyBhbiB1bmNsYWltZWQgaW5oZXJpdGFuY2UgZnVuZHMgZGV0ZWN0ZWQgb24geW91ciBsYXN0IG5h bWUgeWVzdGVyZGF5IGFuZCB5b3UgYXJlIGFkdmlzZWQgdG8gY29udGFjdCBNci4gTGkgRmVuZyBv biBFLW1haWw6ICZuYnNwO3sgJm5ic3A7emVubGlfZmVuZ0BlbWFpbC5jaCAmbmJzcDsgfSAmbmJz cDsgZm9yIG1vcmUgZGV0YWlscy48L2Rpdj4NCjxkaXY+Jm5ic3A7PC9kaXY+DQo8ZGl2PlRoYW5r IHlvdSw8L2Rpdj4NCjxkaXY+Jm5ic3A7PC9kaXY+DQpMaSBGZW5nLuKAizxicj4NCjwvZGl2Pg0K PC9ib2R5Pg0KPC9odG1sPg0K --_000_AS8P194MB164080E732EE267BC8914837DB119AS8P194MB1640EURP_-- From jhardin@impsec.org Sat Jul 17 13:52:34 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 96838 invoked by uid 99); 17 Jul 2021 13:52:43 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jul 2021 13:52:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id BC74BC04AB for ; Sat, 17 Jul 2021 13:52:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 0.199 X-Spam-Level: X-Spam-Status: No, score=0.199 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=0.2, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id OD-Ah8s35L9s for ; Sat, 17 Jul 2021 13:52:42 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=185.215.65.147; helo=smtp1.pole-emploi.fr; envelope-from=sandrine.kancel@pole-emploi.fr; receiver= Received: from smtp1.pole-emploi.fr (smtp1n.pole-emploi.fr [185.215.65.147]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTP id 99596BC48D for ; Sat, 17 Jul 2021 13:52:41 +0000 (UTC) IronPort-SDR: PN+RxiIT0BlipO75LUtdrNRHnEbhC/WtqA5PGrhghgJrEsNINqvRsM4+FRasd0dRCvmcGihV3u rLURLusuUvWw== From: KANCEL Sandrine To: KANCEL Sandrine Subject: RE: Thread-Index: Add7Ev7GFeSuDcUfokGD2YwRiFwnug== Date: Sat, 17 Jul 2021 13:52:34 +0000 Message-ID: <295df8a93ea14b35886310fbc36f83b2@pole-emploi.fr> References: <0822740c494f4ba3a9e79c7841ff7b10@pole-emploi.fr> In-Reply-To: <0822740c494f4ba3a9e79c7841ff7b10@pole-emploi.fr> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.4.7] x-tm-snts-smtp: 65C04EB53068811D27EAA06C9F2C2FFF19A5446089B73A220B81C3FB514207CD2 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_295df8a93ea14b35886310fbc36f83b2poleemploifr_" MIME-Version: 1.0 Status: X-Status: X-Keywords: X-UID: 237 Content-Length: 1502 --_000_295df8a93ea14b35886310fbc36f83b2poleemploifr_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable You have just been assigned as a sole beneficiary please contact {srnpotter@email.ch} for further details. --_000_295df8a93ea14b35886310fbc36f83b2poleemploifr_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable


= You have just been assigned as a sol= e beneficiary
please contact {srnpotter@email.ch} for further details.

--_000_295df8a93ea14b35886310fbc36f83b2poleemploifr_-- From info@bank.com Fri Jul 23 06:37:20 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.2 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,BODY_EMAIL_419_FRAUD_GM_LOOSE,DEAR_BENEFICIARY, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MILLION_HUNDRED,MONEY_FORM, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RCVD_IN_VALIDITY_RPBL, RDNS_NONE,RELAY_COUNTRY_IT,SPF_FAIL,SPF_HELO_NONE,SUBJ_ALL_CAPS, TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL,TVD_PH_BODY_META, T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_LOAN,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [212.29.206.129 listed in bl.score.senderscore.com] * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [firstbank6669[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40bank.com;ip=212.29.206.129;r=ga.impsec.org] * 1.5 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 2.8 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.5 MONEY_NOHTML Lots of money in plain text * 1.0 BODY_EMAIL_419_FRAUD_GM_LOOSE Ends-in-digits email address in * body is likely advance fee fraud collector mailbox * 2.7 TVD_PH_BODY_META No description available. * 0.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: IL IT Received: from fax2mail2016.mngdom.local ([212.29.206.129]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16NCbG85028695 for ; Fri, 23 Jul 2021 06:37:20 -0600 Received: from [192.168.1.6] ([188.15.139.245]) by fax2mail2016.mngdom.local with Microsoft SMTPSVC(10.0.14393.4169); Fri, 23 Jul 2021 15:17:07 +0300 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] THE REASON WHY YOUR FUND TRANSFER WAS DELAYED AT BANK To: Recipients From: "Reverend.Micheal Godwin" Date: Fri, 23 Jul 2021 14:17:07 +0200 Reply-To: firstbank6669@gmail.com Message-ID: X-OriginalArrivalTime: 23 Jul 2021 12:17:07.0450 (UTC) FILETIME=[A7AE0DA0:01D77FBC] X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 23 Jul 2021 06:37:20 -0600 (CST) for IP:'212.29.206.129' DOMAIN:'[212.29.206.129]' HELO:'fax2mail2016.mngdom.local' FROM:'info@bank.com' RCPT:'' X-Greylist: Delayed for 00:19:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 23 Jul 2021 06:37:20 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 16NCbG85028695 X-Spam-Prev-Subject: THE REASON WHY YOUR FUND TRANSFER WAS DELAYED AT BANK Status: R X-Status: X-Keywords: X-UID: 238 Content-Length: 3544 REVEREND . MICHEAL GODWIN OF FIRST BANK OF NIGERIA PLC INTERNATIONAL REMITTANCE DEPARTMENT 35 Marina P. O. Box 5216, LAGOS- NIGERIA CONTACT EMAIL:CONTACT EMAIL: firstbank6669@gmail.com Dear Beloved Beneficiary This letter is written to inform you the reason behind your delay payment.I am Reverend.Micheal Godwin the Director,International Remittance Department of this Bank,my Formal Boss,Mr.Jacobs M.Ajekigbe,the Managing Director/CEO of this bank is now on compulsory leave and all power have been vested on me to make all international payments.Also,due to reported cases of corrupt practices in other Nigeria Banks including the Central Bank of Nigeria,the Federal Government has revoked/canceled all power vested on those banks and has appointed our bank (First Bank of Nigeria) to make all foreign payments.Be informed that the Federal Government have approved the release of part-payment of$7.5M(Seven Million Five Hundred Thousand Dollars) out of your total funds,which has been in this bank for many years unclaimed because Mr.Jacobs Ajekigbe,Collaborated with the Governor of Central Bank of Nigeria (CBN)and have refused to tell you the truth on how to claim your fund this is because he has been using the interest accumulated from your fund every year to enrich himself without your knowledge,I want to help you pull out this fund to your bank account using the easiest and the quickest method,which have not been made known to you before.By this method,you will open a domiciliary account with this bank (First Bank of Nigeria),Where the fund would be 1st lodged into,before it can directly credit to any bank of your choice. After the transfer,you will confirm the fund in your bank account within 5hours the same day.No Cost of Transfer (COT) and no stoppage from any Government departments as the transfer will be done within the bank alone and it is very safe.The method which was introduced to you before is the Telegraphic Transfer (TT) for which confirmation was 48hrs,because of the time factor,petitions could come from various organizations stopping your payment and asking you to pay huge fee which would be difficult for you to pay so that they can benefit from the huge interest your fund generates while still in the Bank. This method is not safe for you because it is not done within the bank alone as information of the payment would be sent to the Central Control Unit (CCU) of the Federal Ministry of Finance and office of the Accountant General of the Federation.As a good Christian, I have nothing to gain by keeping your fund,I want to assist you receive your fund Before it accumulate Dumurrage.You have to follow up and work with me now. Ensure that you keep this very confidential because of fraudsters and impostors who go about presenting various bank accounts in order to divert another beneficiary's fund. your advise to reconfirm the following details below to us with valid account co-ordinates and amount to be claimed. Note your transfer code is FBXNZ7XX5M you must keep it confidential to avoid intruder or claim by anyone so that I do not transfer your fund to the wrong Bank Account. 1,Account numbers---------- 2.Account Holders Name.......... 3.Bank Name............. 4.Bank Address......... 5.Home Address......... 6.Swift Code.......... 7.Your Contact Cell Phone...... 8.Occupation.......... 9.Age................. 10.A Copy of your id Finally i ask for your mutual understanding and cooperation to serve you better. Yours truly, Reverend.Micheal Godwin First Bank Nigeria Plc. From yan@itech-connect.com Mon Jul 26 10:25:05 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.7 required=5.0 tests=ADVANCE_FEE_5_NEW, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,DEAR_FRIEND,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORM_FRAUD_5, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_TW, RELAY_COUNTRY_VN,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_NONE, T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9988] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.5 RELAY_COUNTRY_TW Relayed via Taiwan * 0.0 NSL_RCVD_FROM_USER Received from User * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [180.214.237.23 listed in zen.spamhaus.org] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [61.216.92.187 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [61.216.92.187 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [fspero80[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.5 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: TW VN Received: from mail.itech-connect.com (mail.itech-connect.com [61.216.92.187]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16QGP26q006359 for ; Mon, 26 Jul 2021 10:25:05 -0600 Message-Id: <202107261625.16QGP26q006359@ga.impsec.org> Received: from User (unknown [180.214.237.23]) by mail.itech-connect.com (EMOS V1.6 (Postfix)) with ESMTPA id 5E4452487D3; Sun, 25 Jul 2021 15:25:57 +0800 (CST) Reply-To: From: "INFO" Subject: [SPAM] INFO Date: Sun, 25 Jul 2021 00:26:37 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 26 Jul 2021 10:25:05 -0600 (CST) for IP:'61.216.92.187' DOMAIN:'mail.itech-connect.com' HELO:'mail.itech-connect.com' FROM:'yan@itech-connect.com' RCPT:'' X-Greylist: Delayed for 22:38:42 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 26 Jul 2021 10:25:05 -0600 (CST) X-Spam-Prev-Subject: INFO Status: R X-Status: X-Keywords: X-UID: 239 Content-Length: 1133
Dear friend,
It might be a surprise to you reading from me again as I had written an earlier email to you but without a response. Presently, I'm in the hospital where I am undergoing treatment for Esophageal Cancer. I am Mrs. Felicia spro, widow to late Maurientes spro, former deputy defense attach to Benin consulate in the Czech Republic. My husband was killed by those who were envious of his position in the same office.
But before his death, he vowed to use his wealth for the orphanages and elderly persons who are less privileged. I have decided to donate this money to an individual, who will utilize it to fulfill the last request of my late husband, which is why I contacted you. Reply with your full names, phone number, address, and occupation so that I will give you more details.
Yours Sincerely,
Mrs. Felicia spro
 
 From mariagwen05@gmail.com Wed Jul 28 14:44:39 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_1ECD5,BAYES_95,DATE_IN_PAST_03_06, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_TO_UNDISC,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,LOTS_OF_MONEY,MONEY_FORM_SHORT,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML,MSOE_MID_WRONG_CASE, NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,T_FILL_THIS_FORM_SHORT,UNDISC_FREEM,UNDISC_MONEY, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9718] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [91.188.39.100 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [91.188.39.100 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [91.188.39.100 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariagwen05[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariagwen05[at]gmail.com] * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.7 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.1 MONEY_NOHTML Lots of money in plain text * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 FROM_MISSPACED From: missing whitespace * 1.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.2 SPOOFED_FREEMAIL No description available. * 1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: LV NL Received: from mail.ardi.lv (mail.ardi.lv [91.188.39.100]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16SKiXE0005775 for ; Wed, 28 Jul 2021 14:44:39 -0600 Received: from User (unknown [46.17.101.238]) by mail.ardi.lv (Postfix) with SMTP id D69211CEE09; Wed, 28 Jul 2021 13:25:34 +0300 (EEST) Reply-To: From: "Nuee Thaiwe" Subject: [SPAM] GOOD NEWS FOR SCAMMED VICTIMS old1 Date: Wed, 28 Jul 2021 10:21:16 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20210728102535.D69211CEE09@mail.ardi.lv> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Jul 2021 14:44:39 -0600 (CST) for IP:'91.188.39.100' DOMAIN:'mail.ardi.lv' HELO:'mail.ardi.lv' FROM:'mariagwen05@gmail.com' RCPT:'' X-Greylist: Delayed for 07:44:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Jul 2021 14:44:39 -0600 (CST) X-Spam-Prev-Subject: GOOD NEWS FOR SCAMMED VICTIMS old1 Status: R X-Status: X-Keywords: X-UID: 240 Content-Length: 1652 COMPENSATION FOR SCAMMED VICTIMS Attn: Sir/ Madam It's our pleasure to inform you that United Nations had a meeting with the Authority of International Court of Justice concerning scam activate in all countries. We have decided to compensate you due to meeting held with some countries Government and the world high commissions against fraud activities by the Country above. Your name was among those that scammed as listed by the World Financial Intelligent Unit. Compensation has been issued out in Certified ATM Visa card value of $1,200,000.00 THOUSAND UNITED STATE DOLLARS to each and every one affected victims. Your name was among those that were reported undelivered as of this moment and we wish to advise you to comply with the instructions of the Committee Chamber to make sure you receive your fund without any further delay. We advise you to do the needful thing to make sure we transfer your fund via our reliable Courier Company appointed. You are assured of the safety of this transaction and availability and be advised that you should stop further contacts with any order office contacting you. Therefore you are advice to contact the Scammed Victims Director in-charge immediately with your complete information needed for delivery. REF: SVT2018-19 Email: compasationsettlement@gmail.com Name: MRS. LINDA WECHAI SCAMMED VICTIMS COMMITTEE CHAIRMAN Contact her with your full delivery information regarding the delivery of your fund such as: Your name, Address, Your phone number Amount scammed: Year scammed; Occupations: Age/ Sex We expect your urgent cooperation regards this matter. Yours in Service, Nuee Thaiwe From cleverson.zimermann@fundacaocopel.org.br Wed Jul 28 15:11:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.1 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, MONEY_NOHTML,MSGID_FROM_MTA_HEADER,PDS_RDNS_DYNAMIC_FP, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, RDNS_DYNAMIC,RELAY_COUNTRY_BR,SPAM_BOOSTER_08,SPAM_BOOSTER_13, SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,SUBJ_ALL_CAPS,T_FILL_THIS_FORM_SHORT, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [200.186.58.11 listed in bl.score.senderscore.com] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [200.186.58.11 listed in psbl.surriel.com] * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [200.186.58.11 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [officework172[at]aol.com] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.1 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 1.1 MONEY_NOHTML Lots of money in plain text * 1.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: BR ** Received: from fundacaocopel.org.br (11.58.186.200.sta.impsat.net.br [200.186.58.11] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16SLBJnu009036 for ; Wed, 28 Jul 2021 15:11:23 -0600 Message-Id: <202107282111.16SLBJnu009036@ga.impsec.org> Received: from [77.247.110.46] (unknown [192.168.0.1]) by fundacaocopel.org.br (Postfix) with ESMTP id E302E135BC; Wed, 28 Jul 2021 13:19:55 -0300 (BRT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] COMPENSATION 1 To: Recipients From: "Mr.David Mark" Date: Wed, 28 Jul 2021 18:19:48 +0200 Reply-To: officework172@aol.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Jul 2021 15:11:23 -0600 (CST) for IP:'200.186.58.11' DOMAIN:'[200.186.58.11]' HELO:'fundacaocopel.org.br' FROM:'cleverson.zimermann@fundacaocopel.org.br' RCPT:'' X-Greylist: Delayed for 05:39:52 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 28 Jul 2021 15:11:23 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 16SLBJnu009036 X-Spam-Prev-Subject: COMPENSATION 1 Status: R X-Status: X-Keywords: X-UID: 241 Content-Length: 1404 Dear my Good friend, I am using this opportunity to thank you for your great effort to our unfinished transfer of fund into your account due to one reason or the other best known to you. But I want to inform you that I have successfully transferred the Funds out of the country to someone else who was capable of assisting me in this great venture. Due to your effort, sincerity, courage and trust worthiness you showed at the course of the transaction I want to compensate you and show my gratitude to you with the sum of $800,000.00 (EIGTH HUNDRED THOUSAND UNITED STATES DOLLARS) I have authorized the finance/Security house where I deposited my money to issue you international certified bank draft cashable at your bank. The name and contact address of the Person with it is Dr.Jackson Ryan is as follows: CONTACT AGENT Dr.Jackson Ryan EMAIL: DrJacksonRyan@office-gov.org Phone: +2347011525089 Address: 33 doris ave okoko, Lagos At the moment, I am very busy here because of the investment projects which myself and my new partner are having at hand. Finally, remember that I have forwarded instruction to the finance house on your behalf to send the bank draft to you as soon as you contact them without delay. Please I will like you to accept this token with good faith as this is from the bottom of my heart. Contact Dr.Jackson Ryan now. Best Regards, Sir James Ratcliffe From mariagwen05@gmail.com Thu Jul 29 01:08:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************************** X-Spam-Status: Yes, score=40.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_1ECD5,BAYES_95,DATE_IN_FUTURE_06_12, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,LOTS_OF_MONEY,MONEY_FORM_SHORT, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,REPTO_419_FRAUD_GM,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, T_FILL_THIS_FORM_SHORT,UNDISC_FREEM,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9718] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [91.188.39.100 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [91.188.39.100 listed in psbl.surriel.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [91.188.39.100 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariagwen05[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariagwen05[at]gmail.com] * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.9 MONEY_NOHTML Lots of money in plain text * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.2 SPOOFED_FREEMAIL No description available. * 1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: LV NL Received: from mail.ardi.lv (mail.ardi.lv [91.188.39.100]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16T78lKR010800 for ; Thu, 29 Jul 2021 01:08:53 -0600 Received: from User (unknown [46.17.101.238]) by mail.ardi.lv (Postfix) with SMTP id 552C91D8483; Wed, 28 Jul 2021 16:52:00 +0300 (EEST) Reply-To: From: "Nuee Thaiwe" Subject: [SPAM] GOOD NEWS FOR SCAMMED VICTIMS old1 Date: Wed, 28 Jul 2021 13:47:41 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20210728135200.552C91D8483@mail.ardi.lv> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 29 Jul 2021 01:08:53 -0600 (CST) for IP:'91.188.39.100' DOMAIN:'mail.ardi.lv' HELO:'mail.ardi.lv' FROM:'mariagwen05@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 29 Jul 2021 01:08:53 -0600 (CST) X-Spam-Prev-Subject: GOOD NEWS FOR SCAMMED VICTIMS old1 Status: R X-Status: X-Keywords: X-UID: 242 Content-Length: 1652 COMPENSATION FOR SCAMMED VICTIMS Attn: Sir/ Madam It's our pleasure to inform you that United Nations had a meeting with the Authority of International Court of Justice concerning scam activate in all countries. We have decided to compensate you due to meeting held with some countries Government and the world high commissions against fraud activities by the Country above. Your name was among those that scammed as listed by the World Financial Intelligent Unit. Compensation has been issued out in Certified ATM Visa card value of $1,200,000.00 THOUSAND UNITED STATE DOLLARS to each and every one affected victims. Your name was among those that were reported undelivered as of this moment and we wish to advise you to comply with the instructions of the Committee Chamber to make sure you receive your fund without any further delay. We advise you to do the needful thing to make sure we transfer your fund via our reliable Courier Company appointed. You are assured of the safety of this transaction and availability and be advised that you should stop further contacts with any order office contacting you. Therefore you are advice to contact the Scammed Victims Director in-charge immediately with your complete information needed for delivery. REF: SVT2018-19 Email: compasationsettlement@gmail.com Name: MRS. LINDA WECHAI SCAMMED VICTIMS COMMITTEE CHAIRMAN Contact her with your full delivery information regarding the delivery of your fund such as: Your name, Address, Your phone number Amount scammed: Year scammed; Occupations: Age/ Sex We expect your urgent cooperation regards this matter. Yours in Service, Nuee Thaiwe From cleverson.zimermann@fundacaocopel.org.br Thu Jul 29 01:11:27 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************************* X-Spam-Status: Yes, score=44.0 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,FORM_FRAUD_3,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_MR_MRS,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, MONEY_NOHTML,MSGID_FROM_MTA_HEADER,PDS_RDNS_DYNAMIC_FP, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RDNS_DYNAMIC,RELAY_COUNTRY_BR, REPTO_419_FRAUD_AOL,SPAM_BOOSTER_04,SPAM_BOOSTER_08,SPAM_BOOSTER_13, SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,SUBJ_ALL_CAPS,T_FILL_THIS_FORM_SHORT, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [200.186.58.11 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [200.186.58.11 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [200.186.58.11 listed in bl.mailspike.net] * 6.0 REPTO_419_FRAUD_AOL Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [officework172[at]aol.com] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 0.2 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps * 2.0 SPAM_BOOSTER_08 Boost score for BAYES_999 + dynamic RDNS to MX * 0.9 MONEY_NOHTML Lots of money in plain text * 1.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: BR ** Received: from fundacaocopel.org.br (11.58.186.200.sta.impsat.net.br [200.186.58.11] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16T7BMQf011935 for ; Thu, 29 Jul 2021 01:11:27 -0600 Message-Id: <202107290711.16T7BMQf011935@ga.impsec.org> Received: from [77.247.110.46] (unknown [192.168.0.1]) by fundacaocopel.org.br (Postfix) with ESMTP id C1E9116D62; Wed, 28 Jul 2021 11:25:24 -0300 (BRT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] COMPENSATION 1 To: Recipients From: "Mr.David Mark" Date: Wed, 28 Jul 2021 16:25:21 +0200 Reply-To: officework172@aol.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 29 Jul 2021 01:11:27 -0600 (CST) for IP:'200.186.58.11' DOMAIN:'[200.186.58.11]' HELO:'fundacaocopel.org.br' FROM:'cleverson.zimermann@fundacaocopel.org.br' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 29 Jul 2021 01:11:27 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 16T7BMQf011935 X-Spam-Prev-Subject: COMPENSATION 1 Status: R X-Status: X-Keywords: X-UID: 243 Content-Length: 1404 Dear my Good friend, I am using this opportunity to thank you for your great effort to our unfinished transfer of fund into your account due to one reason or the other best known to you. But I want to inform you that I have successfully transferred the Funds out of the country to someone else who was capable of assisting me in this great venture. Due to your effort, sincerity, courage and trust worthiness you showed at the course of the transaction I want to compensate you and show my gratitude to you with the sum of $800,000.00 (EIGTH HUNDRED THOUSAND UNITED STATES DOLLARS) I have authorized the finance/Security house where I deposited my money to issue you international certified bank draft cashable at your bank. The name and contact address of the Person with it is Dr.Jackson Ryan is as follows: CONTACT AGENT Dr.Jackson Ryan EMAIL: DrJacksonRyan@office-gov.org Phone: +2347011525089 Address: 33 doris ave okoko, Lagos At the moment, I am very busy here because of the investment projects which myself and my new partner are having at hand. Finally, remember that I have forwarded instruction to the finance house on your behalf to send the bank draft to you as soon as you contact them without delay. Please I will like you to accept this token with good faith as this is from the bottom of my heart. Contact Dr.Jackson Ryan now. Best Regards, Sir James Ratcliffe From mariagwen05@gmail.com Fri Jul 30 05:53:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_1ECD5,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,LOTS_OF_MONEY,MONEY_FORM_SHORT, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,T_FILL_THIS_FORM_SHORT, UNDISC_FREEM,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [91.188.39.100 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [91.188.39.100 listed in bl.score.senderscore.com] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [91.188.39.100 listed in bl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariagwen05[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariagwen05[at]gmail.com] * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.9 MONEY_NOHTML Lots of money in plain text * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.2 SPOOFED_FREEMAIL No description available. * 1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: LV NL Received: from mail.ardi.lv (mail.ardi.lv [91.188.39.100]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16UBrehw004310 for ; Fri, 30 Jul 2021 05:53:53 -0600 Received: from User (unknown [46.17.101.238]) by mail.ardi.lv (Postfix) with SMTP id BCAE31A23AE; Wed, 28 Jul 2021 07:48:53 +0300 (EEST) Reply-To: From: "Nuee Thaiwe" Subject: [SPAM] GOOD NEWS FOR SCAMMED VICTIMS old1 Date: Wed, 28 Jul 2021 04:44:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20210728044853.BCAE31A23AE@mail.ardi.lv> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 30 Jul 2021 05:53:53 -0600 (CST) for IP:'91.188.39.100' DOMAIN:'mail.ardi.lv' HELO:'mail.ardi.lv' FROM:'mariagwen05@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 30 Jul 2021 05:53:53 -0600 (CST) X-Spam-Prev-Subject: GOOD NEWS FOR SCAMMED VICTIMS old1 Status: R X-Status: X-Keywords: X-UID: 244 Content-Length: 1652 COMPENSATION FOR SCAMMED VICTIMS Attn: Sir/ Madam It's our pleasure to inform you that United Nations had a meeting with the Authority of International Court of Justice concerning scam activate in all countries. We have decided to compensate you due to meeting held with some countries Government and the world high commissions against fraud activities by the Country above. Your name was among those that scammed as listed by the World Financial Intelligent Unit. Compensation has been issued out in Certified ATM Visa card value of $1,200,000.00 THOUSAND UNITED STATE DOLLARS to each and every one affected victims. Your name was among those that were reported undelivered as of this moment and we wish to advise you to comply with the instructions of the Committee Chamber to make sure you receive your fund without any further delay. We advise you to do the needful thing to make sure we transfer your fund via our reliable Courier Company appointed. You are assured of the safety of this transaction and availability and be advised that you should stop further contacts with any order office contacting you. Therefore you are advice to contact the Scammed Victims Director in-charge immediately with your complete information needed for delivery. REF: SVT2018-19 Email: compasationsettlement@gmail.com Name: MRS. LINDA WECHAI SCAMMED VICTIMS COMMITTEE CHAIRMAN Contact her with your full delivery information regarding the delivery of your fund such as: Your name, Address, Your phone number Amount scammed: Year scammed; Occupations: Age/ Sex We expect your urgent cooperation regards this matter. Yours in Service, Nuee Thaiwe From info@admin.com Fri Jul 30 16:46:05 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************************** X-Spam-Status: Yes, score=47.7 required=5.0 tests=ADVANCE_FEE_3_NEW_FORM, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DEAR_FRIEND, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,FORM_FRAUD, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_SPF_FAIL,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RDNS_NONE,RELAY_COUNTRY_BR, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM,SPAM_BOOSTER_04, SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,T_HK_NAME_FROM,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [189.126.44.147 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [189.126.44.147 listed in bl.score.senderscore.com] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [firstbank49966[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40admin.com;ip=189.126.44.147;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 T_HK_NAME_FROM No description available. * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FROM_MISSP_SPF_FAIL No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 1.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 FORM_FRAUD Fill a form and a fraud phrase * 1.0 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form X-Spam-Relay-Country: BR ** Received: from p03fw.panoramahomecenter.com.br ([189.126.44.147]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 16UMjvEo008934 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 30 Jul 2021 16:46:05 -0600 Message-Id: <202107302246.16UMjvEo008934@ga.impsec.org> Received: from User (gateway [192.168.200.254]) by p03fw.panoramahomecenter.com.br (Postfix) with SMTP id B7E28184DC0F2; Thu, 29 Jul 2021 15:15:43 -0300 (-03) Reply-To: From: "From Rev.Michael Godwin" Subject: [SPAM] based on a pending transaction in your name, which we are about to pay you Date: Thu, 29 Jul 2021 14:15:45 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 30 Jul 2021 16:46:05 -0600 (CST) for IP:'189.126.44.147' DOMAIN:'[189.126.44.147]' HELO:'p03fw.panoramahomecenter.com.br' FROM:'info@admin.com' RCPT:'' X-Greylist: Delayed for 14:10:17 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 30 Jul 2021 16:46:05 -0600 (CST) X-Spam-Prev-Subject: based on a pending transaction in your name, which we are about to pay you Status: R X-Status: X-Keywords: X-UID: 245 Dear Friend, Our institution has been mandated to effect a payment to you; based on a pending transaction in your name, which we are about to pay you, we will like to know, if you are interested in completing this transaction or authorize us to cancel or revert this payment. If you are interested; do not hesitate to contact us. We would be happy to help you. Please reconfirm to us the following; Name, Address, Phone, Profession, Age and Marital status: Thanks for Your Cooperation. Kind regards Rev.Michael Godwin From mariagwen849@gmail.com Sun Aug 1 21:09:09 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=55.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_1ECD5,BAYES_99,BAYES_999,DATE_IN_FUTURE_06_12, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FORGED_MUA_OUTLOOK,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,FROM_MISSP_USER, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HK_LOTTO,LOTS_OF_MONEY,MILLION_USD, MONEY_ATM_CARD,MONEY_FORM_SHORT,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED, NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,REPTO_419_FRAUD_GM,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, T_FILL_THIS_FORM_SHORT,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [91.188.39.100 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [91.188.39.100 listed in bl.score.senderscore.com] * 2.5 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [91.188.39.100 listed in bl.mailspike.net] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariagwen849[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariagwen849[at]gmail.com] * 0.0 MILLION_USD BODY: Talks about millions of dollars * 3.1 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 1.0 HK_LOTTO No description available. * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.3 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.9 MONEY_NOHTML Lots of money in plain text * 2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 FROM_MISSPACED From: missing whitespace * 0.6 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.6 MONEY_ATM_CARD Lots of money on an ATM card * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.3 SPOOFED_FREEMAIL No description available. * 1.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.8 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 0.1 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: LV NL Received: from mail.ardi.lv (mail.ardi.lv [91.188.39.100]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 172395fi002578 for ; Sun, 1 Aug 2021 21:09:08 -0600 Received: from User (unknown [46.17.101.238]) by mail.ardi.lv (Postfix) with SMTP id AAF7F15DE1A; Sat, 31 Jul 2021 17:49:43 +0300 (EEST) Reply-To: From: "Chanpon Chue" Subject: [SPAM] UN Covid-19 Winning Notification Date: Sat, 31 Jul 2021 14:45:19 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20210731144943.AAF7F15DE1A@mail.ardi.lv> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 01 Aug 2021 21:09:08 -0600 (CST) for IP:'91.188.39.100' DOMAIN:'mail.ardi.lv' HELO:'mail.ardi.lv' FROM:'mariagwen849@gmail.com' RCPT:'' X-Greylist: Delayed for 30:16:10 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 01 Aug 2021 21:09:08 -0600 (CST) X-Spam-Prev-Subject: UN Covid-19 Winning Notification Status: R X-Status: X-Keywords: X-UID: 246 Content-Length: 1601 Asia Pacific Endowment Foundation UN Covid-19 Winning Notification Attention: Winner, We are glad to inform you that you're one of the Twenty lucky winners in this United Nations 2020 edition of the COVID-19 Asia Pacific Endowment Foundation; individual empowerment lottery promo in conjunction with Visa-Card Inc; owners of Visa ATM Card world wide. Details on the Beneficiary Selection Process: No tickets were sold, Your email address is one of the lucky emails, Selected randomly via E-wheel Computer Ballot System drawn from over 1Million companies and individual email addresses, from all over the world during the VISA ATM Card / EMAIL; Online selection draws. In the mean time we have been mandated to issue out this payment via our Swift ATM Card office in Thailand, with the latest technology powered by the Inter-Switch and the Visa Card Inc. This VISA ATM Card will be uploaded with your Winning Prize-Money of One Million United State Dollars deliver to your destination by a courier service firm. And a tracking number will be issues to you to enable you track your parcel until it gets to you. This card can be used in any ATM machine in any part of the global world, so if you like to receive your Award-Winning Prize in this way, do contact the Lottery Online Coordinator. CONTACT PERSON: MRS. KAITH NOGH BOON EMAIL: relpandemic@gmail.com With the following information: 1. YOUR FULL NAME 2. PHONE AND FAX NUMBER, 3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD TO (P.O BOX NOT ACCEPTABLE) 4. YOUR AGE/SEX 5 CURRENT OCCUPATION Congratulations! Best Wishes, Mr. Chanpon Chue From in@waterlift.co.ke Tue Aug 3 08:38:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.4 required=5.0 tests=ADVANCE_FEE_2_NEW_FRM_MNY, BAYES_80,FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO, HTML_IMAGE_ONLY_32,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY, MONEY_FORM,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO,RCVD_IN_MSPIKE_H2, RCVD_IN_SBL_CSS,RELAY_COUNTRY_ZA,SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9197] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [105.213.188.82 listed in zen.spamhaus.org] * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [194.201.253.11 listed in wl.mailspike.net] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of * words * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 2.5 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: GB ** ** ZA Received: from pop.kenyaweb.com (e-portal.kenyaweb.com [194.201.253.11]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 173Ec1ee005625 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 3 Aug 2021 08:38:06 -0600 Received: from localhost (localhost [127.0.0.1]) by pop.kenyaweb.com (Postfix) with ESMTP id 8C11F15EC1D2 for ; Tue, 3 Aug 2021 17:28:51 +0300 (EAT) X-Virus-Scanned: Debian amavisd-new at pop.kenyaweb.com Received: from pop.kenyaweb.com ([127.0.0.1]) by localhost (pop.kenyaweb.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AgV_u2pU5-3 for ; Tue, 3 Aug 2021 17:28:46 +0300 (EAT) Received: from waterlift.co.ke (105-213-188-82.access.mtnbusiness.co.za [105.213.188.82]) (Authenticated sender: info@waterlift.co.ke) by pop.kenyaweb.com (Postfix) with ESMTPSA id DEA0215EC358 for ; Tue, 3 Aug 2021 17:25:26 +0300 (EAT) Reply-To: "LottoMax" From: "Euro Millions" To: jhardin@impsec.org Subject: [SPAM] Lucky No.9/44/15/27/49 jhardin@impsec.org ... Date: 03 Aug 2021 06:25:07 -0800 Message-ID: <20210803062507.5127A623F4F4908E@waterlift.co.ke> MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0012_CE24454E.5DBA74F6" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 03 Aug 2021 08:38:06 -0600 (CST) for IP:'194.201.253.11' DOMAIN:'e-portal.kenyaweb.com' HELO:'pop.kenyaweb.com' FROM:'in@waterlift.co.ke' RCPT:'' X-Greylist: Delayed for 00:09:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 03 Aug 2021 08:38:06 -0600 (CST) X-Spam-Prev-Subject: Lucky No.9/44/15/27/49 jhardin@impsec.org ... Status: R X-Status: X-Keywords: X-UID: 247 Content-Length: 17959 ------=_NextPart_000_0012_CE24454E.5DBA74F6 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

            =             &nb= sp;            =            
 &n= bsp;  
            &nb= sp;            =             &nb= sp;            =          Winners Notification !!!
Your email ID has won €1,650,000.00 euros (One Million, Six hundred a= nd fifty thousand EUR) in LottoMax International Charity program Ref No Sp/= 179/0-39/44/4-07/ES. Lucky No.9/44/15/27/49.

For more information o= n comfirmation and claims procedure, please reply with your
FULL NAMES,
ADDRESS,
AGE, 
OCCUPA= TION 
CONTACT DETAILS 

You will be contacted b= y your district representative.
 
Note: This is an international lottery program.
Congratulations!

= National PostCode Agency.S.L
Lottomax@execs.com
claims@lottomax.com.eu 
Telephone: +44 808 271 = 1559
 The content of the e-mails is to be considered confidential. Therefore, the= information in them or in any attachments contained are reserved exclusive= ly for the recipients. Persons or subjects other than the recipients themse= lves, also pursuant to art. 616 of the Criminal Code, are not authorized to= read, copy, modify, disseminate the message to third parties. Whoever rece= ives a communication from us by mistake, do not use it and do not make it k= nown to anyone, but delete it from his inbox and=20 notify the sender.

The authenticity of the sender and the contents are not guaranteed, except = for digitally signed documents. Furthermore, pursuant to art. 13 of Legisla= tive Decree 196/2003 and art. 13 GDPR 679/16, we inform you that our archiv= es include e-mail addresses relating to natural persons, companies, entitie= s with which previous communications by e-mail or other means of communicat= ion have occurred, or who have spontaneously provided their e-mail address = for direct contacts. These addresses are used by=20 us in compliance with the will and willingness of the interested parties to= receive communications via e-mail from our company.

------=_NextPart_000_0012_CE24454E.5DBA74F6 Content-Type: image/jpeg; name="images.jpg" Content-Transfer-Encoding: base64 Content-ID: /9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxMSEBUSDxIWFhUVEBUVFhUQFRUVFxgSFRUY FxgVFRUYHSggGBolGxUVITEhJSkrLi4uFx8zODMtNygtLisBCgoKDg0OGxAQGy0lICYtLS4t LyswLy0tLzAvLSstLS0vLS0vLy0tLS0vLS0tLS0tLS0tLSstLS0tLS0tLS0tLf/AABEIAOEA 4QMBEQACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAAAAwQFBgcCAQj/xABNEAABAwIBCAUG CQkHBAMAAAABAAIDBBEFBgcSITFBUWETInGBkTJyobHB0RQjQlJic5KTshckMzV0gqKz4RVT VGPC0/Bkg6PSJXXD/8QAGwEBAAIDAQEAAAAAAAAAAAAAAAQFAQIDBgf/xAA/EQACAgEBAwgI BAQGAwEBAAAAAQIDBBESITEFE0FRYXGBkRQyM6GxwdHwBhUi4SNCUnI0U2KSsvElQ4JEJP/a AAwDAQACEQMRAD8A3FACAEAIAQAgBACAEAIAQHhcBtKA4M7eKA5NSOaA8+FN5oD0VTePoKA7 bK07CPFAdoAQAgBACAEAIAQAgBACAEAIAQAgBACAEAIAQHjnAbUAk6bgPFAcEk7SgPNBAeaC ATnIa0uOwAnwXO2yNUHOXBLU2jFykkhOnfpsa4bwD2HePG61x7ldVGyPStTNkNiTj1HrmLsa CTmIDkSOb5LiPV4IBaPEiPLF+bdvggHsFS1/knu3+CAWQAgBACAEAIAQAgBACAEAIAQAgBAB KARdLw8UBwGoDsMQHQagPdFAGigIjKCazQwfKNz5o2en1Lzn4jytilUrjLj3L9/gTcKvWTn1 CeAzXDozu6w7DqPpt4rT8N5W1XKh8VvXc+Pv+JnNr3qZKOYvTEEScxAIuagEJGIBs9ttY9CA dUuLFuqTWOI2jt4oCYilDhpNNwd4QHaAEAIAQAgBACAEAIAQAgBAcveBtQCDnE+5AdNagFA1 AdIAQAgC6AqNdUdJI5+69h5o2e/vXzflTL9JyZTXDgu5fXiXVMNiCRzST9G9r+B1+adR9C15 OyvRsiNnR09z4i2G3BxLdbgvpSepSibmIBF7EA3e1ANpWIBpKxAJQVT4nXYe0HYe0ICx4fXt lbduoja07R7xzQDtACAEAIAQAgBACAEAIDmR9hcoBrck3KAWY1AKAID1ACAEAICOx2p0ItEb X9X935R8NXeqflvM9Hxml60ty+b++sk4te1PXqK0vAFoCAsmA1OlHonazV+78n3dy99yHl8/ jKL4x3eHR9PAq8qvZnr1kiQrkjCb2oBCRiAaSNQDSVqAZytQDZsrmODmGxH/ACx5IC1YViLZ m32OHlN4cxyQD5ACAEAIAQAgBACA8c6wuUAyc/SN/BALRtQCwCA9QAgBACA9QFSxWq6SUkeS Oq3sG0959i+f8tZnpGS9PVjuXzf30Ftj17EO0aKoOwIB3hVT0coJ2Hqu7Dv7jb0q25Gy/R8l a+rLc/k/P3anHIr24FtX0EqTkhAIvagGsrUA0lagGUzUAxmCAQgqXRPD2bR4EbweSAu9BVtl jD2bDu3g7wUA4QAgBACAEAIAQDKrludEbBt7UARNQDloQHYQAUAID1ACAYY1V9HEbeU7qj2n uHsVZyvmejYza9Z7l9fA749e3PsRVV88LQEAIAKAtOC1XSRC/lN6p7th7x7V9D5JzPScZN8V uf18SryK9ifYx+VZnATeEA2lCAZyhAMpggGUwQDGYIBzk/ifQy2ceo82dyO53sPLsQF5QAgB ACAEAIBKol0W337B2oCPjQDyIIBZzg0EuIAAuSdQA4koBm7GacbaiL7xnvW2xLqMbS6zk49S 76mH71nvWebn1Mxtx6zg5R0Y21cH30fvWeas/pfkY5yHWjk5T0Q21lP99H705mz+l+TMc7D+ peYMynoiQBWU5JNgBNHck7ABfas8zZ/S/JhWwfCS8yvY/j8HTEPnjbo6gHPaDbebE7z6AF4j lWvLzrtqmuUoR3JqLa16d6XWWdU6qY6Tkk+1ojv7dpf8TF94z3qs/KM//In/ALZfQ6el0f1x 80H9u0v+Ii+8Z70/J8//ACJ/7ZfQel0f1x80H9u0v+Ii+8b70/J+UP8AIn/tl9B6XR/XHzR6 zG6YmwqIr/WM96w+Sc9LV0T/ANsvoFlUvhNeaJvBawMkBv1X9UkbOR8fWVK5FynjZOxPcpbn 2Po++0Xw24aroLWveFYIzytaC5xAA2lxsAOZKArtTlhQtNjVRX+i7S9IXZY9r/lfkcndWv5k d0mMU8/6CaN/JjgT3jaFpOucPWTRvGcZeq9TqZaGwxmCAYzBAMJwgLrkriPTQ6Lj147NPMfJ d4au0FATSAEAIAQAgI2vlu/R4esoDyEIB7GEBBZwZNHC6o8YdH7RDfau+Ktbo95xvelcu4zX JLN38NpW1HTaGk540dG/kuLfYrHIzpVWOCRCpxI2QUmydbmgZvqXdzGrh+ZWdS9519Bh1srO XeRbMPjic2Z0jpHuFnNAsGi5OrmQpWJlTuk00txHyMeNSTRKZIZuY6yjjqHzPYXl/VaG2s17 mg6xyXLIzZ12OMUt331nSnEhOCk2yEynydZRYhDTxPc+4ieXOsDd0jhYW5NB71rdkzlg22vi oy4f2mOZjDIhFda+J2zDBWYwKd5Ia82JbtAZBp6u9qg8hSdPJEJLjvfnNnbLirM1xf3uLVjO bKngppphLITHC94BtrLWki/gpVedbKaW7e0J4lUYt7zPclsNbU1kMDyQ2R5BLduppOrwVnkT cK3JdBApgpzUWaf+Sam/vZPQqr8wu7PIsfQqu0SnzSwEdSZ4POyLlC3sDwqu0qmKYXV4PI06 WnC47L9U8QR8k8/+HjmYOLytW4WLSfRJcV9V1p+HWawnbhy1i9Y9X38TS4cr4W4d8Le64a0C w8pztgaBxPrvwUHAjbZ/As9pF7MvDp7mt5NushGPOL1XvX0M9pqKvxyR0j3dHTtfYA36Nv0W t+W4b3H+ivpSqxFolrL78itUbMl6t6RLRTZp6YN68j3Hjs9AKiS5QufDREhYdSIvGM1bmdei lOkDcA6iOFnbb87rpDlCXCxJo0lhLjB6MZZPZUzRS/BMRve+i2R20HYA87wfnePJfjQnDnae HV9/AVXyjLm7ePWXKZVxNGMyAYTIBzkzXdFVNueq/qO7/JP2reJQGioAQAgBAeOdYEncLoCC Y+5JO838UA8p0A9YgKtnUfbCpuboh/5WKVhL+PHx+BHyvZP76RbNnHo4XT82vd9qRx9qxlvW 6RnGWlUSMykzkx0lTJTmne8xloLg9rQS5jX6hb6Vu5dacF2QU9eJzty1CWzoZ9l3lgMRMNoT GIuk2vDtIv0OAFraHpVhi43M679dSFkX87pu00Nczfx6OGUo4wh32iXe1VGS9bpd5Z0LSuPc Zzl07Sx5o+aIR4NL/as5r2eSbX2P37jhHfmwX30nORbdLH7/ADemPhEW+1MFbPJFS7F8dRPf myf3wNOy1NsOq/2WX8BWuP7WPeviSLvZy7mYpm9/WlL9Yf5bldZfsZffSVWN7VG/V8xZFI8a y2NzgDxa0n2KgW9lw+BneQ2ceWpqWU9VHGOkBDHwhzbODS6zmucbggHWN9uOqxycGNcHOD4d ZCoy3OWzJFzyuw1tRRTRuF/i3Fttoe0XBCg1TcJqS6CXZFSi4s+f8NZJUOhpGO1PmaGjaA55 A0iOABce8q7dFdVs8npcUn4a/XTwRURnOcY1dGvxPo/DaBkELIYW6LI2hrRyG88SdpO8lUU5 ucnJ8WXEYqK0RWspc4VLRymEh8sg8oRaNmHg5ziNfIX52UmnDstW1wXacbcmFb0HWS+WtLXE siLmSAX6OUAOIG0tIJDh2G/Ja3YtlW98OtG1V8LOBFZ0cmm1FOZo2jpY9ZI2lu8H/nqWcS91 Wdj4muTVzkO1cCFyMxUz0o0zd8Z0HE7SAOqfC3eCmZTzdrS4PeMaznK9XxJOZRSQMJkAwmKA 1LCKvpoI5N7mAnztjh4goB4gBACAaYpJaI87Dx2+i6AgzUBlrg6+A9qh5mdXiR2rE9Oxa/sd aqZWPSOh2MUI8ln2j7B71Q2/ieP/AK6/N/JfUlxwf6pCUmKyn5Qb5oHtuqy38QZk+DUe5fXU 7RxKl0alSzhzuNEdJzjeRnlEnff2K2/CuTdfykucm3+mT3vsIXKsYxxnoulfEvGQbLYbSj/p 2H7Qv7V63J9rLvZBp9nHuRC45m4iqamSofK4GRwJAHBobx5LrXmWQiorTRGk8auctpmY5dYG yiqugiJIELHEn5zi72AK0xLZW17UusrsmuNc9I9RuOSkejQUreFLD/LaqS562Sfa/iW1S0gl 2IyjKQ6WUL+T2Dwpmpyu9nkWzuX/ADRGp/xy+/5RbN1rxuU8G1B/iA9q70rTkulf6YfA1jvy 5vtfxNJy6/VtV+zP9S5Y/tY96JN3s5dzMXze/rSl+tP8tyusv2MvvpKvG9qjfa+IvikYNro3 NHaWkBUCLkoOQ+bp1LUNqKiRriwHQYwHU5zdHScd9gTqU/IzucjsxWhDpxObltN6lzymxFtP RzTONtGJ1ubyLNA5lxA71Dqg5zUUSbJqMXJmJ5sYwcVpgdxkPeIX29NvBXea/wCDLw+KKrF9 qvvoN2xOp6KCSTboRPf9lpPsVFFatIt29FqYHkvgvwySSSdzrA3cQdbpHkkkn096fiLlufJk IQpS2pdfBJEPk/DWS3Kb3L3sVx3C3YfNFUU7zqeC0u2h7ddjba0i4twuN61/D/Ln5pGdNySk l0cGuHg1uM52H6K1ZW9xu0MjZ4GuHkyxA69fVe2/qKzKOy2iWnqtTG8jR0VdUwaxtNvMfq1d j1F/E+TdTh031S0euj8V29xz5MhF32VyXb7/ANy5vhvvXlKvxLfH2kU/d9+RcSwoPg2hnNRO 3WKs6fxJjS9eLj719+BxlhTXBpkVVxlupwsrjGy6clbVUtfP5kayqdfrIumb+p0qdzD8iU28 1wB9ekpJzLQgBACAisef1WDi4nwH9UBHR2Oo7FrOEZxcZLVMym09UI1NKWi41t9I7eXNeK5V 5ElRrbTvj0rpX1X2+stKMpT/AEy4/EarzxKKvnDP5mOczPU4r1v4MX/kX/Y/iip5Zf8A/N4o 0jJFtsPpB/0kH8tq9hf7WXe/iQqfZx7kVLFc6ccM8sPwZ7jFK+MkPaASxxbcauSlw5PlKKlt cSPPMjGTWnAzbLLHRXVTqgMLAY2t0SdI9Ubbgc1ZY1PNQ2dSBfbzkto37Ah+awfs8f4AvPz9 Z95dR4IxzKKZsePSvkOiBIDc6hrgaB6105Vpsv5IlCpNt6blve6SIdUowzdqT0X7D3NSNPFZ 5G629FMb7uvKzR8RfwUqcHVg1Vy4pRXlHea0NSyJyXDf8TRMv3Wwyq+oI8bBRsb20e8lX+zl 3GN5ux/8pTfWO/lvVzl+xl99JV43tUfQT3WBJ2AX8F58uROkqWyxskjOkx7A9pG9rhcHwKzK Li9GYT1WqMVzp19Wasw1DrRNOnExgs0tOxx+c4bLnZuAurnAjXsbUePT99RWZjntaPh0ENkJ WCHEqZ7tnTaH3rTH/rXfKjtUyXZ8N5xx5bNiZ9BV8HSRPj+exzfEELz6em8ujCsnsR+ATywV IIbpWva9i24BsNxHqXL8R8k2cp0wux98o67utP5pkXAyVizlXZwfT99Z3lXizax0VPS3eTIL WBF3u6rWi/nbVw/DHIt+DKeRkrZemiWuu7i3u7lob8pZcL1GqrfvNww2l6KGOIaxHExl/MaG +xTZy2pOXWdorRJGN4AdPF6pzdbQZhf/ALjQPUoH4sezyXVF9Ml/xl9TTkzflzfY/ii7r5oe jGtZWhmpus+pXfJfI08p85Zuh733fUj35Kr3Leyv1MhJuTcr3FNMKYKFa0SKqU3J6yLLm5lt JKz5zGu+ySP9a6mpe0AIAQEHlE7rMHJ3sQDGFyAfwvQDSsoPlRjVvaPW33LynK3Ia33Yy74/ T6eXUWFGV/LPz+pQ85B/NGc6hv4Hrf8ABS/8hL+x/wDKJF5b/wAOv7l8Gajk2PzKm/ZYf5bV 6y315d7I0PVXcUvE81jJp5ZjUvHSSvksGtNi9xdb0qXDlCcYqKS3EeWHCTb1e8zzLXJ9tDVd A15eOia+7gAbuLhbV5qssW52w2n1kHIqVctlGz5AYiJ8Op3A62xCJ3EPiGgb9tge8KmyobFs l4+ZZ489qtMj8tMg466QTNeY5Q0NJAuHNGy44i51rajLnStFvRrdjRser4kjkhkpFh8bmxku e8gve61za9gLbALnVzWl98rnrI3qpjWtEQGeHGGx0YpgevO8XG8RRkOJ73Bo56+Ckcn1OVm3 0I4ZliUNnrM7zdfrSm+sd/KerHM9jL76SFi+1RvWJfoZPqn/AISqBFyZ7mayg04XUch60Y04 r74ies391x8HclY8o06S5xdPEg4Vusdh9BP5xsm/hlKSwfGxXcznxb3hRcW/mp69HSSL6uch p09BgusHeCD2EEeor0HEpeB9EZFZQNraRktx0jQGStG6QDWbcD5Q5HkV57JpdU2ujoLqi3nI JiOU2RdPWuD5AWv+czUSsVXzq9VmbKYWesjjJnIalon9KwF8msB8mstB1HRGwG2q+1b25Vlq 0k93Ya149db1SJDKvGW0dJJO46w2zB86R2poHfr7AVzpqds1FG9tiri5MyzNzSnRlnd8twaC d9rlx8Xehed/G2UnZVjR/lTb8dy9y9525FqezKx9L08i01NTub4qt5K5C2tLchbuiP1+nmT7 8rT9MPMiZnL1yWm5FcMZisgsWQJtVdsLh6Wn2IDQ0AIAQFfylPXZ5p9aAYROQDyJ6AdxvQFG zu07RSRvbqJqmgjcSY5NfbqXTkvCqhmyyIrRuLT7d8Xr37iPn2ydCg+v5Md4VnPo44Io3Mnu yFjCQxlrtaAbdfZqU2eBa5N7jlHMrSS3jv8AKtQ/Nn+7b/7rT8vt7Db02vtM2y+xyKtrOngD g3omM+MABu0uvqBOrWFZYtUqq9mXWQci1WT1ie5GZXS4fIdEacTyOkjJtrHy2Hc63iNR3EMj Gjcup9YovdT7DVKLOTh8jQXTOjNvJljfcd7QW+lVUsG5dGpYRy6n0jPGc6VHG0/BtKd+4Bro 2A/Sc8A27AVvXyfZJ/q3I1nmVpfp3mQ4zistVM6eodpPdw1BrRsa0bmj+usklXFdca47MStn OU3tSHWSOJMpq2GeW+hG5xdoi5sWObqHaQtMiDnW4rizamahNSZqNVnQoXRuaBNdzHAXjG0i 3zlVfl9vYWHplfaZJgOJvpaiKePbG4G3zm7HN72kjvVvbWrIuL6Strm4SUkbB+VSg4Tfdj/2 VR+X29hZem1dplmV9VTS1TpaPSDH9ZzXt0bP321nUdqs8aFkIbM+jgQL5QlPagI5O4/NRTdL Tu5OY7W17eDh6jtHit7qY2x2ZGtVsq3qjWMJzpUUjR8I04H7w5rpG3+i5gOrtAVTZyfbF/p3 ljDMra37hxiGczD42kskdK7c2KN4/ieA30rWGDdJ71obSy6lwepmeOY5U4tUNbbRYD1I2klr Adr3u+UeergBr1yrraOTaHbP95Poil2/uyIucy7FCP8A12sutFTNhibEzyWi3MneTzJuV5DH 5PlbfLMy985PVLoj1eS3Lq7y8dka4KqrgunrE5nK5I4wmcgGbtZQFlyGb+dD6t3sQGhoAQAg K/lUNcZ84fhQETE9APInoB1G9AZLlVilVWTTQMa6SOGocWtjjuW6JcwElovvdtV1jV1VRjNv RtdLKq+dlsnBLVJlWmhcxxa9rmuG1rwWkXF9YOsaiFOUlJapkVpp6MVZQSlukIpC0i+kGOIt xvay1dkE9G15mVCTWujEoYXPNmNc42vZjS4242CzKSjxehhRb4I9dTvDg0scHHY0tIJ7Ba+4 +CKcWtU9xnZaemh5JC5vlNc3zmketFJPgzDi1xRyxhOpoJPAAn1LLaXEJN8D18Zb5QI84Eet E0+Aaa4njGE7AT2An1I2lxCTfAHsI2gjtFkTT4BpriexxlxDWgucdgaCSewDajaS1YSbeiHF Rhk7BpSQSsbxfG9o8SFora5PRSXmbOuaWrT8hquhoKtpZCLiN5Fr3DXEW43stHOK3No2UJPf oxJbmouKKXR0+ifo2vpaDtG3HSta3Nac5DXTVa95tsS010ZJYHX1AHQ0cWlI4k3jYXvIHLlx OoX3Kuu5Oolf6RdJvRaLV7l3d/mS6sqxV83Wl4EhPiWI0pvVRvtwlYB/E0au9bej41u6t7/v oZnnr6981u++onMPxVk7NJlxbUQdoKrbqZVS2ZE6q2Ni1QTOXI6CMYQFtyEj/OHHhEfEub7i gL0gBACAhcq47wh3zZB4EEeshAVuJ6AdxPQDpkiAq+Z4adTXS8XN/ifI5WWduhXHs+hBxN8p vt+pG55cLLauKZg/Tx6GobZYyAO8tc0furtydZ+hxfQc82H6010mqYThzYaWOnGxkLYzzs2x PfrVVOblJy63qWEY7MVEybNDGY8TljdtbTSsPayWMexW3KD2qU+1fBldhpq1rs+ZPZVC2UVC eMTB/HMPao9P+En3/Q7Wf4mPd9Qz2t/N6c/57vwH3Jyb68u4Z3qLvK1me/WR/ZpPxMUrlD2P ivmR8L2ngSee5vx1L9XL+Ji5cm8JeHzOmdxj4nGZMfnFRf8AuWfjKzyl6se8YPGQ2zrUjpcW jiiF3vgiY0fSdJIBfgOazgSUaHJ9b+CNcuLlakur6mk5L5NQYfBZobp6N5ZnWBcQLk3PksG4 bvEquuvndLV+CJ1VUao6LxY9osapakmOGeKUga2se15txtvHNaTqnBayTRtGyMtyZledHJFt M4VNOLRvdZ7Rsa87COAKs8HJcv4cvAgZdCj+uPiaTkZCDhlKHAEGkjvzDmD3quyfay72TqfZ x7jGMu8nzR1bmgfFvJfGd2iTrb3K4w7+dr38VxKvJq5ue7gzS60aOTjf/rovTG33qt45X/18 yf8A/n/+fkJ5p8Ojgw81LrB0pe9zjtEUZLQ3s6pd+8ts+xyt2eo1w4KNe11kJldnDp6qhlig Y9sjnBoErR+jPlPaQSBqFtx6y7U4M4WxcuHE525cZVtR4kPk9T9HTtvtf1z37PRZRMyzbtfZ uO+NDYrXbvHMhuoxIFYWoC75CQWEr+bWjuuT6wgLWgBACAaYtB0kEjRtLDbzhrHpAQFCikQD yKRAKzT6MbncGE+AWUtXoYZF5kIviKh9tszG381lyP4grDlJ/wARLs+ZDwV+hvtLZX0MWIw0 8m6OpjmHbG4h7CftDuUWMpUuS61p5kiUVYk+p6ku2saZjDfrtibIR9BznNB8WFctl7O0dNVr oZlk1T9DlJUM2aQmcP8AuaEvtVlc9rEi+73aog1LZyZIe5d9XGsNfxc1v/lt/rWmNvx7EbX7 roMUz2M/M4DwqgPGKT3LHJ3tH3fNGc31F3lQzRutibecMo9APsUzP9j4oi4ftPAm8+A+MpD9 Cb0GP3rhybwl4fM7Z38viN8yZ/Oaj6hv41tyl6ke81wfWZY6qAPyliLvkUGmO272+p5UaLax H/d9CQ1rkLuGOevEnshggabNlc9z7bxFoaLTxF337WhdOTa05OXV8znnTaio9Zm4jmo5oZWk aYIkZoEnWCOqe29iN4JXTC5Qo5QjNQT0T0eq96I91FmNKLfF79xtOc5oOFz6Q3NI5ODhZQcT 20dCwyPZSF6WvFJhEUxbpdFQxHRGq5EbRbxScecva65fMzF7FSfUvkMstsIZiWHiSn6zgwSw uG8EX0e8arLNFjot39zNboK6vd4COVrTFgOgdRFLCwg6tei0WW1X6slPtMWfpoa7Blmvykp3 0bKOV7WysLmhkhA6RrnFw0L6nGzrEbdS651E1Y5pbmc8S2Lgo670I5wMhIBTvqKZug9gLnNb 5Lhv1cVri5c4zUZPVGcjGjKLaW8qGBVhfAA43LSW35DZ6LLnmVqFrS7zfFm51pskY2qKSB5E xAaJktTaFM3i8l579noAQEugBACAEBnmL0/RVD2btK7fNdrFuzZ3IBOORAJY5Po0sx/yX+Oi V1pWtkV2o52vSEn2Mf5motHD3O+dUPPg1rfYpPKD1u8EcMJaVeI1zN410kU1M462SGVl/mSE 6QHY7X++t+UKtmSku7yNcOzaTizzCMa08pJ26XVMLoGj6UOi4jucJfFLKtMSL7dfP7QhZrkN dmgti1P0WUlJJumgeD5zY5Af/wA1rW9rEkup/T9zM1pkRfWhHOoNGsw2XcKg37pYXD2rbC31 2Ls+TMZW6cH2/QsOcLJ+WupWxQFge2dr/jCQLBrgdYB19ZR8W5VT2pdR2yKnZDZRSsk8lKjD 8UpTUGMiXp2DonOdrbC52u7Qpt+RC6mWzru0495FponVam+nUsecvJSorzAabQ+LEod0ji3y 9C1rA38kqNh5MKdra136fM75NErdNnoIrNrgUtFiE0NRo6Ro2v8Ai3Fw0TLYayBr6pXXMujb UpR6/kc8ap12NPqE8q8YFJlBDM82Z8HYx54MeZGlx5AkO/dWaKucxZRXHX6C2zYyE31fUtmW +SzcRgaGvDXsOlG/a2zhrBtuIt4BRMe90y18yRdSrY6FWyWzYvjqGTVsjXCNwc2Nmk7Sc03b pE7Gg69Hf2bZNubHZca46a8fv5kevEakpTeugtnmx1racUbTd8hD3gfJjabi/MuA7mnknJ9L c+cfBGc2xKOx1kzl58Xgz2/5MbPwhR8f9WQu87X7qX3FdzOZRanUMp2Xkhvw2vjH4h2u4KXy hT/7F4kfCt/kfgT+duXRwx4+dLGP4r+xRsJa3x8fgd8p6VP76SrDNQ99PC5soZKWAytkBIDn a7C2wtBAPEhSvzHSb3aroI6wtYrfo+ktWU7RQ4KYnyabmwtia52179QFhr1ctwCiV/xr00uL 1JM3zVW99Bl2Tcfxfa4n1D2LfPlrd3JGmGtKixxMUIlEjQUpke1g2ucB47+7agNNjYGgNGoA AAchqQHSAEAIAQFZy1orsbM0a2dV3mE6j3H8SAqcciAZ5TSH4JIACSQBYa9rgFIxdOejqccj XmpaFVwrKivpYhFTyuZGCTo9FG7W43OtzCfSridNFktqWjff+5WRtugtla+QxwTFJ6SUTU5L XhpbrbcFp2gg7dgPcF0shC2OzI0rlOt6xPKHFZoakVTD8aJHSXcLguffSuOekUlCEobD4CM5 Rlt9JLYhlxVTTQTyCLTp3OdGQwjygAQ7raxqC4wxaoxcU+PadJZM21JrgJZRZZVFaIxOIh0T 9Npja5pvzu46tQW1WNXVrs67zFmRKzTXoJv8rNb/AHdN9iT/AHFx/Lqut+76HT06zs+/EZ1u ceqllgleyDSge9zNFsgBL2FhDrv1izt1lvHBrimk3v8AvqNXmTbTem4f/lbrP7qm+zJ/uLT8 ur637vob+nT6kMG5x6kVRqujg0zAISLP0dAPL72073ueK39BhsbGr011NPS5bW1ouGhD4/jc uIVLZJGsEjmsiAjuB5RttJN7uW2leJTKb12UnJ+C3/A0lOV9iXS9ETOC5aV2HAQPaHRjyY6g HqjhG8HZ4gbrKNBYudHnaZJ9q+a6H5M785djvZmvP5MkKzOrVyjQp4Y43HVdodK790HVftBW fQaq1tWS3Lr3Iy8yye6C3+ZS8XgmD9Oq0tOUF5Mhu47ruXXCzcfJUvR3qovTVcNezrOF9Ntb Ts4vf2k7lBl5VVkBgmbEGFzT8Ux4PVNwLl51dyzViVVyUk3r3o2syZ2R2WiMFNNS/B6uO4Js 9rgNjwb2PIjdvF1FxuUasq+7GfGD0711+D+RvZjzphXaule//oeZQ5ZVVbEIqjQ0A4Osxhbr HO5UyrGqqltR495zsvssjstDjCs4VfTsEYka9oFm/CG6RA4BwIJ7yVrLEpse0vcZjlWw3P3j LFMYq8Rkaah5Ib5IADWMvts0bTzNzzWrlTixezx95slbkPfw9xPYdTBrQBsAsqaUnKTk+LLS MVFJIlImLUyWvI+hu50pGpvVb5x2nw1d6AtiAEAIAQAgOJ4g9pY4Xa4EEcjqQGYYlSOgmdE7 cdR4tOx3/N90BwyRAK9IgPRUIBSOq12XK7dXJ9j+BtD1kSegOAXy3Vl5oGgOAWdWY0POjHAe CasxoedEOA8E2mNA6IcB4LO0+saIOiHAeCbT6xoAjHAeCbT6xoeSRB2pwB7RdZhZKD1i2n2G HFPieRUzG+S1o80ALay+yz15N971ChFcEKFo4LlqbaBoDgmrGgnV/o3eYfUu+J7eH9y+JiXq sor3r6gUYgW33IB5SwICXgisEBIUlMXuDWi5cbBAaHQ0oijaxuxo28TvPigF0AIAQAgBACAg crMG6eLSjHxkYJb9Ju9ntHPtQGeMkQCwkQCb3oDmKbrDzh61yuWtcl2P4G0PWXeWtfLC9BAC GAWQeIYGtVXsZqvc8B7eCtMHknIyt6Wket/LrONt8K+PE7patsnknXwO1cMzk+/ElpYt3Q1w ZtXbGxfpF1COh6hkFgAhkRrj8U/zHeoqRh78iv8AuXxNZ+q+4z8C6+oFEOIIUBLUsCAfxxoC 45M4ZoN6V46zh1QdzePafV2oCeQAgBACAEAIAQAgKTlnk9YmpgHORo/GB6/HigKc2RAdOddA I6ViO1ayWsWjKejLsNi+UsvwQwCAb1VWyMXebct57ApeLhX5UtmqOvb0LxNJ2RgtZMg6zGHO 1M6o9J9y9dg8gU0/qu/VL3Lw6fHyK63LlLdHcveRxlV+RDwTEG4NjyWs4RnFxktU+sym09US tFj1tUusfOG3vC8xnfh2MtZ4z0/0vh4P6+ZOqzOifmTkEzXjSYQRxC8rdTZTLYsTT7SfFqS1 QquRkEA2xQ2gk+rd6lM5OjtZdS/1L4mlu6uXcylwwr6YUZJ0tMgJGONAWHJ/CNM9JIOoDqB+ UR7EBbUAIAQAgBACAEAIDh77IBnPUICkY/goBMkI1bXMG7m3ly3eoCvFiATkagLnTuuxp4tH qXyy+GxbKPU2veegi9UmcVdYyMXkcB6z2Det8bEuyJbNUW/h58DWc4wWsnoV+uyjJ1RDRHzj t7huXqcL8OQh+rIer6lw8+L9xAtzW90PMh3zkm7iSeJN16SEIwjswWi6kQW23qznpVuYPDIg OTKgODIgFaWrkjdeNxB9B7RvUfJxaciOzbHX4ruZvCyUHrFllw/KFrrCYaJ+cNbf6Lyeb+Hb Yfqx3tLqfH6P3dxYVZkZbp7vgTjHgi7SCOIXnJwlB7Mlo+0mrfvQ0xf9C7mAPEqy5FjtZ1fe 35Js45L0qkQdNSr6KUpIxxICSw+iDjd3k+v+iAtFPNYADYNgCAfRyXQHaAEAIAQAgBAeFANK hyAjp3ICPmcgISvoQ46TdR4bj7kBEyQEaiEA4NdIGBjTYAWuNqplyHjO6Vtmsm23p0b/AL/Y lelz2VGO4ip6cuNySTxOsq3hCMI7MVoupEZtt6sbPpitjAmYSgOeiKAOiQHoiQHYiQCjYUAs ynQEhQh7D1CRy3eCi5WFRkrS2Ovb0+Z0rtnX6rJV8znts4DbuVbhcixxMnnYS1Wj3Pj5/wDR 3tyucr2Wt4MiV4RBxC0ICRgcgJCByAkIHIB60oD1ACAEAIAQAUA0nYgI6diAYTMQDGViAZTx X2hAMn06ATMSA4MCA4NKEBwaNAefAkAfAuSA7bRIBZlEgHEdKEA5ZDZAe6YGzWgPWglAO4WI B7CxASEDEBIQMQDwBAeoAQAgBACAEBy5t0A1mp0AwmpkAylpkAzlpkA1kpkA3fToBIwoDzo0 AdGgPRGgOhGgOg0ID3UgC53BAHRE7UAtHTIB1FTIB5FTIB9DTIB9DToB4xlkB0gBACAEAIAQ AgBACA4fECgG8lJdANZKHkgGslDyQDZ9DyQCLqHkgEjQ8kBwaJAcmiQAKNAdCiQHYouSAUbQ 8kAsyh5IBxHQ8kA6ioeSAdx0aAcMiAQCiAEAIAQAgBACAEAIAQAgBACAEB4WhAcGEcEBwaVq A4NGEBwaAIDn+zwgD+zwgOhQBAdiiCA6FK1AdiAcEB2GDggOkAIAQAgBACAEAIAQAgBACAEA IAQAgBACAEAIAQAgBACAEAIAQAgBACAEAIAQAgBACAEAID//2Q== ------=_NextPart_000_0012_CE24454E.5DBA74F6-- From jgh@jghdelhi.Net Wed Aug 4 06:18:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 174DI2eA013453 for ; Wed, 4 Aug 2021 06:18:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: **** X-Spam-Status: No, score=4.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,LOTS_OF_MONEY,MONEY_FRAUD_5,MONEY_NOHTML,RCVD_IN_MSPIKE_H2, RELAY_COUNTRY_JP,SPF_HELO_NONE,SPF_PASS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Relay-Country: IN JP JP Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 04 Aug 2021 06:18:02 -0700 (PDT) Received: from mail.corpexchanger.com (mail.corpexchanger.com [43.242.126.244] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 174DGQPO031951 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for ; Wed, 4 Aug 2021 07:16:31 -0600 Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (52.175.132.9) by c4chesmbx01.corp.com (172.31.31.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 4 Aug 2021 18:30:40 +0530 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: Great Business .. To: Recipients From: "Ms. Reem Hashimi" Date: Wed, 4 Aug 2021 13:00:32 +0000 Reply-To: Message-ID: <34a154fef16a4cb392ae5378faacb530@c4chesmbx01.corp.com> X-Originating-IP: [52.175.132.9] X-ClientProxiedBy: c4chescas01.corp.com (172.31.31.12) To c4chesmbx01.corp.com (172.31.31.14) X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 04 Aug 2021 07:16:32 -0600 (CST) for IP:'43.242.126.244' DOMAIN:'[43.242.126.244]' HELO:'mail.corpexchanger.com' FROM:'jgh@jghdelhi.Net' RCPT:'' X-Greylist: Delayed for 00:15:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 04 Aug 2021 07:16:32 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 174DGQPO031951 Status: R X-Status: X-Keywords: X-UID: 248 Content-Length: 1442 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: rhashimireem@kakao.com Regards, Ms. Reem From mp@gurabini.com Sat Aug 7 02:08:16 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************* X-Spam-Status: Yes, score=13.3 required=5.0 tests=BAYES_95, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,RCVD_IN_PSBL,RCVD_IN_SBL_CSS, RELAY_COUNTRY_VN,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9611] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [202.55.132.29 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [203.77.200.123 listed in psbl.surriel.com] * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails X-Spam-Relay-Country: IN ** ** ** ** VN Received: from mail.gurabini.com (mail.gurabini.com [203.77.200.123]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 177885we003257 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 7 Aug 2021 02:08:16 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.gurabini.com (Postfix) with ESMTP id D5763C1556A2F; Fri, 6 Aug 2021 21:10:28 +0530 (IST) Received: from mail.gurabini.com ([127.0.0.1]) by localhost (mail.gurabini.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id YFF7IxRFiehc; Fri, 6 Aug 2021 21:10:27 +0530 (IST) Received: from localhost (localhost [127.0.0.1]) by mail.gurabini.com (Postfix) with ESMTP id 092D7C04A730D; Fri, 6 Aug 2021 20:37:54 +0530 (IST) X-Virus-Scanned: amavisd-new at gurabini.com Received: from mail.gurabini.com ([127.0.0.1]) by localhost (mail.gurabini.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id cOKqyVaZD0gf; Fri, 6 Aug 2021 20:37:53 +0530 (IST) Received: from [202.55.132.29] (unknown [202.55.132.29]) (Authenticated sender: mp@gurabini.com) by mail.gurabini.com (Postfix) with ESMTPSA id B1AF0C04A7319; Fri, 6 Aug 2021 19:53:02 +0530 (IST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Request! To: Recipients From: mp@gurabini.com Date: Fri, 06 Aug 2021 07:22:10 -0700 Reply-To: franciscoperezc@rediffmail.com Message-Id: <20210806142302.B1AF0C04A7319@mail.gurabini.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 07 Aug 2021 02:08:16 -0600 (CST) for IP:'203.77.200.123' DOMAIN:'mail.gurabini.com' HELO:'mail.gurabini.com' FROM:'mp@gurabini.com' RCPT:'' X-Greylist: Delayed for 08:29:19 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 07 Aug 2021 02:08:16 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 177885we003257 X-Spam-Prev-Subject: Request! Status: R X-Status: X-Keywords: X-UID: 249 Good Day, I wish to contact you personally; I know you will be surprise to read my email. Please don’t be skeptical to reply me. My name is Francisco P?rez, a lawyer in Spain. I am sending this mail to know if your email address is functional. I have something absolutely essential to discuss with you. Contact me for more details through Email: franciscoperez2021@consultant.com with your direct contacts. Sincerely, Francisco Perez.(LAWYER). From wangpeng@guoxin.cn Sat Aug 7 07:19:55 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.7 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_TO_UNDISC,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,LOTS_OF_MONEY,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MONEY_NOHTML,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_SBL,RCVD_IN_SBL_CSS, RCVD_IN_VALIDITY_RPBL,RDNS_NONE,RELAY_COUNTRY_CN,SPF_HELO_NONE, T_SPF_PERMERROR,UNDISC_MONEY,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9713] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 NSL_RCVD_FROM_USER Received from User * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [114.242.21.168 listed in psbl.surriel.com] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [87.246.7.35 listed in zen.spamhaus.org] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [114.242.21.168 listed in bl.score.senderscore.com] * 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [williamwilbert1[at]yandex.com] * 3.1 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.9 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: CN BG Received: from mail.guoxin.cn ([114.242.21.168]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 177DJoc5000658 for ; Sat, 7 Aug 2021 07:19:55 -0600 Received: from User (unknown [87.246.7.35]) by mail.guoxin.cn (guoxin communication's mail server - mail@guoxin.cn) with ESMTPA id 8C15B4748FF; Sat, 7 Aug 2021 11:55:54 +0800 (CST) Reply-To: From: "Watson, Farley & Williams LLP" Subject: [SPAM] This Is Our Last Notice to You Date: Fri, 6 Aug 2021 20:56:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210807035554.8C15B4748FF@mail.guoxin.cn> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 07 Aug 2021 07:19:55 -0600 (CST) for IP:'114.242.21.168' DOMAIN:'[114.242.21.168]' HELO:'mail.guoxin.cn' FROM:'wangpeng@guoxin.cn' RCPT:'' X-Greylist: Delayed for 06:00:38 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 07 Aug 2021 07:19:55 -0600 (CST) X-Spam-Prev-Subject: This Is Our Last Notice to You Status: R X-Status: X-Keywords: X-UID: 250 Content-Length: 1142 Watson, Farley & Williams LLP Solicitor, Advocate and Notary Public Office: 15 APPOLD STREET, LONDON, EC2A 2HB, ENGLAND This Is Our Last Notice to You We wish to notify you again that you were listed as a beneficiary to the total sum of US$ 50,000,000.00 Dollars in the intent of the deceased(name now withheld since this is our second letter to you). We contacted you because you bear the surname identity and therefore can present you as the beneficiary to the inheritance since there is no written will. Our legal services aim to provide our private clients with a complete service. We are happy to prepare Wills, set-up and administer Trusts, carry out the Administration Of Estates and prepare and administer Powers Of Attorney. All the papers will be processed in your acceptance. In your acceptance of this deal, we request that you kindly forward your letter of acceptance your current telephone and fax numbers and a forwarding address to enable us file necessary documents at our high court probate division for the release of this sum of money in your favour. Yours faithfully, Barrister Watson.F.Williams. Principal Partner From jhardin@impsec.org Sun Aug 8 15:42:59 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 39041 invoked by uid 99); 8 Aug 2021 15:47:16 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Aug 2021 15:47:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id E7B251FF40C for ; Sun, 8 Aug 2021 15:47:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 0.251 X-Spam-Level: X-Spam-Status: No, score=0.251 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id pT7xV85TwRmW for ; Sun, 8 Aug 2021 15:47:15 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.161.45; helo=mail-oo1-f45.google.com; envelope-from=mrs23abram@gmail.com; receiver= Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 016DFBD3AF for ; Sun, 8 Aug 2021 15:47:14 +0000 (UTC) Received: by mail-oo1-f45.google.com with SMTP id h7-20020a4ab4470000b0290263c143bcb2so3669750ooo.7 for ; Sun, 08 Aug 2021 08:47:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=8oylL77uHC8iS7P55H5VHsU/A6fi9b+f8JMv+Q3H6zY=; b=ASpk3E1CWDxHVzK+fXl7FkUZ0wBPSrpGvjLv0//h/XHR7aDBVjDOsTjLxsLlzKvu9T 0A2zU4+jopS9x4BtvTHt3tW8Zm7bN/hYPDDyXKBX9eJSWvYB7l0SrfUtuZKSlYTFibLs Opd1Owr3ei231fg8n+Gj7z7CGThQbpI7nBC1XDM1OMARgM1vr2akh967tTG5C420Np7c RmZZ4FlEyxXcGbvgAY+FfDwjZA9xTa9gGUgjUQ1WRXC6Ar8WHIY2npRqiEgyzzotvyJ3 KtuC0cQPcH/XcO1lekIiEoMeEAS7xRR5OIq4hV5ua/urUtGyV2DA8xHpf8SGG+0knQJ9 dgbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=8oylL77uHC8iS7P55H5VHsU/A6fi9b+f8JMv+Q3H6zY=; b=VbPkdiC+JjQVCMe8veXd/BM8gdpTpZky1SZW0TnC4gsKTVZTkYHLqVGMBEWMh7NV0n 0A6IPWefHkWfQ6YAk5EXrsoIhUrQPZKIRJKs7f+yOJ+V1Qkgb7oedpJslZv+88lYIc1Y DyhR8I1pMLgnv1EizWveyyXnhJsbKNf8/lV65IsGDNP94tSpLBaaaPrfH57vQE2/32M6 1LwC2vRwwAVpbVlFZlZBzUZ9qrhRfTOCl+qhmINeQe8gw9iC6M/FfLE5ikfgaT8zmKwc jUJ4zH7vUCtvnWdA2D2SUZroDN1HcQaBaS4+Z9p224EQxukzte6uBFfXMi6yBRqjeHCB UWVA== X-Gm-Message-State: AOAM533oIDnnMXW3/0LqGacfVOb0ackoq2jCC1YQ4+i5v8QHJABn86Aq 5HrNgHGxTdZXa3HV7tohHdUE7j+IgDzVHCND3PA= X-Google-Smtp-Source: ABdhPJzsSbiWmhQi8YC5TkLaiDt8bp1hwaPxSU/nY8Jd1zKdF2gDtVlTgx1xwFBFiaZsMcNO7Fy/uRyglfZx1mYJyeU= X-Received: by 2002:a4a:9cd7:: with SMTP id d23mr12492148ook.12.1628437634201; Sun, 08 Aug 2021 08:47:14 -0700 (PDT) MIME-Version: 1.0 Reply-To: sopadam3@gmail.com From: Sophia Adams Date: Sun, 8 Aug 2021 15:42:59 +0000 Message-ID: Subject: Greetings Dear, To: "Mrs. A Abram Mrs. A Abram" X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000b9c06105c90e2e9f" Status: X-Status: X-Keywords: X-UID: 251 Content-Length: 2443 --000000000000b9c06105c90e2e9f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Greetings Dear, My name is Sophia Adams 19yrs female Orphan) from Cote D=E2=80=99ivoire and= my father passed away some years back and I did not know my mother until date. I am suffering for food poisoning caused by my step mother's wickedness, due to the fund that my father deposited in a bank on my behalf as his next-of-kin. Please help me secure my inheritance money. I am seriously ill because of the reaction of the poison inside my body, reply to my message and I shall tell you more. God bless you as you reply me Ms. Sophia --000000000000b9c06105c90e2e9f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<= br>

Greetings Dear,

My = name is Sophia Adams 19yrs female Orphan) from Cote D=E2=80=99ivoire and my father passed = away some years back and I did not know my mother until date.=C2=A0 I am suffering fo= r food poisoning caused by my step mother's wickedness, due to the fund t= hat my father deposited in a bank on my behalf as his next-of-kin. =C2=A0 <= span lang=3D"EN-GB">Please help me secure my inheritance money. I = am seriously ill because of the reaction of the poison inside my body, reply to my messa= ge and I shall tell you more.

God=C2=A0 bless you as you reply me

=

=C2=A0

Ms. Sophia

=
--000000000000b9c06105c90e2e9f-- From MAILER-DAEMON@ga.impsec.org Sun Aug 8 09:29:44 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=55.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DKIM_ADSP_NXDOMAIN, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL, FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KHOP_HELO_FCRDNS, LCL_IMPSEC_MAILER_DAEMON,LOTS_OF_MONEY,MIME_HTML_ONLY,MISSING_HEADERS, MONEY_FROM_MISSP,MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,RCVD_IN_SBL_CSS,RELAY_COUNTRY_CN,RELAY_COUNTRY_JP, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_05,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [119.57.115.13 listed in zen.spamhaus.org] * 0.1 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 1.5 RELAY_COUNTRY_CN Relayed via China * 2.4 NSL_RCVD_FROM_USER Received from User * 0.5 LCL_IMPSEC_MAILER_DAEMON From impsec mailer daemon? Bullshit. * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * 0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in * DNS * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=mailer-daemon%40ga.impsec.org;ip=153.120.11.54;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.4 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 2.9 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 3.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.3 FROM_MISSPACED From: missing whitespace * 1.7 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 1.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP CN Received: from www.c01.tamago-cart (c01.tamago-cart.com [153.120.11.54]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 178FTdrK044331 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 8 Aug 2021 09:29:44 -0600 Message-Id: <202108081529.178FTdrK044331@ga.impsec.org> Received: from User (unknown [119.57.115.13]) by www.c01.tamago-cart (Postfix) with ESMTPA id D820E130C8D9; Sun, 8 Aug 2021 13:34:47 +0900 (JST) Reply-To: From: "MA - .150" Subject: [SPAM] Ref:qA-partnership | 5.2m - FO Date: Sun, 8 Aug 2021 06:35:11 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 08 Aug 2021 09:29:44 -0600 (CST) for IP:'153.120.11.54' DOMAIN:'c01.tamago-cart.com' HELO:'www.c01.tamago-cart' FROM:'' RCPT:'' X-Greylist: Delayed for 07:03:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 08 Aug 2021 09:29:44 -0600 (CST) X-Spam-Prev-Subject: Ref:qA-partnership | 5.2m - FO Status: R X-Status: X-Keywords: X-UID: 252 Content-Length: 1258
Greetings.
I am looking to work with you to engage in a profit oriented Investment ventures in your country and perhaps with your assistance, we could get good Return on Investment (ROI).
I have the directive of Sheikh Mubarak AL-Thani to source for a partner abroad who can accommodate 200M USD for Investment. We shall execute the transaction under a legitimate arrangement without breaking the law to ensure funds are transferred to you as the lawful beneficiary.
More details will follow upon your reply.
Regards,
MA.
--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 From erganongur28@gmail.com Sun Aug 8 13:51:25 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=20.0 required=5.0 tests=ADVANCE_FEE_4_NEW_FRM_MNY, BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, LOTS_OF_MONEY,LOTTO_DEPT,MONEY_ATM_CARD,MONEY_FORM,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_FRAUD_PHISH,UNDISC_FREEM, UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5083] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [erganongur28[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.166.42 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [erganongur28[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.166.42 listed in wl.mailspike.net] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.8 MONEY_NOHTML Lots of money in plain text * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 1.9 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 2.9 MONEY_FRAUD_5 Lots of money and many fraud phrases * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US Received: from mail-io1-f42.google.com (mail-io1-f42.google.com [209.85.166.42]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 178JpI0j013521 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 8 Aug 2021 13:51:25 -0600 Received: by mail-io1-f42.google.com with SMTP id f11so24395436ioj.3 for ; Sun, 08 Aug 2021 12:51:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=IXQGOXI5qffweWMaEwHtsOdcyRNg3Rtm9W0ubn1BNRE=; b=WX/uPQ6v1pGN5v+nlv2rn/90gKvun40FCDRqMEycRVfiaPXzP38taOlpmVQZr33afS OwyybPiy0hr1WZ8glcahNF4jdykeMqOLOQw2dyUhu5OQh2tp7rHnZcArzTN+mp5MuNoi 1ooMJUpeLMERFwpw00E7pRYbaLJapf/5lkbTaYDh36KXpH0oGJW7ZVYdf/m8nWBoaNib QhNB3MoOUzYaVmjBKE+EbQ2RLtUgAxsfS1Kw88jNa4M+VIsXj9LCrgpHp5PIF07mxwtr UmOYH3cp9F2KJhqAKuttScryHfkjOxIjAvldX6Z09UTp7BaKKxxNfKGF/7e7oeW9bJnS Oxsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=IXQGOXI5qffweWMaEwHtsOdcyRNg3Rtm9W0ubn1BNRE=; b=T1rXH9Buy3gNz3sERmNxqKlmKR8Jiu3RYBIarZhroLw59GKKiHPpMI+j3G3iGqu7Bk JMPbabjWPVixhrpEIO84g9gNHXC9xsSxN33pHc1vNFvi8JRm9BbIbB0aQoUEfPRWBukE JWKMhZAJgIwHOXGcshSPXWnNA6rMrTutJFboj7/SmwKi4ZgfoXSs/pzQHU/m74FlYGD/ rGkd0CUAcJb6jwoWO+vRXyFusoTSIu88R/Fyq05Dt6Dp/58qXdp6i4VYoKdRHnhPqyr8 FMcDe5WKB6MZ2EK0tkHKEvO/Qm21dyGPCJV1SAFFPHVrNzTgA6RUwwb/6hVElrRgUEEQ iAWw== X-Gm-Message-State: AOAM533zwQGHDWk9YNisJQ24N6wr7RFbkVE6x46QkiZAOz/tMiGuK6cP AQk7veWc7EFFxdrSlhReNO6YUJvioEypnrcqvKI= X-Google-Smtp-Source: ABdhPJy0Wio+lGgDvzx4Fto898APOwulP5UMJwW6+ZQ+0tBkTl7+mG2Cm33jlzjIA5AhklRflJUCny6uogd6IkBzrJ4= X-Received: by 2002:a92:ce91:: with SMTP id r17mr59748ilo.264.1628452273558; Sun, 08 Aug 2021 12:51:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6638:5ad:0:0:0:0 with HTTP; Sun, 8 Aug 2021 12:51:12 -0700 (PDT) Reply-To: dhlexpress.fastservice@outlook.com From: "Dr.Ergan Ongur" Date: Sun, 8 Aug 2021 12:51:12 -0700 Message-ID: Subject: [SPAM] Dear; To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 08 Aug 2021 13:51:25 -0600 (CST) for IP:'209.85.166.42' DOMAIN:'mail-io1-f42.google.com' HELO:'mail-io1-f42.google.com' FROM:'erganongur28@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 08 Aug 2021 13:51:25 -0600 (CST) X-Spam-Prev-Subject: Dear; Status: R X-Status: X-Keywords: X-UID: 253 Content-Length: 1502 Dear; Sequel to my study leave and course in London, and pressure from some of you, I was able to hurriedly compute all ATM cards of the Batch C compensation beneficiaries before my departure from U.S yesterday. Your ATM card has been processed, sealed and booked with DHL Courier Company for onward delivery to the address you shall provide to them. Kindly contact DHL delivery Manager (Mr Larry Page) via return mail or with the contact details below. Mr.Larry Page DHL International, 405 East 42nd Street, New York, NY, 10017, USA Tel: +1 (224)269-1525 Provide him the information below: 1. Name: 2. Address: 5. Age: 6. Gender: 7. Nationality: 8. Country Of Residence: 9. Telephone Number: 10.Passport by attach or driver's lisence number I regret to inform you also that I was not able to avail delivery fee to DHL because I could not instantly verify your address and I sincerely apologize for this professional negligence. Kindly avail your current address where you would want your parcel delivered to and the delivery fee of $205.00 to DHL accordingly. Your Parcel Identification No.is DHLBEN/3576/20201.Parcel Description: MasterCard Debit Card of $4,800.000.00 USD.Your ATM CARD package was registered as a gift so that the diplomatic Agent will not know the content of your package okay. I wish you all the best as I hope to receive your appreciation letter at my desk when I return from my study leave. Cheers! Yours in service, Dr.Ergan Ongur Secretary, IFV compensation committee. From andriesbruin02@gmail.com Mon Aug 9 16:48:55 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.8 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FILL_THIS_FORM, FORGED_GMAIL_RCVD,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,LIST_PRTL_SAME_USER, LOTS_OF_MONEY,MONEY_FORM,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, NML_ADSP_CUSTOM_MED,RELAY_COUNTRY_RU,SPAM_BOOSTER_13,SPF_HELO_NONE, SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID, T_LOTTO_AGENT_RPLY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [andriesbruin02[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [claimdept21[at]aol.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [andriesbruin02[at]gmail.com] * 0.0 T_LOTTO_AGENT_RPLY Claims Agent * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.8 MONEY_NOHTML Lots of money in plain text * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 LIST_PRTL_SAME_USER Incomplete List-* headers and from+to user * the same * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.7 SPOOFED_FREEMAIL No description available. * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.6 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 1.1 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: RU EU Received: from mail.informsystema.ru (mail.informsystema.ru [217.174.183.106]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 179MmqVX001623; Mon, 9 Aug 2021 16:48:55 -0600 Received: by mail.informsystema.ru (Postfix, from userid 1001) id 47CC34136374; Tue, 10 Aug 2021 01:40:16 +0300 (MSK) Received: from [192.168.0.13] (unknown [185.108.107.31]) by mail.informsystema.ru (Postfix) with ESMTPA id 7FA704133EFB; Tue, 10 Aug 2021 01:40:13 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 List-Unsubscribe: mailto:?subject=unsubscribe>" List-Unsubscribe: mailto:?subject=unsubscribe>" Content-Description: Mail message body Subject: [SPAM] Claim Notification !!! To: Recipients From: andriesbruin02@gmail.com Date: Tue, 10 Aug 2021 00:40:10 +0200 Reply-To: claimdept21@aol.com X-Antivirus: AVG (VPS 210809-6, 9/8/2021), Outbound message X-Antivirus-Status: Clean X-Spam-Prev-Subject: Claim Notification !!! Message-Id: <20210809224016.47CC34136374@mail.informsystema.ru> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 09 Aug 2021 16:48:55 -0600 (CST) for IP:'217.174.183.106' DOMAIN:'mail.informsystema.ru' HELO:'mail.informsystema.ru' FROM:'andriesbruin02@gmail.com' RCPT:'' X-Greylist: Delayed for 00:08:22 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 09 Aug 2021 16:48:55 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 179MmqVX001623 X-Spam-Prev-Subject: [SPAM] Claim Notification !!! Status: R X-Status: X-Keywords: X-UID: 254 Claim Notification !!! Your email ID has won €650,000.00 euros (Six hundred and fifty thousand EUR) in LottoMax International Charity program.Ref No Sp /179/0-39/44/4-07/ES.Lucky No.9/44/15/27/49.For more information and claim procedure, please contact our agent below; National PostCode Agency.S.L Mr.Benito Fernando E-mail: luckyforlife21@aol.com Telephone:+34602838474 With your full name, address, age, occupation, phone numbers Send your answer to this E-mail:luckyforlife21@aol.com Note: This is an international lottery program. Congratulations! -- This email has been checked for viruses by AVG. https://www.avg.com From jhardin@impsec.org Fri Aug 13 05:08:32 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 24948 invoked by uid 99); 13 Aug 2021 05:41:28 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2021 05:41:28 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 83B9F1FF41A for ; Fri, 13 Aug 2021 05:41:27 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.173 X-Spam-Level: **** X-Spam-Status: No, score=4.173 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_3_NEW_MONEY=1.561, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, MONEY_NOHTML=0.971, RCVD_IN_HOSTKARMA_BL=1.5, SPF_PASS=-0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id scMUVhBmCeDL for ; Fri, 13 Aug 2021 05:41:27 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=202.209.212.23; helo=ksg-smtp.kyoto-seika.ac.jp; envelope-from=note@kyoto-seika.ac.jp; receiver= Received: from ksg-smtp.kyoto-seika.ac.jp (ksg-smtp.kyoto-seika.ac.jp [202.209.212.23]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTP id BF4B17DD1B for ; Fri, 13 Aug 2021 05:41:26 +0000 (UTC) Received: from Info.aulsjne5wneuzbpu4smcpkgilh.syx.internal.cloudapp.net (unknown [52.231.24.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ksg-smtp.kyoto-seika.ac.jp (Postfix) with ESMTPSA id 8A7FE107253C; Fri, 13 Aug 2021 14:08:36 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: PARTNERSHIP To: Recipients From: "Ms. Rerem" Date: Fri, 13 Aug 2021 05:08:32 +0000 Reply-To: reem.alhashimi@kakao.com Status: X-Status: X-Keywords: X-UID: 255 Content-Length: 1490 Hello Sir, = My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing = Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I a= m writing to you to stand as my partner to receive my share of gratificatio= n from foreign companies whom I helped during the bidding exercise towards = the Dubai World Expo 2020 Committee and also i want to use this funds to as= sist Coronavirus Symptoms and Causes. = Am a single Arab women and serving as a minister, there is a limit to my pe= rsonal income and investment level and For this reason, I cannot receive s= uch a huge sum back to my country or my personal account, so an agreement w= as reached with the foreign companies to direct the gratifications to an op= en beneficiary account with a financial institution where it will be possib= le for me to instruct further transfer of the fund to a third party account= for investment purpose which is the reason i contacted you to receive the = fund as my partner for investment in your country. = The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. = If you can handle the fund in a good investment.Reply to: r.alhashimi@yande= x.com = = Regards, Ms. Reem From jhardin@impsec.org Fri Aug 13 05:17:56 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 64632 invoked by uid 99); 13 Aug 2021 05:50:45 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Aug 2021 05:50:45 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id E27A9BFA45 for ; Fri, 13 Aug 2021 05:50:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 2.673 X-Spam-Level: ** X-Spam-Status: No, score=2.673 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_3_NEW_MONEY=1.561, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, MONEY_NOHTML=0.971, SPF_PASS=-0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id 7ZNAL329-sr3 for ; Fri, 13 Aug 2021 05:50:44 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=202.209.212.23; helo=ksg-smtp.kyoto-seika.ac.jp; envelope-from=note@kyoto-seika.ac.jp; receiver= Received: from ksg-smtp.kyoto-seika.ac.jp (ksg-smtp.kyoto-seika.ac.jp [202.209.212.23]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTP id 1B08FBD284 for ; Fri, 13 Aug 2021 05:50:43 +0000 (UTC) Received: from Info.aulsjne5wneuzbpu4smcpkgilh.syx.internal.cloudapp.net (unknown [52.231.24.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ksg-smtp.kyoto-seika.ac.jp (Postfix) with ESMTPSA id 204C410D0493; Fri, 13 Aug 2021 14:18:02 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: PARTNERSHIP To: Recipients From: "Ms. Rerem" Date: Fri, 13 Aug 2021 05:17:56 +0000 Reply-To: reem.alhashimi@kakao.com Status: X-Status: X-Keywords: X-UID: 256 Content-Length: 1490 Hello Sir, = My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing = Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I a= m writing to you to stand as my partner to receive my share of gratificatio= n from foreign companies whom I helped during the bidding exercise towards = the Dubai World Expo 2020 Committee and also i want to use this funds to as= sist Coronavirus Symptoms and Causes. = Am a single Arab women and serving as a minister, there is a limit to my pe= rsonal income and investment level and For this reason, I cannot receive s= uch a huge sum back to my country or my personal account, so an agreement w= as reached with the foreign companies to direct the gratifications to an op= en beneficiary account with a financial institution where it will be possib= le for me to instruct further transfer of the fund to a third party account= for investment purpose which is the reason i contacted you to receive the = fund as my partner for investment in your country. = The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. = If you can handle the fund in a good investment.Reply to: r.alhashimi@yande= x.com = = Regards, Ms. Reem From mandelafoundationmobilewinners@gmail.com Fri Aug 13 08:13:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.5 required=5.0 tests=ADVANCE_FEE_2_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LCL_VIA_ZA,LOTS_OF_MONEY, MONEY_FORM,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,RELAY_COUNTRY_ZA,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.48 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mandelafoundationmobilewinners[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [lottomaxclaims7[at]consultant.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.208.48 listed in list.dnswl.org] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.0 LCL_VIA_ZA Via relay in South African + high Bayes * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 2.5 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: US ZA Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17DEDHgS011750 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 13 Aug 2021 08:13:23 -0600 Received: by mail-ed1-f48.google.com with SMTP id cn28so3801919edb.6 for ; Fri, 13 Aug 2021 07:13:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:from:mime-version:subject:to:date:reply-to; bh=mB6v4xslnI3tqtGpDYP4DYnGG8Z1MNqpJuolnlK8F8U=; b=K49UWRqmbbZ4BrIB6vIpiQmhomaDS9cmzx2wDFnV3/titRy0IoJODaLRXXOcDyplOf 4R834OoTsOFYtqKziZiUoWwkyZ6gU5RQ5/A5gTfeH9MIxObPz7EhGUy3UEUqgeVAGPB4 OWKXUgIM5byCrGkD+C1nEvE8J2oRWa4NxqGfdLSX5LtQFKS4XXftgU2PftN/fgVMRctB Npyv0kWAFp2IH+8CBRMerodeRg7i2dJ53hvQ1fVZp1uoRz7DpxX+7t2wukbJ6IvUxL/j 3J8vUDyzdlOt84R2IWJuBlRWkBybpi0j33WyWtX8NKqjt9yaqIv+OlXAldyicb+BTyah NhQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:from:mime-version:subject:to:date :reply-to; bh=mB6v4xslnI3tqtGpDYP4DYnGG8Z1MNqpJuolnlK8F8U=; b=CbhtdYS6NYG0KCXHQqljXXeHowbWXA3FJEjcRzMQERqitEWIvcFNP/f90l1B45yZrU m6GleowIRU+YnabHWHW/Hkeb62QTO83WRkqj86fqGz6OXz92gFx7Wvltyq+UxjuEpCOf sxGcvjkZM9ubNAzY7ygwXyDi0Lo3AbxoeVaYaY4Fbqp4kkoiRsLPIbB1/BFFpcgY+oPz kK+2UsuUFJuuK3gZywnmv4ZF3jEBLA0K7WyBKmYv06zB5ZHoOGRGRTSpwpxyiFEr8w6u Ue1sK2e1aFOOQw7GXolvpOKbtemX4tUL8gEnDOFHlfk7jqa77wQ3ms2UL4nqmkfm6cIr yUXg== X-Gm-Message-State: AOAM5315i19GtSQqHVKRGTvPTSMK+8Z3+zWhEs+K4K291wTPkv131A9U KH/iqQsKdIZFg+j6NXUdfC4= X-Google-Smtp-Source: ABdhPJwMNJjxNsJWGebOLj5DXX8GRsLSbGaUTFjY9pGTFXef38eqyIWJAFuarM8m/ZE75+4kLhhx/w== X-Received: by 2002:aa7:c457:: with SMTP id n23mr3415608edr.89.1628863993921; Fri, 13 Aug 2021 07:13:13 -0700 (PDT) Received: from Hp-PC.home (105-213-91-175.access.mtnbusiness.co.za. [105.213.91.175]) by smtp.gmail.com with ESMTPSA id r16sm968887edt.15.2021.08.13.07.13.07 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 13 Aug 2021 07:13:12 -0700 (PDT) Message-ID: <61167df8.1c69fb81.d232b.3d90@mx.google.com> From: LottoMax Claims X-Google-Original-From: "LottoMax Claims" Content-Type: multipart/alternative; boundary="===============2037836129==" MIME-Version: 1.0 Subject: [SPAM] National PostCode Agency.S.L To: Recipients Date: Fri, 13 Aug 2021 16:13:03 +0200 Reply-To: "LottoMax Claims" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 13 Aug 2021 08:13:23 -0600 (CST) for IP:'209.85.208.48' DOMAIN:'mail-ed1-f48.google.com' HELO:'mail-ed1-f48.google.com' FROM:'mandelafoundationmobilewinners@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 13 Aug 2021 08:13:23 -0600 (CST) X-Spam-Prev-Subject: National PostCode Agency.S.L Status: R X-Status: X-Keywords: X-UID: 257 Content-Length: 4695 You will not see this in a MIME-aware mail reader. --===============2037836129== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body = Winners Notification !!! Your email ID has won =801,650,000.00 euros (One Million, Six hundred and f= ifty thousand EUR) in LottoMax International Charity program Ref No Sp/179/= 0-39/44/4-07/ES. Lucky No.9/44/15/27/49. For more information on comfirmation and claims procedure, please reply wi= th your FULL NAMES, ADDRESS, AGE, OCCUPATION CONTACT DETAILS You will be contacted by your district representative. = Note: This is an international lottery program. Congratulations! National PostCode Agency.S.L lottomaxclaims7@consultant.com --===============2037836129== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body

        =             &nb= sp;            =   

    =             &nb= sp;            =             &nb= sp;    Winners Notification !!!Your email ID has won =E2=82=AC1,650,000.00 euros (One Million, Six hundr= ed and fifty thousand EUR) in LottoMax International Charity program Ref No= Sp/179/0-39/44/4-07/ES. Lucky No.9/44/15/27/49.

Fo= r more information on comfirmation and claims procedure, please reply with = your
FULL NAMES,
ADDRESS,
AGE,
OCCUPATION
CONTACT DETAILS

Yo= u will be contacted by your district representative.
 
Note: Thi= s is an international lottery program.
Congratulations!

Na= tional PostCode Agency.S.L

lottomaxclaims7@con= sultant.com

--===============2037836129==-- From e.velasquez@municipiodemejia.gob.ec Sat Aug 14 02:55:48 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RELAY_COUNTRY_JP, SPAM_BOOSTER_15,SPF_HELO_PASS,SPF_PASS,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.8 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: EC ** ** ** ** JP Received: from mail.municipiodemejia.gob.ec (mail.municipiodemejia.gob.ec [190.152.217.252]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17E8tc2S005785 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 14 Aug 2021 02:55:48 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id 8B060A1D6472; Sat, 14 Aug 2021 02:59:09 -0500 (-05) Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id d8KiRiK1C-T8; Sat, 14 Aug 2021 02:59:09 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id 4D6CEA1B2708; Sat, 14 Aug 2021 02:58:22 -0500 (-05) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.municipiodemejia.gob.ec 4D6CEA1B2708 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=municipiodemejia.gob.ec; s=6C9E5B4C-A871-11EB-85DF-54B7F5D5C558; t=1628927902; bh=+cDiJh/StHQOgB/RfIlkssv7eeN7hzaaJziD+AWFtxM=; h=MIME-Version:To:From:Date:Message-Id; b=I4LDSYoilxkJ4MdsWz2RrxyJlc9qepHK3EKI3ZGYhL/azOqLJS7lguWzozCDDUKR7 A/vuGhvSYDQ18Mt3ig7k18TGsLLHAHd+e5OEwfhuCvfALGi1ZQctDGV/GPPzbGloRw d27A4OEP/eqypKmFRnW7hmkcXQF5r2wDeHAGoK8Xv1HfQHLWFoKZUmYQCIql1hij0P Zh/DfA1yt+/9iX/YfaJT1pnV0PgwNB+9wfZC7YjdJMRE9Q1YWHvDfo3iHIpBccLkJv 2fw3TapGpDsZtHACriwpcWdQzoLzsY1GeBYt1dQ4VhbveIZA/hBMCURtucW3rnjpiU ZMFqpXM7aRFKg== X-Virus-Scanned: amavisd-new at municipiodemejia.gob.ec Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oVINYVur0VBZ; Sat, 14 Aug 2021 02:58:22 -0500 (-05) Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTPSA id B3A0DA19D73D; Sat, 14 Aug 2021 02:57:19 -0500 (-05) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Hello Friend To: Recipients From: "Ms. Reem Hashimi" Date: Sat, 14 Aug 2021 07:57:05 +0000 Reply-To: hashimireem@yandex.com Message-Id: <20210814075719.B3A0DA19D73D@mail.municipiodemejia.gob.ec> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 02:55:48 -0600 (CST) for IP:'190.152.217.252' DOMAIN:'mail.municipiodemejia.gob.ec' HELO:'mail.municipiodemejia.gob.ec' FROM:'e.velasquez@municipiodemejia.gob.ec' RCPT:'' X-Greylist: Delayed for 00:32:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 02:55:48 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17E8tc2S005785 X-Spam-Prev-Subject: Hello Friend Status: R X-Status: X-Keywords: X-UID: 258 Content-Length: 1437 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: reem.alhashimi@kakao.com Regards, Ms. Reem From e.velasquez@municipiodemejia.gob.ec Sat Aug 14 03:05:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RELAY_COUNTRY_JP, SPAM_BOOSTER_15,SPF_HELO_PASS,SPF_PASS,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.8 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: EC ** ** ** ** JP Received: from mail.municipiodemejia.gob.ec (mail.municipiodemejia.gob.ec [190.152.217.252]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17E95DOt007349 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 14 Aug 2021 03:05:17 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id 85654A1D0437; Sat, 14 Aug 2021 02:59:06 -0500 (-05) Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id F6FpWLBqRpfi; Sat, 14 Aug 2021 02:59:06 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id 9B002A1BA7C8; Sat, 14 Aug 2021 02:58:21 -0500 (-05) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.municipiodemejia.gob.ec 9B002A1BA7C8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=municipiodemejia.gob.ec; s=6C9E5B4C-A871-11EB-85DF-54B7F5D5C558; t=1628927901; bh=+cDiJh/StHQOgB/RfIlkssv7eeN7hzaaJziD+AWFtxM=; h=MIME-Version:To:From:Date:Message-Id; b=i+3hOpcHcsB6zRvs8fewDdJSvzPaH/KPfMXzx1eMtzCCk5eTIN/JOEUxr/psu2Txx iuAzVWcWzfS7bHaFBsMqSUY2BK4a0Mb5WHJXZ6jl5uRYNz7EYJPobdWGYKyzf4HpeJ 1FJeKBLW1aOim2NpmMn2QElEu76BUYdsmOvkJbWJv2Fu48kYFt+3X8pddhYIFqemrQ eiwAcfpQpPn6FiqlHb7pkPs4R13QrvD/Zin6mTJO6Q8ObC5VIbQFFJXSN1Jo3OdocJ ArIa5M+8V/H1e8gkQFR97Q51ScG6c1iUqAI+q1eKl5d7biuiIQ5xOSmqXaJU8THSia MR07s2Oglc3KA== X-Virus-Scanned: amavisd-new at municipiodemejia.gob.ec Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id OL9iwT7mYN26; Sat, 14 Aug 2021 02:58:21 -0500 (-05) Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTPSA id AA757A18904D; Sat, 14 Aug 2021 02:57:17 -0500 (-05) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Hello Friend To: Recipients From: "Ms. Reem Hashimi" Date: Sat, 14 Aug 2021 07:57:02 +0000 Reply-To: hashimireem@yandex.com Message-Id: <20210814075717.AA757A18904D@mail.municipiodemejia.gob.ec> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 03:05:17 -0600 (CST) for IP:'190.152.217.252' DOMAIN:'mail.municipiodemejia.gob.ec' HELO:'mail.municipiodemejia.gob.ec' FROM:'e.velasquez@municipiodemejia.gob.ec' RCPT:'' X-Greylist: Delayed for 00:41:44 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 03:05:17 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17E95DOt007349 X-Spam-Prev-Subject: Hello Friend Status: R X-Status: X-Keywords: X-UID: 259 Content-Length: 1437 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: reem.alhashimi@kakao.com Regards, Ms. Reem From clrk2000rx@gmail.com Sat Aug 14 06:21:18 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.3 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FORM_FRAUD_5,FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_SCAM,HTML_MESSAGE,LOTS_OF_MONEY,MILLION_USD,MONEY_FORM_SHORT, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_SHORT, T_MONEY_PERCENT,UNCLAIMED_MONEY,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5001] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.217.65 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.217.65 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [clrk2000rx[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [benklerk-postpact2[at]webmail.co.za] * 0.0 MILLION_USD BODY: Talks about millions of dollars * 2.4 UNCLAIMED_MONEY BODY: People just leave money laying around * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 HK_SCAM No description available. * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US Received: from mail-vs1-f65.google.com (mail-vs1-f65.google.com [209.85.217.65]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17ECLAmr043180 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 14 Aug 2021 06:21:17 -0600 Received: by mail-vs1-f65.google.com with SMTP id d16so6061774vsf.12 for ; Sat, 14 Aug 2021 05:21:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=04eIP5tBqEs+tKXojJ2g5p5yxLVFMJZgwdbbkNnua3E=; b=JUsj/uYenGNWM1OHPyvSXAN6s5qTL9bOsmLyLV2wJndZRtFs3rvm0lJuNXNDo1Buci 5KGzwrwobsSvr9epiJ4ZPJVe98z32I/j9pLkDa0jzL1vHadQsIIqTCl7mifBu5BJkarN kVSosD5Gh2ssfbpi7e6PDHvMOkODwlFznwrvqb72lUjB76OdObRy+0zO9x+46EkWnT9k Da54Y22qcV4hHcIbrFd4ilidrS8tqcEV86JVpXe57gO8NME+y5C74qGYpy3Ucmwm5xbN ycOWdGld9EChnBYkmXpyMYkcP0DO5vVCbnEBMwQjt+j/kqQO/ay/9Ws1lZEHoUxrk9FI BATw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=04eIP5tBqEs+tKXojJ2g5p5yxLVFMJZgwdbbkNnua3E=; b=T6gZU/CN3OfCK4e3umRY6z5i8HPf2/HaQRV5CAQm4iX0mSyiTZRdIoXAm9WJuljGmE eg3h4NCK0JT4uF2YA8xCmIof5g7Y0Q7yFpUJGk/QGwXkVFSuJFXSpStU075wqNV6NVPc nnhAabqAK3NX0jVbxNCDhCwWTD2yHuzhZQS5DZE2ouQDcMNqdrw2lAdgJ15Fy4pZYXTH W48csr5SxjvUqCgYh6ud4GQpxYqjAQBlGbhhoYc0hNCF5BSL9LMmy7YBw0dNnBFK0tIr q19rCjKw4tqsLX50leeXci3PBDiZgmwtE8h/egKG3Yo+wYpF9Bp+HU48KhgPUimD+fsp pQ7g== X-Gm-Message-State: AOAM531uIgGRYy2AKciHSEXHMkOhr/eAoC/hgfWDPhMst0JiIVj2EdF8 WqG7hVMeWCvFb0YQebyuKEmwkDVYT0svzQMxCSg= X-Google-Smtp-Source: ABdhPJxcq94MJXWB/guSYfCx0lct9AjRhuPXS0jy91hRbZUoC+hP8cdLBA5ZWKgCkQnV/HS7kT8UOWm+G6lRhkxRfNI= X-Received: by 2002:a05:6102:e59:: with SMTP id p25mr5361756vst.26.1628943670012; Sat, 14 Aug 2021 05:21:10 -0700 (PDT) MIME-Version: 1.0 Reply-To: benklerk-postpact2@webmail.co.za From: Ben Klerk Date: Sat, 14 Aug 2021 05:20:59 -0700 Message-ID: Subject: [SPAM] ATTN:Post PACT-Letter....... To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="000000000000cf6eda05c9840050" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 06:21:18 -0600 (CST) for IP:'209.85.217.65' DOMAIN:'mail-vs1-f65.google.com' HELO:'mail-vs1-f65.google.com' FROM:'clrk2000rx@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 06:21:18 -0600 (CST) X-Spam-Prev-Subject: ATTN:Post PACT-Letter....... Status: R X-Status: X-Keywords: X-UID: 260 Content-Length: 13745 --000000000000cf6eda05c9840050 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Greetings, (PACT)., PROPOSAL I am Ben Klerk, Member of the Post-Apartheid Claim Tribunal (PACT)., (PACT)., South Africa is charged with the responsibility of finding bank accounts in South Africa belonging to Non-South African indigence, which have remained dormant since South African apartheid was resolved in 1994. It may interest you to know that in July of 1997, the South African Reserve Bank published a list of dormant accounts originally opened by non- South African citizens. These accounts had been dormant since the end of apartheid (27 April 1994). Most belonged to apartheid victims. The continuing efforts of the Post-Apartheid Claim Tribunal (PACT)., have since resulted in the discovery of additional dormant accounts - 14,000 in December 1999. The published lists contain all types of dormant accounts, including interest-bearing savings accounts, securities accounts, safe deposit boxes, custody accounts, and non-interest-bearing transaction accounts. Numbered accounts are also included. Interest is paid on accounts that were interest bearing when established. Post-Apartheid Claim Tribunal (PACT)., handles processing of all claims on accounts due to non-South African citizens. I discovered a dormant account of Mr. Earl W Bennett with a credit balance of US$ 67,000,000 (Sixty-Seven Million United State dollars) plus accumulated interest. The beneficiary was murdered during the apartheid era, leaving no WILL and no possible records for trace of heirs. The Post-Apartheid Claim Tribunal (PACT)., has been mandated to report all unclaimed funds for permanent closure of accounts and transfer of existing credit balance into the treasury of South African government as provided by the law for management of assets of deceased beneficiaries who died Intestate (living no wills). Being a top executive at PACT, I have all secret details and necessary contacts for claim of the funds without any hitch. The funds will be banked in a Very Reliable Bank here in South African, safe haven for funds and we can share the funds and use in investment of our choice. Due to the sensitive nature of my job, I need a foreigner to HELP claim the funds. All that is required is for you to provide me with your details for processing of the necessary legal and administrative claim documents for transfer of the funds in your name. Kindly provide me with your full name, address, and telephone number. I will ensure all procedures to see that the fund is transferred to a secure, numbered account in your name here in South African, of which you will be capable of accessing the funds and transferring gradually to your country and other banks of our choice in the world. My share will be 75% and your share 25% percent of the total amount. THERE IS NO RISK INVOLVED. Post-Apartheid Claim Tribunal (PACT)., has put funds in Escrow awaiting submission of valid claims for necessary disbursement. I find myself privileged to have this information and this may be a great opportunity for a lifetime success without risks. Due to security reasons, reply on my private email: benklerk-postpact2@webmail.co.za, or contact Tel +27 87 057 4123 or Fax +2786 666 0394. The reason why I choose South Africa is that they have one of the best Internet Account Facilities, whereby you can access the account online and make transfers online to your account in your country. This transaction is not a Child's Play and should not be treated as such, if you are capable then reply, if not, kindly delete. Best Regards, Ben Klerk Member (PACT) ---------------------------------------------------- CONFIDENTIALITY guaranteed=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2= =80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80= =A6=E2=80=A6=E2=80=A6=E2=80=A6.. --000000000000cf6eda05c9840050 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Greetings,=

(PACT)., P= ROPOSAL

=C2= =A0

I am Ben K= lerk, Member of the Post-Apartheid Claim Tribunal (PACT)., (PACT)., South Africa is charged with the responsibility of findin= g bank accounts in South Africa belonging to Non-South African indigence, whi= ch have remained dormant since South African apartheid was resolved in 1994.

=C2= =A0

It may int= erest you to know that in July of 1997, the South African Reserve Bank published a list of dormant accounts originally opened= by non- South African citizens.

=C2= =A0

These acco= unts had been dormant since the end of apartheid (27 April 1994). Most belonged to apartheid victims. The continuing efforts= of the Post-Apartheid Claim Tribunal (PACT)., have since resulted in the disco= very of additional dormant accounts - 14,000 in December 1999. The published lis= ts contain all types of dormant accounts, including interest-bearing savings accounts, securities accounts, safe deposit boxes, custody accounts, and non-interest-bearing transaction accounts. Numbered accounts are also inclu= ded. Interest is paid on accounts that were interest bearing when established.

=C2= =A0

Post-Apart= heid Claim Tribunal (PACT)., handles processing of all claims on accounts due to non-South African citizens. I discovered a dormant account of Mr. Earl W Bennett with a credit balance of US$ 67,000,0= 00 (Sixty-Seven Million United State dollars) plus accumulated interest. The beneficiary was murdered during the apartheid era, leaving no WILL and no possible records for trace of heirs.

=C2= =A0

The Post-A= partheid Claim Tribunal (PACT)., has been mandated to report all unclaimed funds for permanent closure of accounts and transfe= r of existing credit balance into the treasury of South African government as provided by the law for management of assets of deceased beneficiaries who = died Intestate (living no wills).

=C2= =A0

Being a to= p executive at PACT, I have all secret details and necessary contacts for claim of the funds without any hitch. The funds will= be banked in a Very Reliable Bank here in South African, safe haven for funds = and we can share the funds and use in investment of our choice. Due to the sensitive nature of my job, I need a foreigner to HELP claim the funds.

All that i= s required is for you to provide me with your details for processing of the necessary legal and administrative claim docu= ments for transfer of the funds in your name. Kindly provide me with your full na= me, address, and telephone number. I will ensure all procedures to see that the fund is transferred to a secure, numbered account in your name here in Sout= h African, of which you will be capable of accessing the funds and transferri= ng gradually to your country and other banks of our choice in the world. My sh= are will be 75% and your share 25% percent of the total amount. THERE IS NO RIS= K INVOLVED.

=C2= =A0

Post-Apart= heid Claim Tribunal (PACT)., has put funds in Escrow awaiting submission of valid claims for necessary disbursement. I fi= nd myself privileged to have this information and this may be a great opportun= ity for a lifetime success without risks. Due to security reasons, reply on my private email: benklerk= -postpact2@webmail.co.za, or contact Tel +27 87 057 4123 or Fax +2786 666 0394.

=C2= =A0

The reason= why I choose South Africa is that they have one of the best Internet Account Facilities, whereby you can access the account online and make transfers online to your account in your country.

=C2= =A0

This trans= action is not a Child's Play and should not be treated as such, if you are capable then reply, if not, kindly delete.

=C2= =A0

Best Regar= ds,

Ben Klerk<= /p>

Member (PA= CT)

----------= ------------------------------------------

CONFIDENTI= ALITY guaranteed=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2= =80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80= =A6=E2=80=A6=E2=80=A6..

=C2= =A0

=C2= =A0

=C2= =A0

=C2= =A0

=C2=A0

=C2=A0

=C2=A0

=C2=A0

--000000000000cf6eda05c9840050-- From e.velasquez@municipiodemejia.gob.ec Sat Aug 14 02:01:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,MONEY_NOHTML,RELAY_COUNTRY_JP, SPAM_BOOSTER_15,SPF_HELO_PASS,SPF_PASS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 0.8 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: EC ** ** ** ** JP Received: from mail.municipiodemejia.gob.ec (mail.municipiodemejia.gob.ec [190.152.217.252]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17E81Vco001714 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 14 Aug 2021 02:01:36 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id 11EFB979C623; Sat, 14 Aug 2021 02:48:25 -0500 (-05) Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 33sb89bW30cr; Sat, 14 Aug 2021 02:48:24 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTP id CB92BA03CE60; Sat, 14 Aug 2021 02:47:35 -0500 (-05) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.municipiodemejia.gob.ec CB92BA03CE60 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=municipiodemejia.gob.ec; s=6C9E5B4C-A871-11EB-85DF-54B7F5D5C558; t=1628927256; bh=+cDiJh/StHQOgB/RfIlkssv7eeN7hzaaJziD+AWFtxM=; h=MIME-Version:To:From:Date:Message-Id; b=GK2CiUVOJhWCeJkJndB9oCgCi0xxnWwXZLR1w3XVqgVQMB0CZk4gR3Prp9w8pGbAS 1Cwx+9xKyvT84vYgtgkjXng/2Y+XbUa4+N57plXJQGVkuDucH5aqNhSLwhwopVtkEO mUUJQG2hcVIN+eh2hX2OuBGd4Erqs5ujWjFIXZFUJU3gENpq/Caq31nw2QKmzimWeS YUCY/OMfDNjJyyVeUrz65dIgp9YU77VMCoPpoZgqr7Svcr65jVhpe63P1xI9/pNT24 AdoABpgYl0qeOXFZ3wH5nR9uiK6FNb/+bnoCYEzhVVRrAhqaFwHAKo7ZrzFR8Abh9h 3T71q2u7isLrw== X-Virus-Scanned: amavisd-new at municipiodemejia.gob.ec Received: from mail.municipiodemejia.gob.ec ([127.0.0.1]) by localhost (mail.municipiodemejia.gob.ec [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id YjhuP5edbdmr; Sat, 14 Aug 2021 02:47:35 -0500 (-05) Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) by mail.municipiodemejia.gob.ec (Postfix) with ESMTPSA id AE45AA03CE5E; Sat, 14 Aug 2021 02:46:50 -0500 (-05) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Hello Friend To: Recipients From: "Ms. Reem Hashimi" Date: Sat, 14 Aug 2021 07:46:40 +0000 Reply-To: hashimireem@yandex.com Message-Id: <20210814074650.AE45AA03CE5E@mail.municipiodemejia.gob.ec> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 02:01:36 -0600 (CST) for IP:'190.152.217.252' DOMAIN:'mail.municipiodemejia.gob.ec' HELO:'mail.municipiodemejia.gob.ec' FROM:'e.velasquez@municipiodemejia.gob.ec' RCPT:'' X-Greylist: Delayed for 00:09:34 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 14 Aug 2021 02:01:36 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17E81Vco001714 X-Spam-Prev-Subject: Hello Friend Status: R X-Status: X-Keywords: X-UID: 261 Content-Length: 1437 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: reem.alhashimi@kakao.com Regards, Ms. Reem From jhardin@impsec.org Mon Aug 16 08:41:52 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 53983 invoked by uid 99); 16 Aug 2021 15:42:05 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Aug 2021 15:42:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id B7D381FF40B for ; Mon, 16 Aug 2021 15:42:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.929 X-Spam-Level: *** X-Spam-Status: No, score=3.929 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_2_NEW_MONEY=0.148, DATE_IN_PAST_06_12=1.103, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MONEY_FREEMAIL_REPTO=2.428, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 6WA_k2z9_LfR for ; Mon, 16 Aug 2021 15:42:04 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::633; helo=mail-ej1-x633.google.com; envelope-from=katiecatidr@gmail.com; receiver= Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 535D27E925 for ; Mon, 16 Aug 2021 15:42:04 +0000 (UTC) Received: by mail-ej1-x633.google.com with SMTP id d11so32588401eja.8 for ; Mon, 16 Aug 2021 08:42:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=kg7rsAd0mNj/TQGGgLqGjwWzqh7o3WWmO2Q4kfiFh9M=; b=tTkuN3HGNsYNYb551r/kWasrKhR1kAIRot4hlzHbORM/L2szox8kJsNqmTKVQcSzJB 97uzLu2ZwqMZ8mlSj3l/GavfeDZSA7PeICFZgFPR8YqM1TPi/Z82FM4zoigR/JAU0661 CwnhmjviJO9A6+yRRjeTcTJN3ymX9isPEJyASZP/+sjwidv0A7mdP6ZIh8U5lQdcKYr5 WcDzi7bj6KU4AbhiRt2Q4p/6hKczGfOSSkvoJrhmOUI/kbpxZ9AJZJhcY6JC3kKDIebP XHUCE3PVFXixuPEuX5dUkpNJGVdscn+fXoOtOu1+VnCM7ldJLpQWAZe2fYl/GoE70vZM 9zoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=kg7rsAd0mNj/TQGGgLqGjwWzqh7o3WWmO2Q4kfiFh9M=; b=UhG7yOCVPmE3hwKhRfb1I6JGHjOiqxDcWjzbHGfIh8741G2FF1Xmh81Spzuq6U9Xrm LF5V73sPfAok4wf+V0PHo+m9ZWyzSv1pVNN4O/7j/x+CQsDxriDe59tFE27PV/NDQ9zf QXMwrYVE1H2GI3GyPsp87IeuE8qvI0/lCEKQZv7Wtnr4n1yBOwLl9h4XLNzQRDmxDg65 epssNJL5K54z1hW4nhubZs5IjdjMGappDWXuT57YTR46VadbSou/M/ERCeKhqz8o9jfY CkHEb7V3uTHk/pG4drjee8uYRmdnUVRlQIRcHfyQphDGJvsPg4Y7aKQgDWb8FlZ+xUOo tE2Q== X-Gm-Message-State: AOAM530xlbMEBaNLOCRhlfMl6nJucfezuH7r2Azuoydxi1saQTfrSCKh c+CpuJp4No6kWJwWu+eZgwHabgwBDpk+aKGFX+U= X-Google-Smtp-Source: ABdhPJxL63yXUnuAmr9wuGbByrUBZ+JzXCtfBXVBEAUNnaQPYa/6/BiwCi0JsUec3FjimoEKVdVpz6/rmahQ2iAZ5L8= X-Received: by 2002:a17:906:3854:: with SMTP id w20mr16260639ejc.537.1629128523809; Mon, 16 Aug 2021 08:42:03 -0700 (PDT) MIME-Version: 1.0 Reply-To: michael.woosley1972@gmail.com From: Michael Woosley Date: Mon, 16 Aug 2021 08:41:52 +0200 Message-ID: Subject: Rew: To: usp_sol@yahoo.com X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000f4862805c9af0af9" Status: X-Status: X-Keywords: X-UID: 262 Content-Length: 1430 --000000000000f4862805c9af0af9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I sent this letter to you a month ago, but I'm not sure if you have it, I have not heard of you, and this is the reason why I repeat it again. I make this offer to you in connection with the death of the engineer Friedrich, who was my client before his unfortunate death, leaving some huge funds 9, 280, 000, 00 Euro, in the bank. After unsuccessfully trying on the search after your relatives, I decided to contact you. God bless you =E2=80=A6 --000000000000f4862805c9af0af9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

I sent this letter = to you a month ago, but I'm not sure if you have it, I have not heard of you, an= d this is the reason why I repeat it again. I make this offer to you in connection with the death of the engineer Friedrich, who was my client before his unfortunate death, leaving some huge funds 9, 280, 000, 00 Euro, in=C2=A0th= e bank. After unsuccessfully trying on the search after your relatives, I dec= ided to contact you. God bless you =E2=80=A6

--000000000000f4862805c9af0af9-- From kandafarm@jcom.home.ne.jp Mon Aug 16 15:15:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************* X-Spam-Status: Yes, score=37.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY, MISSING_HEADERS,MONEY_FRAUD_5,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE, RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPAM_BOOSTER_05, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 FROM_MISSPACED From: missing whitespace * 1.6 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 3.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: JP Received: from mgw1.mx.zaq.ne.jp (fbsnd01102-jc.im.kddi.ne.jp [222.227.81.242]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17GLFXWC001290 for ; Mon, 16 Aug 2021 15:15:36 -0600 Received: from mgw1.mx.zaq.ne.jp by osmta1007-jc.im.kddi.ne.jp with ESMTP id <20210816210706887.BETU.31069.mgw1.mx.zaq.ne.jp@omta1007.jcom.zaq.ne.jp>; Tue, 17 Aug 2021 06:07:06 +0900 Received: from User by dmta1007-jc.im.kddi.ne.jp with ESMTP id <20210816210706825.JVCC.56775.User@dmta1007.jcom.zaq.ne.jp>; Tue, 17 Aug 2021 06:07:06 +0900 Reply-To: From: "Reem E. Al-Hashimi" Subject: [SPAM] Partnership Date: Mon, 16 Aug 2021 21:07:04 -0000 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210816210706825.JVCC.56775.User@dmta1007.jcom.zaq.ne.jp> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 15:15:37 -0600 (CST) for IP:'222.227.81.242' DOMAIN:'fbsnd01102-jc.im.kddi.ne.jp' HELO:'mgw1.mx.zaq.ne.jp' FROM:'kandafarm@jcom.home.ne.jp' RCPT:'' X-Greylist: Delayed for 00:05:58 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 15:15:37 -0600 (CST) X-Spam-Prev-Subject: Partnership Status: R X-Status: X-Keywords: X-UID: 263 Content-Length: 1808
Hello Sir,
 
My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes.
 
Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and  For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.
 
The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment.
 
If you can handle the fund in a good investment.Reply to: remmhashimi@kakao.com
 
 
Regards,
Ms. Reem
 From kikikanri@city.otake.hiroshima.jp Mon Aug 16 16:53:04 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [52.175.132.9 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [210.189.171.133 listed in psbl.surriel.com] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 MONEY_NOHTML Lots of money in plain text * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP Received: from mx.city.otake.hiroshima.jp (iaas-y133.cloud.osaka.jp [210.189.171.133]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17GMqxcn006919 for ; Mon, 16 Aug 2021 16:53:04 -0600 Message-Id: <202108162253.17GMqxcn006919@ga.impsec.org> Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) (Authenticated sender: kikikanri) by mx.city.otake.hiroshima.jp (Postfix) with ESMTPSA id 2F1F231E62; Mon, 16 Aug 2021 21:34:46 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] INFORMATION.. To: Recipients From: "Ms. Reem Hashimi" Date: Mon, 16 Aug 2021 12:34:42 +0000 Reply-To: reem.alhashimi@kakao.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 16:53:04 -0600 (CST) for IP:'210.189.171.133' DOMAIN:'iaas-y133.cloud.osaka.jp' HELO:'mx.city.otake.hiroshima.jp' FROM:'kikikanri@city.otake.hiroshima.jp' RCPT:'' X-Greylist: Delayed for 05:41:09 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 16:53:04 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17GMqxcn006919 X-Spam-Prev-Subject: INFORMATION.. Status: R X-Status: X-Keywords: X-UID: 264 Content-Length: 1442 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: r.alhashimi@yandex.com Regards, Ms. Reem From kikikanri@city.otake.hiroshima.jp Mon Aug 16 18:10:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************* X-Spam-Status: Yes, score=33.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [52.175.132.9 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [210.189.171.133 listed in psbl.surriel.com] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 MONEY_NOHTML Lots of money in plain text * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP Received: from mx.city.otake.hiroshima.jp (iaas-y133.cloud.osaka.jp [210.189.171.133]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17H0AQhQ013349 for ; Mon, 16 Aug 2021 18:10:37 -0600 Message-Id: <202108170010.17H0AQhQ013349@ga.impsec.org> Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) (Authenticated sender: kikikanri) by mx.city.otake.hiroshima.jp (Postfix) with ESMTPSA id 864AC31E69; Mon, 16 Aug 2021 21:34:46 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] INFORMATION.. To: Recipients From: "Ms. Reem Hashimi" Date: Mon, 16 Aug 2021 12:34:42 +0000 Reply-To: reem.alhashimi@kakao.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 18:10:37 -0600 (CST) for IP:'210.189.171.133' DOMAIN:'iaas-y133.cloud.osaka.jp' HELO:'mx.city.otake.hiroshima.jp' FROM:'kikikanri@city.otake.hiroshima.jp' RCPT:'' X-Greylist: Delayed for 05:08:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 18:10:37 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17H0AQhQ013349 X-Spam-Prev-Subject: INFORMATION.. Status: R X-Status: X-Keywords: X-UID: 265 Content-Length: 1442 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: r.alhashimi@yandex.com Regards, Ms. Reem From kikikanri@city.otake.hiroshima.jp Mon Aug 16 19:17:31 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [52.175.132.9 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [210.189.171.133 listed in psbl.surriel.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 MONEY_NOHTML Lots of money in plain text * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP Received: from mx.city.otake.hiroshima.jp (iaas-y133.cloud.osaka.jp [210.189.171.133]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17H1HREE017481 for ; Mon, 16 Aug 2021 19:17:31 -0600 Message-Id: <202108170117.17H1HREE017481@ga.impsec.org> Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) (Authenticated sender: kikikanri) by mx.city.otake.hiroshima.jp (Postfix) with ESMTPSA id DB933329D8; Mon, 16 Aug 2021 21:37:54 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] INFORMATION.. To: Recipients From: "Ms. Reem Hashimi" Date: Mon, 16 Aug 2021 12:37:51 +0000 Reply-To: reem.alhashimi@kakao.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 19:17:31 -0600 (CST) for IP:'210.189.171.133' DOMAIN:'iaas-y133.cloud.osaka.jp' HELO:'mx.city.otake.hiroshima.jp' FROM:'kikikanri@city.otake.hiroshima.jp' RCPT:'' X-Greylist: Delayed for 04:45:36 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 19:17:31 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17H1HREE017481 X-Spam-Prev-Subject: INFORMATION.. Status: R X-Status: X-Keywords: X-UID: 266 Content-Length: 1442 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: r.alhashimi@yandex.com Regards, Ms. Reem From kandafarm@jcom.home.ne.jp Mon Aug 16 14:32:49 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY, MISSING_HEADERS,MONEY_FRAUD_5,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE, RELAY_COUNTRY_JP,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPAM_BOOSTER_05, SPF_HELO_NONE,SPF_PASS,TO_NO_BRKTS_FROM_MSSP,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 FROM_MISSPACED From: missing whitespace * 1.6 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 3.0 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: JP Received: from mgw1.mx.zaq.ne.jp (fbsnd01105-jc.im.kddi.ne.jp [222.227.81.245]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17GKWiuN044824 for ; Mon, 16 Aug 2021 14:32:49 -0600 Received: from mgw1.mx.zaq.ne.jp by osmta1009-jc.im.kddi.ne.jp with ESMTP id <20210816202616994.JNP.89198.mgw1.mx.zaq.ne.jp@omta1009.jcom.zaq.ne.jp>; Tue, 17 Aug 2021 05:26:16 +0900 Received: from User by dmta1009-jc.im.kddi.ne.jp with ESMTP id <20210816202616538.JEKX.123973.User@dmta1009.jcom.zaq.ne.jp>; Tue, 17 Aug 2021 05:26:16 +0900 Reply-To: From: "Reem E. Al-Hashimi" Subject: [SPAM] Partnership Date: Mon, 16 Aug 2021 20:26:13 -0000 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20210816202616538.JEKX.123973.User@dmta1009.jcom.zaq.ne.jp> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 14:32:49 -0600 (CST) for IP:'222.227.81.245' DOMAIN:'fbsnd01105-jc.im.kddi.ne.jp' HELO:'mgw1.mx.zaq.ne.jp' FROM:'kandafarm@jcom.home.ne.jp' RCPT:'' X-Greylist: Delayed for 00:05:55 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 14:32:49 -0600 (CST) X-Spam-Prev-Subject: Partnership Status: R X-Status: X-Keywords: X-UID: 267 Content-Length: 1808
Hello Sir,
 
My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes.
 
Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and  For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country.
 
The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment.
 
If you can handle the fund in a good investment.Reply to: remmhashimi@kakao.com
 
 
Regards,
Ms. Reem
 From cinthya.gomez@epmapse.gob.ec Wed Aug 18 07:01:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.8 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BIGNUM_EMAILS_FREEM,FILL_THIS_FORM,FILL_THIS_FORM_LOAN, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY, LOTTO_DEPT,MISSING_HEADERS,MONEY_FORM,MONEY_FREEMAIL_REPTO, REPLYTO_WITHOUT_TO_CC,SPF_HELO_PASS,SPF_NONE,T_LOTTO_URI autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9987] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 T_LOTTO_URI URI: Claims Department URL * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.8 BIGNUM_EMAILS_FREEM Lots of email addresses/leads, free email * account * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.9 MONEY_FORM Lots of money if you fill out a form * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: EC ** ** ** ** ** ** Received: from mail.epmapse.gob.ec (mail.epmapse.gob.ec [181.113.61.150]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17ID1kj6024586 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 18 Aug 2021 07:01:50 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.epmapse.gob.ec (Postfix) with ESMTP id DF7BF8A05F8; Wed, 18 Aug 2021 07:45:51 -0500 (-05) Received: from mail.epmapse.gob.ec ([127.0.0.1]) by localhost (mail.epmapse.gob.ec [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id QWhBAzGZlMtW; Wed, 18 Aug 2021 07:45:48 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.epmapse.gob.ec (Postfix) with ESMTP id 52A1A88B5BF; Wed, 18 Aug 2021 07:29:48 -0500 (-05) X-Virus-Scanned: amavisd-new at epmapse.gob.ec Received: from mail.epmapse.gob.ec ([127.0.0.1]) by localhost (mail.epmapse.gob.ec [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id PTiweOtnGzSq; Wed, 18 Aug 2021 07:29:46 -0500 (-05) Received: from mail.epmapse.gob.ec (mail.epmapse.gob.ec [192.168.22.200]) by mail.epmapse.gob.ec (Postfix) with ESMTP id 511F0874490; Wed, 18 Aug 2021 07:16:37 -0500 (-05) Date: Wed, 18 Aug 2021 07:16:37 -0500 (ECT) From: Facebook Inc Reply-To: Facebook Inc Message-ID: <857527895.20244957.1629288997109.JavaMail.zimbra@epmapse.gob.ec> Subject: [SPAM] Attention MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_37a1eae5-4245-4037-80fb-60f251995450" X-Originating-IP: [192.168.22.1] X-Mailer: Zimbra 8.8.15_GA_3996 (ZimbraWebClient - GC92 (Mac)/8.8.15_GA_3996) Thread-Index: EGVfRAkHI1hxC1q0QiRwICkkhLuMQw== Thread-Topic: Attention X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 18 Aug 2021 07:01:50 -0600 (CST) for IP:'181.113.61.150' DOMAIN:'mail.epmapse.gob.ec' HELO:'mail.epmapse.gob.ec' FROM:'cinthya.gomez@epmapse.gob.ec' RCPT:'' X-Greylist: Delayed for 00:14:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 18 Aug 2021 07:01:50 -0600 (CST) X-Spam-Prev-Subject: Attention Status: R X-Status: X-Keywords: X-UID: 268 Content-Length: 3721 --=_37a1eae5-4245-4037-80fb-60f251995450 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable NOTE: If you Received this message in your spam / bulk folder, That is Beca= use of the restrictions Implemented by your Internet Service Provider, we (= Facebook Lottery Team) urge you to treat it Genuinely.=20 *******************************************=20 Congratulations:=20 Your E-MAIL ACCOUNT has won the sum of 0ne Million Sterling Pounds (=C2=A31= ,000.000.00 GBP) in the on-going Facebook online award promo. Your Ticket N= umber is 00545 188 564756. All Participants were selected through a compute= r randomized system drawn in 27 million email addresses via the Internet an= d Lucky Winners. THIS ABSOLUTELY MEANS THAT IT IS NOT ONLY FACEBOOK USER'S = THAT CAN BENEFIT FROM THIS LOTTERY, THIS LOTTERY IS INTENDED FOR EVERYONE A= ND IF YOU RECEIVE THIS EMAIL IT MEANS YOU ARE ONE OF THE LUCKY WINNER'S.=20 Forward your full details such as:=20 1. Full name.............=20 2. Country..............=20 3. Contact Address........=20 4. Telephone Number.....=20 5. Marital Status........=20 6. Occupation.............=20 7. Company...............=20 8. Age.....................=20 Kindly forward details to:=20 Contact Person: Mr. David M. Wehner, Chief Financial Officer Of European Re= gion UK=20 *Via E-mail: claimunit.facebook@outlook.com=20 Your e-mail won our jackpot, congratulation once more.=20 Yours in service,=20 Mr. Marc Andreessen=20 Facebook Lottery Facilitator.=20 ************************************************** *******=20 Do not doubt this letter or disregard as we are ready to give you your unbe= lievable Prize Award from Facebook.=20 --=_37a1eae5-4245-4037-80fb-60f251995450 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable


NOTE: If you Received this message in your spam / bulk fol= der, That is Because of the restrictions Implemented by your Internet Servi= ce Provider, we (Facebook Lottery Team) urge you to treat it Genuinely.
= *******************************************
Congratulations:
Your E-M= AIL ACCOUNT has won the sum of 0ne Million Sterling Pounds (=C2=A31,000.000= .00 GBP) in the on-going Facebook online award promo. Your Ticket Number is= 00545 188 564756. All Participants were selected through a computer random= ized system drawn in 27 million email addresses via the Internet and Lucky = Winners. THIS ABSOLUTELY MEANS THAT IT IS NOT ONLY FACEBOOK USER'S THAT CAN= BENEFIT FROM THIS LOTTERY, THIS LOTTERY IS INTENDED FOR EVERYONE AND IF YO= U RECEIVE THIS EMAIL IT MEANS YOU ARE ONE OF THE LUCKY WINNER'S.

For= ward your full details such as:
 1. Full name.............
&nbs= p;2. Country..............
 3. Contact Address........
 4. = Telephone Number.....
 5. Marital Status........
 6. Occupa= tion.............
 7. Company...............
 8. Age.......= ..............

Kindly forward details to:
Contact Person: Mr. Dav= id M. Wehner, Chief Financial Officer Of European Region UK
*Via E-mail:= claimunit.facebook@outlook.com

Your e-mail won our jackpot, congrat= ulation once more.

Yours in service,
Mr. Marc Andreessen
Faceb= ook Lottery Facilitator.

*******************************************= ******* *******
Do not doubt this letter or disregard as we are ready to= give you your unbelievable Prize Award from Facebook.
--=_37a1eae5-4245-4037-80fb-60f251995450-- From kikikanri@city.otake.hiroshima.jp Mon Aug 16 19:25:19 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [210.189.171.133 listed in psbl.surriel.com] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [52.175.132.9 listed in zen.spamhaus.org] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 MONEY_NOHTML Lots of money in plain text * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP JP Received: from mx.city.otake.hiroshima.jp (iaas-y133.cloud.osaka.jp [210.189.171.133]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17H1PGYJ017898 for ; Mon, 16 Aug 2021 19:25:19 -0600 Message-Id: <202108170125.17H1PGYJ017898@ga.impsec.org> Received: from Info.1kedqsj1mjhupm5qagcdcs1r2g.mx.internal.cloudapp.net (unknown [52.175.132.9]) (Authenticated sender: kikikanri) by mx.city.otake.hiroshima.jp (Postfix) with ESMTPSA id A1DDF30C69; Mon, 16 Aug 2021 21:32:13 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] INFORMATION.. To: Recipients From: "Ms. Reem Hashimi" Date: Mon, 16 Aug 2021 12:32:10 +0000 Reply-To: reem.alhashimi@kakao.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 19:25:19 -0600 (CST) for IP:'210.189.171.133' DOMAIN:'iaas-y133.cloud.osaka.jp' HELO:'mx.city.otake.hiroshima.jp' FROM:'kikikanri@city.otake.hiroshima.jp' RCPT:'' X-Greylist: Delayed for 03:59:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 16 Aug 2021 19:25:19 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17H1PGYJ017898 X-Spam-Prev-Subject: INFORMATION.. Status: R X-Status: X-Keywords: X-UID: 269 Content-Length: 1442 Hello Sir, My name is Reem E. Al-Hashimi, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: r.alhashimi@yandex.com Regards, Ms. Reem From clientservice536@gmail.com Thu Aug 19 18:33:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************** X-Spam-Status: Yes, score=26.5 required=5.0 tests=ADVANCE_FEE_4_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, LOTS_OF_MONEY,LOTTO_DEPT,MONEY_ATM_CARD,MONEY_FORM,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_FRAUD_PHISH,UNDISC_FREEM, UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.49 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.49 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [clientservice536[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [clientservice536[at]gmail.com] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.0 LOTTO_DEPT Claims Department * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 1.1 MONEY_FORM Lots of money if you fill out a form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 1.8 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 3.0 MONEY_FRAUD_5 Lots of money and many fraud phrases * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17K0XGWf019255 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 19 Aug 2021 18:33:21 -0600 Received: by mail-lf1-f49.google.com with SMTP id x27so16685562lfu.5 for ; Thu, 19 Aug 2021 17:33:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=IJFp/2EafpH7akeRgDIW9XRpFbBnnGxjZxzLl6nqyl8=; b=IXfJhdLjgt3V4Y5+HQ37P62qFdGFe418fjSLlrnYNEIPOKlN3M9iITaKeYzYTwHZhg tpm5LzaqjiptEG4AS1FGpebXbaOc4MXQN9Dc+AekTEwVwjiu8TGWwne46GvjnRsU+Esm ov/HpUKX0AEht0hA2fuKEldtCOjInxfo3F7ZJOYuhcNhcxdDQAB2oW0nTe0APvX0q1aE vaSnkEiOVYFahAz9qQPF3O7ywqcer7QzY6yc81n+TPuxQGpGCYj+++8C0fMxbzYl/zPp qt75uXNimxZl0Q40fnxGnD6IuIaOhTNlZtqqkys5gczY5h1BCD7X3Pyl0RGmTKr2menx t2mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=IJFp/2EafpH7akeRgDIW9XRpFbBnnGxjZxzLl6nqyl8=; b=Bgz3uH7mBQuIwV8TqSYMURXLFa+40RJV1w49/lBqD/BTWtAwd+7J5KnOYoGUYXJpQF IXUcv6t6V3GBgkdWY4hIpKnJ/8NfwSREaBZ2X3sCd1urH76nnm9WzRs2ApvncdexRuEO Vr6Usraq2v6I2wPtXKFLpTJZ1Vh4jZsw98+lG3m94ctgMxOHqdHTuor7S3bbJK0UT+Er 3RnvF2epiVOQ7cMMvUDNYxktK7GyhStt9YSijf0d6W9Cd+ZmZ4CSqFF2ZXa9UOC3r89S aJmj2j7NENUZbADPYk1dC8cfcenhw74nmaFw/EAXesfr85T2EIDLEPFxFecJzbfFNirT otSw== X-Gm-Message-State: AOAM5334HSom+d5sYgnx2H2H6np+IOG/lOqVPWm66oysoLM4sPWpd6VB q6+2xH8I4m0JxRct8IhIPGgh073TDYZiNv8d33Y= X-Google-Smtp-Source: ABdhPJzjJHCAe6K4QOXHuRMR+A9rSFYdhMMC+aQYDQQTtWu9KZz1oW/tazwseZjQm+1b4Vu5/N7UAMUrthwwsqNnkhM= X-Received: by 2002:ac2:4e62:: with SMTP id y2mr13138499lfs.9.1629419591507; Thu, 19 Aug 2021 17:33:11 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a2e:802:0:0:0:0:0 with HTTP; Thu, 19 Aug 2021 17:33:10 -0700 (PDT) Reply-To: dhlcustomercares@outlook.com From: "Dr.Richard Palmer" Date: Thu, 19 Aug 2021 17:33:10 -0700 Message-ID: Subject: [SPAM] Attn, To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 19 Aug 2021 18:33:22 -0600 (CST) for IP:'209.85.167.49' DOMAIN:'mail-lf1-f49.google.com' HELO:'mail-lf1-f49.google.com' FROM:'clientservice536@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 19 Aug 2021 18:33:22 -0600 (CST) X-Spam-Prev-Subject: Attn, Status: R X-Status: X-Keywords: X-UID: 270 Content-Length: 1480 Attn; Sequel to my study leave and course in London, and pressure from some of you, I was able to hurriedly compute all ATM cards of the Batch C compensation beneficiaries before my departure from U.S yesterday. Your ATM card has been processed, sealed and booked with DHL Courier Company for onward delivery to the address you shall provide to them. Kindly contact DHL delivery Manager (Mr.Larry Page ) via return mail or with the contact details below. Mr.Larry Page DHL International, 405 East 42nd Street, New York, NY, 10017, USA Tel: +1 (224)269-1525 Provide him the information below: 1. Name: 2. Address: 3. Age: 4. Gender: 5. Nationality: 6. Country Of Residence: 7. Telephone Number: 8. Passport by attach or driver's lisence number. I regret to inform you also that I was not able to avail your delivery address to DHL because I could not instantly verify your address and I sincerely apologize for this professional negligence. Kindly avail your current address where you would want your parcel delivered to.Your Parcel Identification No. is DHLUSA/3576/2021. Parcel Description: MasterCard Debit Card of $4.800,000.00 USD.Important Notice, your ATM CARD package was registered as a gift so that the diplomatic Agent will not know the content of your package okay. I wish you all the best as I hope to receive your appreciation letter at my desk when I return from my study leave. Cheers! Yours in service, Dr.Richard Palmer Secretary IFV compensation committee From secureserver@servers.com Thu Aug 19 23:15:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.5 required=5.0 tests=ADVANCE_FEE_3_NEW,BAYES_99, BAYES_999,FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HTML_MESSAGE, KHOP_HELO_FCRDNS,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, REPTO_419_FRAUD,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_SOFTFAIL, SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.222.57.245 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.222.57.245 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [185.222.57.245 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.8 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: NL Received: from servers.com (hosted-by.rootlayer.net [185.222.57.245] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17K5EpRA042492 for ; Thu, 19 Aug 2021 23:14:59 -0600 Reply-To: abel@nbdeil.com From: Abel To: jhardin@impsec.org Subject: [SPAM] Dear beloved Date: 20 Aug 2021 07:14:48 +0200 Message-ID: <20210820071447.1D1765CBCB5E5D00@servers.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 19 Aug 2021 23:15:00 -0600 (CST) for IP:'185.222.57.245' DOMAIN:'[185.222.57.245]' HELO:'servers.com' FROM:'secureserver@servers.com' RCPT:'' X-Greylist: Delayed for 108:55:51 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 19 Aug 2021 23:15:00 -0600 (CST) X-Spam-Prev-Subject: Dear beloved Status: R X-Status: X-Keywords: X-UID: 271

Hello Dear jhardin,


Greetings,

I am Abel Richard My colleagues and I are seeking your assistance to hel= p us receive/invest our funds in your country in any lucrative business.

Please if this proposal is acceptable by you, kindly respond back to me = for more details.


Thanks and waiting to hear from you


Best Regards

Abel

Email: abel@nbdeil.com

= From test@transflex.fr Fri Aug 20 02:07:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.4 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DATE_IN_PAST_06_12, FAKE_REPLY_C,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_OUTLOOK_TAGS,FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MILLION_HUNDRED,MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FROM_MISSP, MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_05,SPF_FAIL,SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.2 NSL_RCVD_HELO_USER Received from HELO User * 1.5 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=test%40transflex.fr;ip=176.62.232.41;r=ga.impsec.org] * 1.0 MISSING_HEADERS Missing To: header * 0.6 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FROM_MISSP_SPF_FAIL No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 1.5 FAKE_REPLY_C No description available. * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.7 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CZ AT Received: from smtp.vylpb.net (smtp.vylpb.net [176.62.232.41]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17K86r9o009116 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 20 Aug 2021 02:07:00 -0600 Received: from vm40705.cs.easyname.systems ([185.51.10.229] helo=User) by smtp.vylpb.net with esmtpa (Exim 4.92) (envelope-from ) id 1mGovj-0003HV-9M; Thu, 19 Aug 2021 22:46:27 +0200 Reply-To: From: "Mr. Oliver Bergmueller" Subject: [SPAM] Re: My greetings Date: Thu, 19 Aug 2021 22:46:27 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 02:07:00 -0600 (CST) for IP:'176.62.232.41' DOMAIN:'smtp.vylpb.net' HELO:'smtp.vylpb.net' FROM:'test@transflex.fr' RCPT:'' X-Greylist: Delayed for 11:20:23 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 02:07:00 -0600 (CST) X-Spam-Prev-Subject: Re: My greetings Status: R X-Status: X-Keywords: X-UID: 272 Content-Length: 1264
Re: My greetings
I am Mr. Oliver Bergmueller a retired Economic Operator hospitalized for health reasons. I suffer from heart disease and the results of some of my medical tests showed that my days on earth are numbered, while I have in my Bank a sum of money of Three million four hundred and twenty-five thousand. Euros.
Unfortunately, I have no family or children who will be able to benefit from this money. I was advised by the Catholic bishop and my spiritual guide to inherit it from a person whom I must choose at random, who can put these funds to good use. Reason why I am contacting you today by email given that I am under hospitalization in order to live the rest of my life. You are therefore the beneficiary of 3,425,000 EURO. I offer it to you from the bottom of my heart, I just ask for prayers in return so that my soul may rest in peace on the last day.
Please write to me by Email: MrOliverBergmueller@specialautokins.com
May the Lord God creator of heaven and earth hear your prayers,
Amen !!!
 From inf@tmstool.com Fri Aug 20 13:17:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************************** X-Spam-Status: Yes, score=39.5 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RELAY_COUNTRY_NG,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPAM_BOOSTER_05, SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS,T_FILL_THIS_FORM_FRAUD_PHISH, T_FILL_THIS_FORM_SHORT,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 0.0 NSL_RCVD_FROM_USER Received from User * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 FROM_MISSPACED From: missing whitespace * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 1.4 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.8 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US NG Received: from localhost.local (tmstool.com [74.208.216.172]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17KJH3sL034758 for ; Fri, 20 Aug 2021 13:17:06 -0600 Message-Id: <202108201917.17KJH3sL034758@ga.impsec.org> Received: from User (unknown [154.120.104.87]) by localhost.local (Postfix) with ESMTPA id 5CF5524594FB; Fri, 20 Aug 2021 14:03:58 -0500 (CDT) Authentication-Results: localhost.local; spf=pass (sender IP is 154.120.104.87) smtp.mailfrom=inf@tmstool.com smtp.helo=User Received-SPF: pass (localhost.local: connection is authenticated) Reply-To: From: "Mr Femi Brown" Subject: [SPAM] YOUR FUND RELEASE. Date: Fri, 20 Aug 2021 20:04:15 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-PPP-Message-ID: <162948625157.1150783.2324180430321425279@localhost.local> X-PPP-Vhost: tmstool.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 13:17:06 -0600 (CST) for IP:'74.208.216.172' DOMAIN:'tmstool.com' HELO:'localhost.local' FROM:'inf@tmstool.com' RCPT:'' X-Greylist: Delayed for 00:11:55 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 13:17:06 -0600 (CST) X-Spam-Prev-Subject: YOUR FUND RELEASE. Status: R X-Status: X-Keywords: X-UID: 273
This mail is been writing to you because we have come to understand that
you have lost a lot of money all because you want to receive your fund
well note that all that have been put to a stop as the federal government of
Nigeria has promised to assist you with the sum of $5million in other to
compensate you and all you have to do is fill the below information s.
 
1 full name
 
2 home phone and cell phone number
 
3 occupation
 
4 amount that was lost by you
 
Send this and get back at once.
 
Warm regards
 
Femi
 From secureserver@servers.com Fri Aug 20 04:28:21 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.5 required=5.0 tests=ADVANCE_FEE_3_NEW,BAYES_99, BAYES_999,FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HTML_MESSAGE, KHOP_HELO_FCRDNS,MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, REPTO_419_FRAUD,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_SOFTFAIL, SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.222.57.245 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.222.57.245 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [185.222.57.245 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 1.7 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: NL Received: from servers.com (hosted-by.rootlayer.net [185.222.57.245] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17KASHe1040990 for ; Fri, 20 Aug 2021 04:28:21 -0600 Reply-To: abel@nbdeil.com From: Abel To: apeacock@pavoninestudios.com Subject: [SPAM] Dear beloved Date: 20 Aug 2021 12:28:16 +0200 Message-ID: <20210820122816.4A0FE4096FFFC02E@servers.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 04:28:21 -0600 (CST) for IP:'185.222.57.245' DOMAIN:'[185.222.57.245]' HELO:'servers.com' FROM:'secureserver@servers.com' RCPT:'' X-Greylist: Delayed for 108:34:55 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 20 Aug 2021 04:28:21 -0600 (CST) X-Spam-Prev-Subject: Dear beloved Status: R X-Status: X-Keywords: X-UID: 274

Hello Dear apeacock,


Greetings,

I am Abel Richard My colleagues and I are seeking your assistance to hel= p us receive/invest our funds in your country in any lucrative business.

Please if this proposal is acceptable by you, kindly respond back to me = for more details.


Thanks and waiting to hear from you


Best Regards

Abel

Email: abel@nbdeil.com

= From mariadan757@gmail.com Sat Aug 21 08:19:26 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.6 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO,HK_SCAM, HTML_MESSAGE,LOTS_OF_MONEY,MONEY_FORM,MONEY_FREEMAIL_REPTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5084] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mariadan757[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.210.182 listed in list.dnswl.org] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mariadan757[at]gmail.com] * 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) * [209.85.210.182 listed in wl.mailspike.net] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 HK_SCAM No description available. * 2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.8 MONEY_FORM Lots of money if you fill out a form * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 2.4 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: US Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17LEJN0R002267 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 21 Aug 2021 08:19:26 -0600 Received: by mail-pf1-f182.google.com with SMTP id m26so11246886pff.3 for ; Sat, 21 Aug 2021 07:19:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to; bh=YVDjJo/HZtwQQjZF1nQ7/U+vW3Vtr5zx7fOqNsbm3G4=; b=aNAIH68TdLBQmuaO8Xmi/sV5n0JK3bqrQl2vgO++V6O31wyORN0cB5arV6ikVqMz5u nee5I3hkRB1UFoAOir+whJWxv04txHdvBI4vOfI5tVUxuMJEqEe77eCYNjbK+71126r4 HcNydaSvbNPtkq2lElcQVfdPaTwVGiEI3aw5x43o/F9tjWXewqdUKgel4nSDQ+J/Svqc 5q+vMy3Vrjf3H/xvpSz8m7TymK42+/6V06spbOrKfqM9O4Tfw520z7HvnF6elM2AndnJ Rl8Xyb7qnodesl0QOkn8yGD7umtbKXHn2IzFf5U0/+RYrScSsyK4mvh+o6RIpRkEz+t6 KRQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to; bh=YVDjJo/HZtwQQjZF1nQ7/U+vW3Vtr5zx7fOqNsbm3G4=; b=rGyMXu/AFP+3Jf3qLdPLbRuY1vGXmnaVXAq7Y7RItM5BNT6KZ80tKQx5gdoiCzKVSu j+X8kwul4nwOthcmx+IDUtvvXkyLQNZkXnLzo3Ned8JQvr03oelMNzqCAgpoFzJnG0Se 48CHd6H1hBtvJytjKncpOWpkjboQnVBFYPIISNPPuaaU6/4MrEHTt7H9B3ag9qJozWqS 5lWEeS5GpEqJw+RRYyStZLctMBH9DtjqFWsXsNDW8YtSZWMetB7fe3Bwmc1S38ZUjM7o mvWzaL4EMsX8YFeTc+7YTOyPOqwW5iI2qF9/tMA2+VXLIe1YIVlnY763rnX2HonQLhR9 MFjA== X-Gm-Message-State: AOAM531eL4qy3mOEUBeWTjx0CAnXzFSFQlFljxSyWpdmBInFTXLuzaXA QaL9HVZiMpXqyV1YdrkwYhE1XdOxOGkpZs44jQQ= X-Google-Smtp-Source: ABdhPJzBsTXl90rgsuixErfcEJ3qC4vThonyPNTrM6kGUcuexkZ0nzErfAtyKe2vAFhJFhlTZ1Zc/OswdMNzfvb787E= X-Received: by 2002:a62:e50c:0:b029:2f9:b9b1:d44f with SMTP id n12-20020a62e50c0000b02902f9b9b1d44fmr25495447pff.42.1629555562379; Sat, 21 Aug 2021 07:19:22 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Reply-To: faxttransfer.skyebk.service.care.th@hotmail.com From: John Morris Date: Sat, 21 Aug 2021 15:19:03 +0100 Message-ID: Subject: [SPAM] RECEIVE YOUR COMPENSATION. To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="0000000000006ffc9c05ca127817" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 21 Aug 2021 08:19:26 -0600 (CST) for IP:'209.85.210.182' DOMAIN:'mail-pf1-f182.google.com' HELO:'mail-pf1-f182.google.com' FROM:'mariadan757@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 21 Aug 2021 08:19:26 -0600 (CST) X-Spam-Prev-Subject: RECEIVE YOUR COMPENSATION. Status: R X-Status: X-Keywords: X-UID: 275 Content-Length: 2474 --0000000000006ffc9c05ca127817 Content-Type: text/plain; charset="UTF-8" Attention Dear. The International Monetary Fund (IMF) Compensates you for scam victims. and your name was found in the scam victim's list. This Western skye bank office has been mandated by the IMF to transfer your compensation to You via Western skye bank Money Transfer. However, we have concluded that to affect your own payment through Western Skye Bank Money Transfer, the total sum of $1,550,000USD will be Completely transferred to you without any delay. We need your bank account information below where we will transfer your funds, Send bank account information as follows Your Bank Name:--------------------- Your Bank Address:------------------- Your Bank Account Number:------------- SWIFT CODE:-------------------------- Beneficiary Name:-------------------- Your Identity Card:--------------- Your Mobile Number: -------------------- Contact us through our head office Email address: ( faxttransfer.skyebk.service.care.th@hotmail.com) Regard Mr. John Morris Bank Secretary --0000000000006ffc9c05ca127817 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Attention = Dear.
The International Monetary Fund (IMF) Compensates you for scam vi= ctims. and your name was found in the scam victim's list. This Western = skye bank office has been mandated by the IMF to transfer your compensation= to You via Western skye bank Money Transfer. However, we have concluded th= at to affect your own payment through Western Skye Bank Money Transfer, the= total sum of $1,550,000USD will be Completely transferred to you without a= ny delay. We need your bank account information below where we will transfe= r your =C2=A0funds,

Send bank account information as follows
Your= Bank Name:---------------------
Your Bank Address:-------------------Your Bank Account Number:-------------
SWIFT CODE:--------------------= ------
Beneficiary Name:--------------------
Your Identity Card:-----= ----------
Your Mobile Number: --------------------

Contact us th= rough our head office Email address: (faxttransfer.skyebk.service= .care.th@hotmail.com)

Regard
Mr. John Morris
Bank Secretar= y
--0000000000006ffc9c05ca127817-- From bill@baninetworks.com Fri Aug 27 08:40:36 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.8 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD, MONEY_FORM,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,MONEY_NOHTML, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4,SPF_HELO_NONE,SPF_PASS, SUBJ_ALL_CAPS,URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9922] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [121.46.70.55 listed in bl.mailspike.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [annagray00[at]hotmail.com] * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.1 MONEY_NOHTML Lots of money in plain text * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 1.8 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: BD ** ** ** ** CO Received: from mail2.baninetworks.com (mail2.baninetworks.com [121.46.70.55]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17REeLxF007672 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 27 Aug 2021 08:40:36 -0600 Received: from localhost (localhost [127.0.0.1]) by mail2.baninetworks.com (Postfix) with ESMTP id 139CF23DF1 for ; Fri, 27 Aug 2021 09:23:46 +0000 (UTC) Received: from mail2.baninetworks.com ([127.0.0.1]) by localhost (mail2.baninetworks.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id wjVvrVzVKyfd for ; Fri, 27 Aug 2021 09:23:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail2.baninetworks.com (Postfix) with ESMTP id A3C5A242D7 for ; Fri, 27 Aug 2021 09:23:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at baninetworks.com Received: from mail2.baninetworks.com ([127.0.0.1]) by localhost (mail2.baninetworks.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id vh-LqHcCpBOF for ; Fri, 27 Aug 2021 09:23:45 +0000 (UTC) Received: from baninetworks.com (unknown [190.248.151.50]) by mail2.baninetworks.com (Postfix) with ESMTPSA id 60C902E5D7D for ; Fri, 27 Aug 2021 09:23:44 +0000 (UTC) Reply-To: annagray00@hotmail.com From: "Mr. Dave West" To: jhardin@impsec.org Subject: [SPAM] IRREVOCABLE PAYMENT ORDER VIA (ATM CARD.)/ Date: 27 Aug 2021 04:29:00 -0500 Message-ID: <20210827042900.1015E7016B2BD26E@baninetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 27 Aug 2021 08:40:36 -0600 (CST) for IP:'121.46.70.55' DOMAIN:'mail2.baninetworks.com' HELO:'mail2.baninetworks.com' FROM:'bill@baninetworks.com' RCPT:'' X-Greylist: Delayed for 04:15:34 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 27 Aug 2021 08:40:36 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17REeLxF007672 X-Spam-Prev-Subject: IRREVOCABLE PAYMENT ORDER VIA (ATM CARD.)/ Status: R X-Status: X-Keywords: X-UID: 276 Content-Length: 2205 IRREVOCABLE PAYMENT ORDER VIA (ATM CARD.) Dear... We have actually been authorized by the United Nations Secretary- General, and the governing body of the UNITED NATIONS Monetary Unit, to investigate the unnecessary delay on your payment, recommended and approved in your favor. During the course of our investigation, we discovered with dismay that your payment has been unnecessarily delayed by corrupt officials of the Bank who are trying to divert your funds into their private accounts. To forestall this, security for your funds was organized in the form of your Personal Identification Number (PIN) (ATM CARD) and this will enable only you to have direct control over your funds in the (ATM CARD). We will monitor this payment ourselves to avoid the hopeless situation created by the Officials of the bank. An irrevocable payment guarantee has been issued by the Presidency of the United State on your payment. However, we are happy to inform you that based on our recommendation/instructions, your complete contract funds has been credited in your favor through (ATM CARD). You are therefore advised to contact: MRS. Anna Gray,, the GENERAL MANAGER OPERATIONS, through the e-mail address: annagray00@hotmail.com Contact him now for the delivery of your (ATM CARD). As soon as you establish a contact with him, an ATM card will be issued to you immediately that you can use to withdraw your funds in any ATM machine in any part of the world But, the maximum is Five Thousand dollars per day. So if you like to receive your funds through this means you are advised to contact the ATM card payment center with the following information as stated below: (1A) HOME PHONE NUMBER: (1B) CELL/MOBILE PHONE NUMBER: (2) YOUR ADDRESS WHERE YOU WANT YOUR ATM CARD SENT : (P.O BOX NOT ACCEPTABLE) (3) YOUR AGE: (4) YOUR FULL NAME: (5) YOUR MARITAL STATUS: NOTE: WITH YOUR CORRECT AND VALID DETAILS. ALSO, BE INFORMED THAT THE AMOUNT TO BE PAID NOW IS $4.5 MILLION. We expect your urgent response to this email to enable us to monitor this payment effectively, thereby, making contact with MRS. Anna Gray, as directed to avoid further delay. CONGRATULATIONS. Mr. Dave West From info@bank.com Sat Aug 28 15:04:08 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=51.9 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,DEAR_BENEFICIARY,FILL_THIS_FORM,FILL_THIS_FORM_LOAN, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,LOTTO_DEPT,MILLION_HUNDRED,MONEY_FORM,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RDNS_NONE,RELAY_COUNTRY_CN,RELAY_COUNTRY_IT, REPTO_419_FRAUD_GM,SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE, TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL,TVD_PH_BODY_META, T_FILL_THIS_FORM_FRAUD_PHISH,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [114.141.155.122 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [114.141.155.122 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [firstbank6669[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40bank.com;ip=114.141.155.122;r=ga.impsec.org] * 2.6 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.1 MONEY_NOHTML Lots of money in plain text * 2.9 TVD_PH_BODY_META No description available. * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.0 LOTTO_DEPT Claims Department * 0.3 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 2.4 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: CN IT Received: from mail.mahk.top ([114.141.155.122]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17SL45VC028983 for ; Sat, 28 Aug 2021 15:04:08 -0600 Message-Id: <202108282104.17SL45VC028983@ga.impsec.org> Received: from [192.168.1.6] (host-188-15-139-245.business.telecomitalia.it [188.15.139.245]) by mail.mahk.top (Postfix) with ESMTP id 8C6621DCD71; Fri, 27 Aug 2021 21:26:07 +0800 (CST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] united nation scam victim delay payment notification from bank To: Recipients From: "Reverend.Micheal Godwin" Date: Fri, 27 Aug 2021 15:26:01 +0200 Reply-To: firstbank6669@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 28 Aug 2021 15:04:08 -0600 (CST) for IP:'114.141.155.122' DOMAIN:'[114.141.155.122]' HELO:'mail.mahk.top' FROM:'info@bank.com' RCPT:'' X-Greylist: Delayed for 23:05:12 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 28 Aug 2021 15:04:08 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17SL45VC028983 X-Spam-Prev-Subject: united nation scam victim delay payment notification from bank Status: R X-Status: X-Keywords: X-UID: 277 Content-Length: 3544 REVEREND . MICHEAL GODWIN OF FIRST BANK OF NIGERIA PLC INTERNATIONAL REMITTANCE DEPARTMENT 35 Marina P. O. Box 5216, LAGOS- NIGERIA CONTACT EMAIL:CONTACT EMAIL: firstbank6669@gmail.com Dear Beloved Beneficiary This letter is written to inform you the reason behind your delay payment.I am Reverend.Micheal Godwin the Director,International Remittance Department of this Bank,my Formal Boss,Mr.Jacobs M.Ajekigbe,the Managing Director/CEO of this bank is now on compulsory leave and all power have been vested on me to make all international payments.Also,due to reported cases of corrupt practices in other Nigeria Banks including the Central Bank of Nigeria,the Federal Government has revoked/canceled all power vested on those banks and has appointed our bank (First Bank of Nigeria) to make all foreign payments.Be informed that the Federal Government have approved the release of part-payment of$7.5M(Seven Million Five Hundred Thousand Dollars) out of your total funds,which has been in this bank for many years unclaimed because Mr.Jacobs Ajekigbe,Collaborated with the Governor of Central Bank of Nigeria (CBN)and have refused to tell you the truth on how to claim your fund this is because he has been using the interest accumulated from your fund every year to enrich himself without your knowledge,I want to help you pull out this fund to your bank account using the easiest and the quickest method,which have not been made known to you before.By this method,you will open a domiciliary account with this bank (First Bank of Nigeria),Where the fund would be 1st lodged into,before it can directly credit to any bank of your choice. After the transfer,you will confirm the fund in your bank account within 5hours the same day.No Cost of Transfer (COT) and no stoppage from any Government departments as the transfer will be done within the bank alone and it is very safe.The method which was introduced to you before is the Telegraphic Transfer (TT) for which confirmation was 48hrs,because of the time factor,petitions could come from various organizations stopping your payment and asking you to pay huge fee which would be difficult for you to pay so that they can benefit from the huge interest your fund generates while still in the Bank. This method is not safe for you because it is not done within the bank alone as information of the payment would be sent to the Central Control Unit (CCU) of the Federal Ministry of Finance and office of the Accountant General of the Federation.As a good Christian, I have nothing to gain by keeping your fund,I want to assist you receive your fund Before it accumulate Dumurrage.You have to follow up and work with me now. Ensure that you keep this very confidential because of fraudsters and impostors who go about presenting various bank accounts in order to divert another beneficiary's fund. your advise to reconfirm the following details below to us with valid account co-ordinates and amount to be claimed. Note your transfer code is FBXNZ7XX5M you must keep it confidential to avoid intruder or claim by anyone so that I do not transfer your fund to the wrong Bank Account. 1,Account numbers---------- 2.Account Holders Name.......... 3.Bank Name............. 4.Bank Address......... 5.Home Address......... 6.Swift Code.......... 7.Your Contact Cell Phone...... 8.Occupation.......... 9.Age................. 10.A Copy of your id Finally i ask for your mutual understanding and cooperation to serve you better. Yours truly, Reverend.Micheal Godwin First Bank Nigeria Plc. From ma@travelcompany.com Sat Aug 28 18:07:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=63.0 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORM_FRAUD_3,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_NG, REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD,SPAM_BOOSTER_05,SPF_HELO_NONE, SPF_SOFTFAIL,SUBJ_ALL_CAPS,TO_NO_BRKTS_FROM_MSSP, T_FILL_THIS_FORM_FRAUD_PHISH,T_FILL_THIS_FORM_SHORT, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [77.68.2.71 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [77.68.2.71 listed in bl.score.senderscore.com] * 2.1 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.0 RELAY_COUNTRY_NG Relayed via Nigeria * 1.8 NSL_RCVD_FROM_USER Received from User * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.8 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 1.6 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.3 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.9 MONEY_FROM_MISSP Lots of money and misspaced From * 2.0 FROM_MISSPACED From: missing whitespace * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.3 MONEY_FORM_SHORT Lots of money if you fill out a short form * 0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money * 1.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Relay-Country: GB NG Received: from server.wbuhealth.com (server.wbuhealth.com [77.68.2.71] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17T07fPD043043 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 28 Aug 2021 18:07:45 -0600 Message-Id: <202108290007.17T07fPD043043@ga.impsec.org> Received: from User (unknown [154.118.61.167]) by server.wbuhealth.com (Postfix) with ESMTPA id E768C83F259; Sat, 28 Aug 2021 18:34:00 +0000 (UTC) Authentication-Results: server.wbuhealth.com; spf=pass (sender IP is 154.118.61.167) smtp.mailfrom=ma@travelcompany.com smtp.helo=User Received-SPF: pass (server.wbuhealth.com: connection is authenticated) Reply-To: From: "Mr Femi Brown" Subject: [SPAM] YOUR FUND RELEASE... Date: Sat, 28 Aug 2021 19:34:15 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 28 Aug 2021 18:07:46 -0600 (CST) for IP:'77.68.2.71' DOMAIN:'[77.68.2.71]' HELO:'server.wbuhealth.com' FROM:'ma@travelcompany.com' RCPT:'' X-Greylist: Delayed for 03:31:14 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 28 Aug 2021 18:07:46 -0600 (CST) X-Spam-Prev-Subject: YOUR FUND RELEASE... Status: R X-Status: X-Keywords: X-UID: 278
This mail is been writing to you because we have come to understand that
you have lost a lot of money all because you want to receive your fund
well note that all that have been put to a stop as the federal government of
Nigeria has promised to assist you with the sum of $5million in other to
compensate you and all you have to do is fill the below information s.
1 full name
2 home phone and cell phone number
3 occupation
4 amount that was lost by you
Send this and get back at once.
Warm regards
Femi
 From test@gaheritage.com Sun Aug 29 19:05:23 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.9 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD,MONEY_FORM,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, REPTO_419_FRAUD_HM,SPAM_BOOSTER_15,SPF_HELO_PASS,SPF_PASS, SUBJ_ALL_CAPS,URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD_HM Reply-To is known advance fee fraud * collector mailbox * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [annagray00[at]hotmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.1 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 2.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 1.4 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: US CO Received: from gaheritage.com (gaheritage.com [74.208.186.217]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17U15J0B029999 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 29 Aug 2021 19:05:23 -0600 Message-Id: <202108300105.17U15J0B029999@ga.impsec.org> Received: from PUBLIC2016.server.local (unknown [190.248.151.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: test@gaheritage.com) by gaheritage.com (Postfix) with ESMTPSA id 25B6D43A33; Sun, 29 Aug 2021 19:58:27 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gaheritage.com; s=mail; t=1630281509; bh=ql0eCcXmFwZF6LIdxvbiCnSpqTGVw5FP6inzN6eoHXg=; h=Subject:To:From:Date:Reply-To:From; b=FR+d8uXz9utbW/NmeIxtFUjR5we7NhFkXD/Vi+lQGEkxp2cbV1hsObCkZI4+AuNos 2/KybWSGCSzXNJasOJZYEqlKTYaU1ka9qomaa5z0FT+npAUgdjZtBKiEZYGnF09Jhh f6WaOrsWUvXLmY1yVZbiGvG6SL3TmA6tlV8xR00gsqE8IU9FwMoSHaSA5YNxKpcnYU w3S1SPW7pjiEHnByhv6gIWW2TzuosdZNb1Lvfw4T0c+EQpOSU9Ykvrf6OXxXfVXZ2y Fgphst5EmZwjmqZg/89laDtDkoYW9sb/ihqhi2mVO+RE+Rt0V5eX0h2UFQ0Tgr/BHw 1IKQjp86BwMxg== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] IRREVOCABLE PAYMENT ORDER VIA (ATM CARD..) To: Recipients From: "Mr. Dave West" Date: Sun, 29 Aug 2021 19:02:53 -0500 Reply-To: annagray00@hotmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 29 Aug 2021 19:05:23 -0600 (CST) for IP:'74.208.186.217' DOMAIN:'gaheritage.com' HELO:'gaheritage.com' FROM:'test@gaheritage.com' RCPT:'' X-Greylist: Delayed for 00:41:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 29 Aug 2021 19:05:23 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17U15J0B029999 X-Spam-Prev-Subject: IRREVOCABLE PAYMENT ORDER VIA (ATM CARD..) Status: R X-Status: X-Keywords: X-UID: 279 Content-Length: 2178 IRREVOCABLE PAYMENT ORDER VIA (ATM CARD.) Dear... We have actually been authorized by the United Nations Secretary-General, and the governing body of the UNITED NATIONS Monetary Unit, to investigate the unnecessary delay on your payment, recommended and approved in your favor. During the course of our investigation, we discovered with dismay that your payment has been unnecessarily delayed by corrupt officials of the Bank who are trying to divert your funds into their private accounts. To forestall this, security for your funds was organized in the form of your Personal Identification Number (PIN) (ATM CARD) and this will enable only you to have direct control over your funds in the (ATM CARD). We will monitor this payment ourselves to avoid the hopeless situation created by the Officials of the bank. An irrevocable payment guarantee has been issued by the Presidency of the United State on your payment. However, we are happy to inform you that based on our recommendation/instructions, your complete contract funds has been credited in your favor through (ATM CARD). You are therefore advised to contact: MRS. Anna Gray,, the GENERAL MANAGER OPERATIONS, through the e-mail address: annagray00@hotmail.com Contact him now for the delivery of your (ATM CARD). As soon as you establish a contact with him, an ATM card will be issued to you immediately that you can use to withdraw your funds in any ATM machine in any part of the world But, the maximum is Five Thousand dollars per day. So if you like to receive your funds through this means you are advised to contact the ATM card payment center with the following information as stated below: (1A) HOME PHONE NUMBER: (1B) CELL/MOBILE PHONE NUMBER: (2) YOUR ADDRESS WHERE YOU WANT YOUR ATM CARD SENT : (P.O BOX NOT ACCEPTABLE) (3) YOUR AGE: (4) YOUR FULL NAME: (5) YOUR MARITAL STATUS: NOTE: WITH YOUR CORRECT AND VALID DETAILS. ALSO, BE INFORMED THAT THE AMOUNT TO BE PAID NOW IS $4.5 MILLION. We expect your urgent response to this email to enable us to monitor this payment effectively, thereby, making contact with MRS. Anna Gray, as directed to avoid further delay. CONGRATULATIONS. Mr. Dave West From jhardin@impsec.org Mon Aug 30 05:50:34 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 98486 invoked by uid 99); 30 Aug 2021 16:14:53 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Aug 2021 16:14:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 17C3BBFD28 for ; Mon, 30 Aug 2021 16:14:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 2.63 X-Spam-Level: ** X-Spam-Status: No, score=2.63 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MONEY_FREEMAIL_REPTO=2.428, SPF_NONE=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id sVWJ4kGXZeYm for ; Mon, 30 Aug 2021 16:14:52 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=131.161.253.86; helo=mail.automotive.com.py; envelope-from=cynthia.contreras@skanska.com.ar; receiver= Received: from mail.automotive.com.py (mail.automotive.com.py [131.161.253.86]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 696547DD1A for ; Mon, 30 Aug 2021 16:14:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.automotive.com.py (Postfix) with ESMTP id CF9A14059154D; Mon, 30 Aug 2021 09:02:26 -0400 (-04) Received: from mail.automotive.com.py ([127.0.0.1]) by localhost (mail.automotive.com.py [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id mc050ptAnuty; Mon, 30 Aug 2021 09:02:26 -0400 (-04) Received: from localhost (localhost [127.0.0.1]) by mail.automotive.com.py (Postfix) with ESMTP id 8E4B1405E17C2; Mon, 30 Aug 2021 08:55:52 -0400 (-04) X-Virus-Scanned: amavisd-new at automotive.com.py Received: from mail.automotive.com.py ([127.0.0.1]) by localhost (mail.automotive.com.py [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id e4jC7Y38DNG6; Mon, 30 Aug 2021 08:55:52 -0400 (-04) Received: from [212.162.150.123] (unknown [10.8.40.1]) by mail.automotive.com.py (Postfix) with ESMTPSA id C2347405E17CD; Mon, 30 Aug 2021 08:49:11 -0400 (-04) X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="===============2022337279==" MIME-Version: 1.0 Subject: To: Recipients From: "Manon Grace" < cynthia.contreras@skanska.com.ar> Date: Mon, 30 Aug 2021 05:50:34 -0700 Reply-To: grace.manonfoundation@outlook.com Message-Id: <20210830124911.C2347405E17CD@mail.automotive.com.py> Status: X-Status: X-Keywords: X-UID: 280 Content-Length: 1429 You will not see this in a MIME-aware mail reader. --===============2022337279== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Estimado propietario de correo electr=F3nico Por favor confirme la propieda= d de su correo electr=F3nico% 0%. Fue seleccionado al azar despu=E9s de un = sorteo de Spinball por computadora electr=F3nica, para recibir una donaci= =F3n de $ 1,200,000.00 USD de Manon Grace Therrien. Env=EDe un correo elect= r=F3nico de confirmaci=F3n a grace.manonfoundation@outlook.com para obtener= m=E1s detalles --===============2022337279== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Estimado propietario de correo electr=F3nico P= or favor confirme la propiedad de su correo electr=F3nico% 0%. Fue seleccio= nado al azar despu=E9s de un sorteo de Spinball por computadora electr=F3ni= ca, para recibir una donaci=F3n de $ 1,200,000.00 USD de Manon Grace Therri= en. Env=EDe un correo electr=F3nico de confirmaci=F3n a grace.manonfoundation@outlook.com par= a obtener m=E1s detalles --===============2022337279==-- From test@gaheritage.com Mon Aug 30 22:58:13 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.6 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD,MONEY_FORM,MONEY_FRAUD_5, MONEY_FREEMAIL_REPTO,MONEY_NOHTML,MSGID_FROM_MTA_HEADER, RCVD_IN_BL_SPAMCOP_NET,REPTO_419_FRAUD_HM,SPAM_BOOSTER_04, SPAM_BOOSTER_15,SPF_HELO_PASS,SPF_PASS,SUBJ_ALL_CAPS,URG_BIZ, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 6.0 REPTO_419_FRAUD_HM Reply-To is known advance fee fraud * collector mailbox * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [annagray00[at]hotmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.6 URG_BIZ Contains urgent matter * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.5 MONEY_NOHTML Lots of money in plain text * 3.0 SPAM_BOOSTER_15 Boost score for BAYES_999 + DKIM_SIGNED + * DKIM_INVALID * 0.0 MONEY_ATM_CARD Lots of money on an ATM card * 2.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 1.1 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: US CO Received: from gaheritage.com (gaheritage.com [74.208.186.217]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 17V4w9Kh025289 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 30 Aug 2021 22:58:13 -0600 Message-Id: <202108310458.17V4w9Kh025289@ga.impsec.org> Received: from PUBLIC2016.server.local (unknown [190.248.151.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: test@gaheritage.com) by gaheritage.com (Postfix) with ESMTPSA id A72F64CED6; Mon, 30 Aug 2021 23:36:09 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gaheritage.com; s=mail; t=1630380971; bh=ql0eCcXmFwZF6LIdxvbiCnSpqTGVw5FP6inzN6eoHXg=; h=Subject:To:From:Date:Reply-To:From; b=JvBQouup367QnSOtveRZVrYYIjy2L/5NSQ6d0YqqWPEXbzuSNip9/QKPI4UWFyHQG PR+s4tCqv2SnFVhY3nDsAUBTj5ePK0PtD1ti53/zZzht5/mIHD0lDACWghSUq61X+A BTSoRCJHxhh4U7Gqzlhy094XUy/4uXOH2sBrB64rJEzFrw++riMNfIVCPjQv1bR/4V yU9z42AHe+fm+9svLC2If0iwZ8r5VqSzJib3ywIZw5IKCRg6WhMoWn/lR8RcmwdCnF CW86B4ZmtcCOeqSy+x9ia+eYyO7bn1ZyLyZVfqfiwOE2lByIZMJS+oKG2Up+NOeRJe NT8uOY4Md7mbw== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] IRREVOCABLE PAYMENT ORDER VIA (ATM CARD..) To: Recipients From: "Mr. Dave West" Date: Mon, 30 Aug 2021 22:40:34 -0500 Reply-To: annagray00@hotmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 30 Aug 2021 22:58:13 -0600 (CST) for IP:'74.208.186.217' DOMAIN:'gaheritage.com' HELO:'gaheritage.com' FROM:'test@gaheritage.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 30 Aug 2021 22:58:13 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 17V4w9Kh025289 X-Spam-Prev-Subject: IRREVOCABLE PAYMENT ORDER VIA (ATM CARD..) Status: R X-Status: X-Keywords: X-UID: 281 Content-Length: 2178 IRREVOCABLE PAYMENT ORDER VIA (ATM CARD.) Dear... We have actually been authorized by the United Nations Secretary-General, and the governing body of the UNITED NATIONS Monetary Unit, to investigate the unnecessary delay on your payment, recommended and approved in your favor. During the course of our investigation, we discovered with dismay that your payment has been unnecessarily delayed by corrupt officials of the Bank who are trying to divert your funds into their private accounts. To forestall this, security for your funds was organized in the form of your Personal Identification Number (PIN) (ATM CARD) and this will enable only you to have direct control over your funds in the (ATM CARD). We will monitor this payment ourselves to avoid the hopeless situation created by the Officials of the bank. An irrevocable payment guarantee has been issued by the Presidency of the United State on your payment. However, we are happy to inform you that based on our recommendation/instructions, your complete contract funds has been credited in your favor through (ATM CARD). You are therefore advised to contact: MRS. Anna Gray,, the GENERAL MANAGER OPERATIONS, through the e-mail address: annagray00@hotmail.com Contact him now for the delivery of your (ATM CARD). As soon as you establish a contact with him, an ATM card will be issued to you immediately that you can use to withdraw your funds in any ATM machine in any part of the world But, the maximum is Five Thousand dollars per day. So if you like to receive your funds through this means you are advised to contact the ATM card payment center with the following information as stated below: (1A) HOME PHONE NUMBER: (1B) CELL/MOBILE PHONE NUMBER: (2) YOUR ADDRESS WHERE YOU WANT YOUR ATM CARD SENT : (P.O BOX NOT ACCEPTABLE) (3) YOUR AGE: (4) YOUR FULL NAME: (5) YOUR MARITAL STATUS: NOTE: WITH YOUR CORRECT AND VALID DETAILS. ALSO, BE INFORMED THAT THE AMOUNT TO BE PAID NOW IS $4.5 MILLION. We expect your urgent response to this email to enable us to monitor this payment effectively, thereby, making contact with MRS. Anna Gray, as directed to avoid further delay. CONGRATULATIONS. Mr. Dave West From mandelafoundationmobilewinners@gmail.com Wed Sep 1 02:24:52 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.9 required=5.0 tests=ADVANCE_FEE_2_NEW_FRM_MNY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FILL_THIS_FORM,FILL_THIS_FORM_LONG,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LCL_VIA_ZA,LOTS_OF_MONEY, MONEY_FORM,MONEY_FRAUD_3,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,RELAY_COUNTRY_ZA,REPTO_419_FRAUD_CNS,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.221.65 listed in wl.mailspike.net] * 6.0 REPTO_419_FRAUD_CNS Reply-To is known advance fee fraud * collector mailbox * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mandelafoundationmobilewinners[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [lottomaxclaims7[at]consultant.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.221.65 listed in list.dnswl.org] * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.0 LCL_VIA_ZA Via relay in South African + high Bayes * 2.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 2.4 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 2.8 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: US ZA Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1818Olau026045 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 1 Sep 2021 02:24:52 -0600 Received: by mail-wr1-f65.google.com with SMTP id g18so3131538wrc.11 for ; Wed, 01 Sep 2021 01:24:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:from:mime-version:subject:to:date:reply-to; bh=eg/b2aslAHYsQjriz6GbUAWOjOIBkgnjq50JIhSNtK4=; b=N4my4jWNrfeVQHaeSEdASHFA1wTUpIMc+CWlLIBfjE4kmeI0QBdeJGxOEiYdz4EVH5 axlnxh8n4vkfbc2ua+cGZQQfLpXeiRYlp32nCCuFDrmu2merh/JhIsTvpFydO06Y/Ytj T8dusFe8YFBA18rdDIaNgssxvwfxIJ/MmCUCuD0BFh0ZqbTbr4nW0TZrbDNBnQANpxEw 1s+mT7p/okgdc0gDbQ9z2oVm+3eN2TBNgufvFUaaheuS6JVrrgZlg75uHUL9YHhZPW56 BVykFiwUCZpHlovW8MrMjaUSgwqoQun87m4prAovmj538OdkP1TiZ7DP0IAzxPA7d0tK tq3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:from:mime-version:subject:to:date :reply-to; bh=eg/b2aslAHYsQjriz6GbUAWOjOIBkgnjq50JIhSNtK4=; b=uUSPuVvs5an2+jxeSY6aM/IUBre9l5zW2OTKvM4QBgg2hX0bfX/jxwGCAzYZo1pMDT +pvsEwW9UntyJHQygmTXx3A8ICmD8GMBZhs+7MwPavyqLuoFNnITwIElKCWh8nPwx/2O HQ4xxYroPLCQfOgi+/UaUHw3UfsPuX/Tzxe2I4M0kjNOH2v6WhOiST1gCHIauFAVMeEd quEy8pRvnEIGCgDbbxG3BLfKvps758zLNnND+3DD2bQvJuh9TiFP3wb3USPjcoy2CiCD tcvSLRqsDEsuoovq+iZ1b7xqxlOtyxVU0LTkzGHCGtEUQyNEp9ZgmoZZyloOgqPThp/w iNLg== X-Gm-Message-State: AOAM531KLQEh0q/v5GvTPC2OhxX714hYhZySrAJMvm66hehLFLQs/P4z G9iR6krQO09sOIgTFB2DU58= X-Google-Smtp-Source: ABdhPJyWMnGiIX7DxC8/m1Ce9ixCNnf22uDF150ZGu9RiLhn0gBsvkmO5LlMJyMfq6CSr78QKxS8wg== X-Received: by 2002:adf:b743:: with SMTP id n3mr36333080wre.243.1630484685862; Wed, 01 Sep 2021 01:24:45 -0700 (PDT) Received: from Hp-PC.home (105-213-129-59.access.mtnbusiness.co.za. [105.213.129.59]) by smtp.gmail.com with ESMTPSA id q13sm20502900wrv.79.2021.09.01.01.24.38 (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 01 Sep 2021 01:24:42 -0700 (PDT) Message-ID: <612f38ca.1c69fb81.eb370.00b9@mx.google.com> From: LottoMax Claims X-Google-Original-From: "LottoMax Claims" Content-Type: multipart/alternative; boundary="===============0544678887==" MIME-Version: 1.0 Subject: [SPAM] National PostCode Agency.S.L To: Recipients Date: Wed, 01 Sep 2021 10:24:33 +0200 Reply-To: "LottoMax Claims" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 01 Sep 2021 02:24:52 -0600 (CST) for IP:'209.85.221.65' DOMAIN:'mail-wr1-f65.google.com' HELO:'mail-wr1-f65.google.com' FROM:'mandelafoundationmobilewinners@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 01 Sep 2021 02:24:52 -0600 (CST) X-Spam-Prev-Subject: National PostCode Agency.S.L Status: R X-Status: X-Keywords: X-UID: 282 Content-Length: 4695 You will not see this in a MIME-aware mail reader. --===============0544678887== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body = Winners Notification !!! Your email ID has won =801,650,000.00 euros (One Million, Six hundred and f= ifty thousand EUR) in LottoMax International Charity program Ref No Sp/179/= 0-39/44/4-07/ES. Lucky No.9/44/15/27/49. For more information on comfirmation and claims procedure, please reply wi= th your FULL NAMES, ADDRESS, AGE, OCCUPATION CONTACT DETAILS You will be contacted by your district representative. = Note: This is an international lottery program. Congratulations! National PostCode Agency.S.L lottomaxclaims7@consultant.com --===============0544678887== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body

        =             &nb= sp;            =   

    =             &nb= sp;            =             &nb= sp;    Winners Notification !!!Your email ID has won =E2=82=AC1,650,000.00 euros (One Million, Six hundr= ed and fifty thousand EUR) in LottoMax International Charity program Ref No= Sp/179/0-39/44/4-07/ES. Lucky No.9/44/15/27/49.

Fo= r more information on comfirmation and claims procedure, please reply with = your
FULL NAMES,
ADDRESS,
AGE,
OCCUPATION
CONTACT DETAILS

Yo= u will be contacted by your district representative.
 
Note: Thi= s is an international lottery program.
Congratulations!

Na= tional PostCode Agency.S.L

lottomaxclaims7@con= sultant.com

--===============0544678887==-- From jhardin@impsec.org Thu Sep 2 09:03:27 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 85068 invoked by uid 99); 2 Sep 2021 09:03:35 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Sep 2021 09:03:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 72C761FF4BE for ; Thu, 2 Sep 2021 09:03:34 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.567 X-Spam-Level: *** X-Spam-Status: No, score=3.567 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, MIME_HTML_ONLY=0.3, MISSING_SUBJECT=1.767, RCVD_IN_HOSTKARMA_BL=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=zklg.net Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id TYdizr_HTcxS for ; Thu, 2 Sep 2021 09:03:33 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=157.245.63.14; helo=mail0.zklg.net; envelope-from=sales@zklg.net; receiver= Received: from mail0.zklg.net (mail0.zklg.net [157.245.63.14]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id BFAE8BD3DF for ; Thu, 2 Sep 2021 09:03:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=zklg.net; h=Reply-To:From:To:Date:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; i=sales@zklg.net; bh=wzzUudK/+Zvpa8IeHUtbu2qAe+vwG2L1t2WbLheL5Bs=; b=pchoFyy1A0Xm5W2kbpRMP6eYmDvV6/GDrx2DQn5a0K4CBrCsmBn2/WdbhNo2Gv7lw/qceX9Zz1W4 XAN+HpsCqecmBHBLL7LgrSXTQAr/PcyQUfQ5TNd3efKtBk3d2FTlsSKUH8sKHkV5xW1U8yYlf9Ky vdeqokWePxmEuO7TzqY= Reply-To: info@johannaconsultancy.com From: Johanna Consultancy To: users@spamassassin.apache.org Date: 2 Sep 2021 09:03:27 +0000 Message-ID: <20210902090327.F8FD52983B588199@zklg.net> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable Status: X-Status: X-Keywords: X-UID: 283

Hello Friend:
I have a donation for you, contact me for more informat= ion

From info@service.cz Thu Sep 2 21:10:58 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.4 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BAYES_999,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_MR_MRS,HK_SCAM,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_SBL_CSS, RCVD_IN_VALIDITY_RPBL,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.133.110.63 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [112.199.40.188 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [112.199.40.188 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [112.199.40.188 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [allisoncluade11[at]gmail.com] * 0.3 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 HK_SCAM No description available. * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.7 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: PH XX Received: from mail.pitc.gov.ph (www.pitc.gov.ph [112.199.40.188]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1833AqsG035781 for ; Thu, 2 Sep 2021 21:10:58 -0600 Received: from [103.133.110.63] (unknown [103.133.110.63]) by mail.pitc.gov.ph (Postfix) with ESMTP id 6A34383862B6; Fri, 3 Sep 2021 05:40:12 +0800 (+08) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Dear Beloved In Christ, To: Recipients From: "Mrs. Favour Allison Fosgate" Date: Thu, 02 Sep 2021 14:39:29 -0700 Reply-To: allisoncluade11@gmail.com Message-Id: <20210902214013.6A34383862B6@mail.pitc.gov.ph> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Sep 2021 21:10:58 -0600 (CST) for IP:'112.199.40.188' DOMAIN:'www.pitc.gov.ph' HELO:'mail.pitc.gov.ph' FROM:'info@service.cz' RCPT:'' X-Greylist: Delayed for 02:02:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Sep 2021 21:10:58 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1833AqsG035781 X-Spam-Prev-Subject: Dear Beloved In Christ, Status: R X-Status: X-Keywords: X-UID: 284 Content-Length: 3144 Dear Beloved In Christ, I bring peace and love to you from God and our Lord Jesus Christ. It is by the grace of God that I received Christ, having known the truth, I had no choice than to do what is lawful and right in the sight of God for eternal life and in the sight of man for witness of God’s mercy and glory upon my life. I am Mrs. Favour Allison Fosgate. The wife of Mr. Fosgate from Philippines, My husband worked with the Central Bank Philippines for ten years before he died in the year 2012. We were married for twenty-seven years without a child. My Husband died after a brief illness that lasted for only ten days. Before his death we were both born again Christians. Since his death I decided not to re-marry or get a child outside my matrimonial home which the Bible is against. When my late husband was alive he deposited the sum of $18,500,000.00 USD (Eighteen Million Five Hundred Thousand American Dollars) with the Bay Bank of America, United States of America. Presently, this money is still with the bank and the management has just written me as the Next of Kin to come forward to sign for the release of this fund only known to me and my late husband or give authorization to somebody to receive it on my behalf if I cannot come over. Unfortunately, I'm in a general hospital Chu Cocody, Abidjan where I have been undergoing treatment for esophageal cancer. I have since lost my ability to talk and my doctors have told me that I have only a few months to live. It is my last wish to see this money distributed to charitable organizations anywhere in the World. Because relatives and friends have plundered so much of my wealth since my illness, I cannot live with the agony of entrusting this huge responsibility to any of them. Please, I beg you in the name of God to help me stand and collect the money from the Bay Bank of America CA. I want a person that is God fearing that will use this money to fund churches, orphanages and widows propagating the word of God and to ensure that the house of God is maintained. The Bible made us to understand that blessed is the hand that gives. I took this decision because I don't have any child that will inherit this money and my husband's relatives are not Christians and I don't want my husband's hard earned money to be misused by unbelievers. I don't want a situation where this money will be used in an ungodly manner. Hence the reason for taking this bold decision. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my case and I shall hold my peace. I don't need any telephone communication in this regard because of my soundless voice and presence of my husband's relatives around me always. I don't want them to know about this development. With God all things are possible. As soon as I receive your response I shall give you the contact information of my late husband attorney in United States of America as he will be the one to assist you in laying claims for this $18,500,000 to become yours. Yours in Christ, Mrs. Favour Allison Fosgate. From secureserver@servers.com Fri Sep 3 12:38:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.8 required=5.0 tests=BAYES_99,BAYES_999, FROM_MISSP_EH_MATCH,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,KHOP_HELO_FCRDNS, MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,SPAM_BOOSTER_04,SPAM_BOOSTER_05, SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.222.57.80 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.222.57.80 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-Spam-Relay-Country: NL Received: from servers.com (hosted-by.rootlayer.net [185.222.57.80] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 183IcJ4d038328 for ; Fri, 3 Sep 2021 12:38:23 -0600 Reply-To: lopez.rios@udttld.com From: RIOS LOPEZ To: jhardin@impsec.org Subject: [SPAM] PROPOSAL..CONFIDENTIAL Date: 03 Sep 2021 20:38:17 +0200 Message-ID: <20210903203816.7B1FB13012ABD647@servers.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 12:38:24 -0600 (CST) for IP:'185.222.57.80' DOMAIN:'[185.222.57.80]' HELO:'servers.com' FROM:'secureserver@servers.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 12:38:24 -0600 (CST) X-Spam-Prev-Subject: PROPOSAL..CONFIDENTIAL Status: R X-Status: X-Keywords: X-UID: 285

Dear , jhardin

I am a bank manage= r here in Mexico.

I have a confidencial financial offer that can ben= efit both of us.

Kindly reply me for more details

Yours Since= rely

RIOS LOPEZ
Email: = lopez.rios@udttld.com

From secureserver@servers.com Fri Sep 3 13:19:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.8 required=5.0 tests=BAYES_99,BAYES_999, DEAR_FRIEND,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,KHOP_HELO_FCRDNS, MAY_BE_FORGED,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,SPAM_BOOSTER_04,SPAM_BOOSTER_05, SPF_HELO_SOFTFAIL,SPF_SOFTFAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.222.57.80 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.222.57.80 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-Spam-Relay-Country: NL Received: from servers.com (hosted-by.rootlayer.net [185.222.57.80] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 183JJ2Bx042173 for ; Fri, 3 Sep 2021 13:19:06 -0600 Reply-To: lopez.rios@udttld.com From: LOPEZ RIOS To: jhardin@impsec.org Subject: [SPAM] proposal Date: 03 Sep 2021 21:19:00 +0200 Message-ID: <20210903211859.A1D4C3BE7781AE57@servers.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 13:19:07 -0600 (CST) for IP:'185.222.57.80' DOMAIN:'[185.222.57.80]' HELO:'servers.com' FROM:'secureserver@servers.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 13:19:07 -0600 (CST) X-Spam-Prev-Subject: proposal Status: R X-Status: X-Keywords: X-UID: 286

Dear Friend
<= /FONT>
I am a bank manager here in M= exico.

I have a confidencial financial offer that can benefit both of us.

Kindly reply me for more details

Yours Sincerely

RIOS LOPEZ

lopez.rios@udttld.com

= From info@service.cz Fri Sep 3 17:28:33 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.7 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BAYES_999,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_MR_MRS,HK_SCAM,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_SBL_CSS, RCVD_IN_VALIDITY_RPBL,SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.133.110.63 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [112.199.40.188 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [112.199.40.188 listed in bl.score.senderscore.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [112.199.40.188 listed in bl.mailspike.net] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [allisoncluade11[at]gmail.com] * 0.7 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 1.0 HK_NAME_MR_MRS No description available. * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 HK_SCAM No description available. * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 3.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.6 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: PH XX Received: from mail.pitc.gov.ph (www.pitc.gov.ph [112.199.40.188]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 183NSMTd015861 for ; Fri, 3 Sep 2021 17:28:33 -0600 Received: from [103.133.110.63] (unknown [103.133.110.63]) by mail.pitc.gov.ph (Postfix) with ESMTP id CCBED1724362; Fri, 3 Sep 2021 04:12:35 +0800 (+08) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Dear Beloved In Christ, To: Recipients From: "Mrs. Favour Allison Fosgate" Date: Thu, 02 Sep 2021 13:11:59 -0700 Reply-To: allisoncluade11@gmail.com Message-Id: <20210902201236.CCBED1724362@mail.pitc.gov.ph> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 17:28:33 -0600 (CST) for IP:'112.199.40.188' DOMAIN:'www.pitc.gov.ph' HELO:'mail.pitc.gov.ph' FROM:'info@service.cz' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 03 Sep 2021 17:28:33 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 183NSMTd015861 X-Spam-Prev-Subject: Dear Beloved In Christ, Status: R X-Status: X-Keywords: X-UID: 287 Content-Length: 3144 Dear Beloved In Christ, I bring peace and love to you from God and our Lord Jesus Christ. It is by the grace of God that I received Christ, having known the truth, I had no choice than to do what is lawful and right in the sight of God for eternal life and in the sight of man for witness of God’s mercy and glory upon my life. I am Mrs. Favour Allison Fosgate. The wife of Mr. Fosgate from Philippines, My husband worked with the Central Bank Philippines for ten years before he died in the year 2012. We were married for twenty-seven years without a child. My Husband died after a brief illness that lasted for only ten days. Before his death we were both born again Christians. Since his death I decided not to re-marry or get a child outside my matrimonial home which the Bible is against. When my late husband was alive he deposited the sum of $18,500,000.00 USD (Eighteen Million Five Hundred Thousand American Dollars) with the Bay Bank of America, United States of America. Presently, this money is still with the bank and the management has just written me as the Next of Kin to come forward to sign for the release of this fund only known to me and my late husband or give authorization to somebody to receive it on my behalf if I cannot come over. Unfortunately, I'm in a general hospital Chu Cocody, Abidjan where I have been undergoing treatment for esophageal cancer. I have since lost my ability to talk and my doctors have told me that I have only a few months to live. It is my last wish to see this money distributed to charitable organizations anywhere in the World. Because relatives and friends have plundered so much of my wealth since my illness, I cannot live with the agony of entrusting this huge responsibility to any of them. Please, I beg you in the name of God to help me stand and collect the money from the Bay Bank of America CA. I want a person that is God fearing that will use this money to fund churches, orphanages and widows propagating the word of God and to ensure that the house of God is maintained. The Bible made us to understand that blessed is the hand that gives. I took this decision because I don't have any child that will inherit this money and my husband's relatives are not Christians and I don't want my husband's hard earned money to be misused by unbelievers. I don't want a situation where this money will be used in an ungodly manner. Hence the reason for taking this bold decision. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my case and I shall hold my peace. I don't need any telephone communication in this regard because of my soundless voice and presence of my husband's relatives around me always. I don't want them to know about this development. With God all things are possible. As soon as I receive your response I shall give you the contact information of my late husband attorney in United States of America as he will be the one to assist you in laying claims for this $18,500,000 to become yours. Yours in Christ, Mrs. Favour Allison Fosgate. From cym@itcsa.net Sat Sep 4 06:31:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=59.0 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_1ECD5, BAYES_99,BAYES_999,CTE_8BIT_MISMATCH,DATE_IN_PAST_12_24, FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FROM_MISSP_REPLYTO,FROM_MISSP_SPF_FAIL,FROM_MISSP_TO_UNDISC, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_H2,RCVD_IN_PSBL,RDNS_NONE,RELAY_COUNTRY_IT, RELAY_COUNTRY_RO,REPTO_419_FRAUD_AOL,SPF_FAIL,SPF_HELO_NONE, UNDISC_FREEM,UNDISC_MONEY,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [86.105.195.147 listed in psbl.surriel.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [86.105.195.147 listed in wl.mailspike.net] * 0.9 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_AOL Reply-To is known advance fee fraud * collector mailbox * 0.5 RELAY_COUNTRY_RO Relayed via Romania * 0.5 RELAY_COUNTRY_IT Relayed via Italy * 1.2 NSL_RCVD_HELO_USER Received from HELO User * 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=cym%40itcsa.net;ip=86.105.195.147;r=ga.impsec.org] * 0.7 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.5 FROM_MISSP_SPF_FAIL No description available. * 0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 1.6 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait * 2.0 MONEY_FROM_MISSP Lots of money and misspaced From * 3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 2.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: RO IT Received: from uyrhebegebf.org ([86.105.195.147]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 184CVH2h007034 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 4 Sep 2021 06:31:22 -0600 Received: from [37.77.125.67] (helo=User) by uyrhebegebf.org with esmtpa (Exim 4.94.2) (envelope-from ) id 1mMTyG-00030K-2V; Sat, 04 Sep 2021 11:36:28 +0000 Authentication-Results: ; dmarc=fail header.from=itcsa.net X-FEAS-AUTH-USER: To: undisclosed-recipients:; Message-Id: <20210904143344.7430@fortimail.voxility> Reply-To: From: "WANCZYKO" Subject: [SPAM] Ich gratuliere 147 Date: Sat, 4 Sep 2021 01:35:03 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 04 Sep 2021 06:31:22 -0600 (CST) for IP:'86.105.195.147' DOMAIN:'[86.105.195.147]' HELO:'uyrhebegebf.org' FROM:'cym@itcsa.net' RCPT:'' X-Greylist: Delayed for 00:54:27 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 04 Sep 2021 06:31:22 -0600 (CST) X-Spam-Prev-Subject: Ich gratuliere 147 Status: R X-Status: X-Keywords: X-UID: 288 Hallo, Ich bin Frau Mavis Wanczyk, die Mega-Gewinnerin von 758 Millionen Dollar in Mega Millions Jackpot, ich spende an 5 zufllige Personen, wenn Sie diese E-Mail dann erhalten Ihre E-Mail wurde nach einem Drehball ausgewhlt. Ich habe den grten Teil meines Reichtums verteilt ber eine Reihe von Wohlttigkeitsorganisationen und Organisationen. Ich habe mich freiwillig dazu entschieden Spenden Sie die Summe von 10 Millionen USD an Sie als einen der Ausgewhlten, um dies zu berprfen mein Gewinne ber die YouTube-Seite unten. SCHAU MICH HIER AN: https://www.youtube.com/watch?v=7kWnqvJM1mM DAS IST IHR SPENDENCODE: F207162 Bitte senden Sie mir Ihre direkte Telefon- und Faxnummer, damit ich Sie erreichen kann Antworten Sie mit dem SPENDENCODE auf diese E-Mail: wanczykooo006@gmail.com Gre, Frau Mavis L. Wanczyk. From secureserver@servers.com Wed Sep 8 14:50:43 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.8 required=5.0 tests=BAYES_99,BAYES_999, FROM_MISSP_EH_MATCH,FROM_MISSP_REPLYTO,HTML_FONT_SIZE_LARGE, HTML_MESSAGE,KHOP_HELO_FCRDNS,MAY_BE_FORGED,MIME_HTML_ONLY, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL, REPTO_419_FRAUD,SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_SOFTFAIL, SPF_SOFTFAIL,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [185.222.57.80 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [185.222.57.80 listed in bl.score.senderscore.com] * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS X-Spam-Relay-Country: NL Received: from servers.com (hosted-by.rootlayer.net [185.222.57.80] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 188KoaOu025024 for ; Wed, 8 Sep 2021 14:50:42 -0600 Reply-To: lopez.rios@udttld.com From: RIOS LOPEZ To: jhardin@impsec.org Subject: [SPAM] PROPOSAL..CONFIDENTIAL Date: 08 Sep 2021 22:50:30 +0200 Message-ID: <20210908225029.F847B832F49CFE2C@servers.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 08 Sep 2021 14:50:43 -0600 (CST) for IP:'185.222.57.80' DOMAIN:'[185.222.57.80]' HELO:'servers.com' FROM:'secureserver@servers.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 08 Sep 2021 14:50:43 -0600 (CST) X-Spam-Prev-Subject: PROPOSAL..CONFIDENTIAL Status: R X-Status: X-Keywords: X-UID: 289

Dear , jhardin

I am a bank manage= r here in Mexico.

I have a confidencial financial offer that can ben= efit both of us.

Kindly reply me for more details

Yours Since= rely

RIOS LOPEZ
Email: = lopez.rios@udttld.com

From 0781@mweb.co.za Thu Sep 9 04:18:02 2021 Return-Path: <0781@mweb.co.za> Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 189BI2Fa005233 for ; Thu, 9 Sep 2021 04:18:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********* X-Spam-Status: Yes, score=9.7 required=5.0 tests=BAYES_60,CTE_8BIT_MISMATCH, LCL_REPTO_RARE_TLD,MSGID_FROM_MTA_HEADER,PP_MIME_FAKE_ASCII_TEXT, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_LOW,RELAY_COUNTRY_ZA, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7110] * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, * low trust * [196.30.26.186 listed in list.dnswl.org] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be * ASCII but isn't * 0.8 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 3.0 LCL_REPTO_RARE_TLD Reply-To address in rarely-nonspam TLD X-Spam-Relay-Country: ZA ZA Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 09 Sep 2021 04:18:02 -0700 (PDT) Received: from smtp02-smtpout03.tb.za.mtnbusiness.net (smtp02-smtpout03.tb.za.mtnbusiness.net [196.30.26.186]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 189BGre8028301 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 9 Sep 2021 05:16:58 -0600 Message-Id: <202109091116.189BGre8028301@ga.impsec.org> Received: from [105.213.91.35] (helo=server-PC) by smtp.mtnbusiness.co.za with esmtp (Blowfish SMTP) (envelope-from <0781@mweb.co.za>) id 1mOI78-000OLt-9S for jhardin@impsec.org; Thu, 09 Sep 2021 13:21:06 +0200 From: "WPortia" <0781@mweb.co.za> Subject: [SPAM] Hello To: jhardin@impsec.org Content-Type: text/plain Reply-To: portiaw@webbe.work Date: Thu, 9 Sep 2021 03:58:22 -0700 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 09 Sep 2021 05:16:58 -0600 (CST) for IP:'196.30.26.186' DOMAIN:'smtp02-smtpout03.tb.za.mtnbusiness.net' HELO:'smtp02-smtpout03.tb.za.mtnbusiness.net' FROM:'0781@mweb.co.za' RCPT:'' X-Greylist: Delayed for 00:18:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 09 Sep 2021 05:16:58 -0600 (CST) X-Spam-Prev-Subject: Hello MIME-Version: 1.0 Status: R X-Status: X-Keywords: X-UID: 290 -- Good day, My name is Portia, I work as a Care Giver in Dublin, Republic of Ireland. One of my clients my agency posted me to take good care of died of Corona Virus (COVID 19) November Last year. Before his demise, he nominated me as the beneficiarys of his WILL according to his lawyer. He survived with one dog, a cat, a house and a tangible sum in his account in the Republic of Ireland. I am not going to reveal any amount since this is my first communication. I need your help to evacuate these funds because Ive no capacity to claim these funds overseas since I am an immigrant from the Republic of South Africa. I will explain in totality once you show interest. Please respond via email or my telephone number. Looking forward to hearing from you. Best regards, Portia Webber +353 86 893 5952 -- From shuhuallinda@gmail.com Fri Sep 10 01:58:29 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.3 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_NAME_FM_MR_MRS,HK_SCAM,HTML_MESSAGE,LOTS_OF_MONEY, MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5978] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.166.46 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [shuhuallinda[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.166.46 listed in wl.mailspike.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [erezcelic0[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.4 HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.8 HK_SCAM No description available. * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 2.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-io1-f46.google.com (mail-io1-f46.google.com [209.85.166.46]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18A7wPo8043901 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 10 Sep 2021 01:58:29 -0600 Received: by mail-io1-f46.google.com with SMTP id f6so1298077iox.0 for ; Fri, 10 Sep 2021 00:58:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=fxJmteR/K3zOZb1zjdqYcGWUIsqY007PZkjJMMYuVfw=; b=DhHjQikt2HC1H6zdxRnMw38pA23VJPEKbbWNl8EfZcAsToxZPeaSw6utIphNfOiLI4 wsQh9WzCgZ/VzWYdIo6t9n3LWP2A/WYbRAyMb64lk27hoBDfb0MSZuSJY2gEaoMbIN6K n4I32/qPB28r0UmnndgAV8PPz3ly91EGOPAV5XloT1ve/IXZM40tVJDOoLuHM8GlZiC/ VTvOsivXoQdzFADepDFsTNCdpnNGqDIOCbB6e2MB/WgaatrHSq8/TtvKPvcA2S13iqIk F/tAzIXCrvV31grYp+qZHJZnfEwAotOY7Ew21uf+FWbFDc30x4Oj/zf1Y+PEUoZbxxXr YaKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=fxJmteR/K3zOZb1zjdqYcGWUIsqY007PZkjJMMYuVfw=; b=cbV0sAmZz9znl0uGGxtr9NyFMNk3sjiQeySNCo+K6iHyuPUqEZH22p2t3Zzy9h6a5z imK40R2maTtXvuGstl3s9bn1MiNCi5VGQ+HE+djytiZ6wuA+IzJvhv/3L5vaBhYztp0J BiSmID/C2O67m7jGAnJe8axm+2RvomLrm0Pfk6BilrMTu2p/11s/3cj1aM2oMWMisZmr 4ELrPIulwK1fN/9V4oOEupsp+/3ZetODv6Jh+svfUSMiH4HwD7akO1bWINrA5q9pICnI VV7iUTwqI8R3VWaTB3/+WYNMQT3NFYjg3YBfJ14B05JMGYiNFQ6Zubal5l+0TLqPMhId r4zQ== X-Gm-Message-State: AOAM531yYGIvkBaQAf2zTDBWZGjb4i+/4IeVi+4FXdNTkS60iCEttynS Vj66FKgulTseW1hkeAzabQkR+LSuFAw9t33OH3I= X-Google-Smtp-Source: ABdhPJxhIyAD5Xz6MS0KyhRXJiuiuf9wDKq9MlcD9xUobpfLfOlFdbbTLSnGbi0clctjOecQauZVhmJiu7rCGTPA+BE= X-Received: by 2002:a5d:9707:: with SMTP id h7mr5999348iol.28.1631260701397; Fri, 10 Sep 2021 00:58:21 -0700 (PDT) MIME-Version: 1.0 Reply-To: erezcelic0@gmail.com From: "Mr. Celic Erez" Date: Fri, 10 Sep 2021 00:58:00 -0700 Message-ID: Subject: [SPAM] I NEED YOUR URGENT RESPOND AND TRUST, To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="000000000000a4966e05cb9f7af4" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 10 Sep 2021 01:58:29 -0600 (CST) for IP:'209.85.166.46' DOMAIN:'mail-io1-f46.google.com' HELO:'mail-io1-f46.google.com' FROM:'shuhuallinda@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 10 Sep 2021 01:58:29 -0600 (CST) X-Spam-Prev-Subject: I NEED YOUR URGENT RESPOND AND TRUST, Status: R X-Status: X-Keywords: X-UID: 291 Content-Length: 1357 --000000000000a4966e05cb9f7af4 Content-Type: text/plain; charset="UTF-8" Good day My name is Celic Erez, a Board Member of ILBANK of Turkey. A late investor of our bank died and left $13, 500,000.00 Million dollars in our bank some years ago and there was no any next of kin to claim this fund. Please get back to me as soon as possible for more details if you are interested in my proposal. Best Regards Celic Erez --000000000000a4966e05cb9f7af4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Good day
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
My name is= =C2=A0Celic Er= ez, a Board Member of ILBANK of Turkey.
=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0
A late investor of our bank died and left $13, 500,000.00 Million= dollars in our bank some years ago and there was no any next of kin to cla= im this fund.
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
Please get back to me as= soon as possible for more details if you are interested in my proposal.=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
Best R= egards
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
Celic Erez
--000000000000a4966e05cb9f7af4-- From jhardin@impsec.org Tue Sep 14 13:39:57 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 5918 invoked by uid 99); 14 Sep 2021 14:37:39 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Sep 2021 14:37:39 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 69F6E1FF4C8 for ; Tue, 14 Sep 2021 14:37:38 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.544 X-Spam-Level: **** X-Spam-Status: No, score=4.544 tagged_above=-999 required=6.31 tests=[LOTS_OF_MONEY=0.001, MONEY_FREEMAIL_REPTO=2.533, RCVD_IN_HOSTKARMA_BL=1.5, SUBJ_ALL_CAPS=0.5, T_SPF_PERMERROR=0.01] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id PTdClT2AyXsx for ; Tue, 14 Sep 2021 14:37:37 +0000 (UTC) Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=183.90.242.42; helo=sv2141.xserver.jp; envelope-from=noreply@installa.com.br; receiver= Received: from sv2141.xserver.jp (sv2141.xserver.jp [183.90.242.42]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 6BA67BD2A5 for ; Tue, 14 Sep 2021 14:37:37 +0000 (UTC) Received: from virusgw2101.xserver.jp (virusgw2101.xserver.jp [183.90.242.243]) by sv2141.xserver.jp (Postfix) with ESMTP id E116690120D303; Tue, 14 Sep 2021 22:39:57 +0900 (JST) Received: from sv2141.xserver.jp (183.90.242.42) by virusgw2101.xserver.jp (F-Secure/fsigk_smtp/521/virusgw2101.xserver.jp); Tue, 14 Sep 2021 22:39:52 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/521/virusgw2101.xserver.jp) Received: from EC2AMAZ-LMRORUJ.ap-northeast-1.compute.internal (ec2-52-198-166-25.ap-northeast-1.compute.amazonaws.com [52.198.166.25]) by sv2141.xserver.jp (Postfix) with ESMTPSA id 518C890120D307; Tue, 14 Sep 2021 22:39:57 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: PCH-LOTTO-2021 GIFT To: Recipients From: "PCH" Date: Tue, 14 Sep 2021 13:39:57 +0000 Reply-To: pch.cliamdept@email.com Message-Id: <20210914133957.518C890120D307@sv2141.xserver.jp> Status: X-Status: X-Keywords: X-UID: 292 Content-Length: 1149 PUBLISHERS CLEARING HOUSE (PCH-LOTTO-2021 GIFT) Congratulation !!! we are happy to inform you of the result of the just concluded annual final= draws held on the 14th September 2021 by Publishers Clearing House Promoti= on program powered and sponsored by the EU and UN to fight this Pandemic Co= vid-19 your email was among the 10 Lucky winners who won $950,000.00 USD ea= ch on THE PUBLISHERS CLEARING HOUSE PROMOTION. You are advised to complete the form and send it immediately to our Promoti= on manager through email. 1* Full Name: ............................... 2* Country of Residence: ................. 3* Nationality: .................................. 4* Residential Address: .................... 5* Date Of Birth/Age: ........................ 6* Marital Status/Sex: ....................... 7* Telephone /Fax No: ........................ 8* Mobile No: ..................................... 9* Occupation: ................................... Send your details Via this email: pch.cliamdept@email.com WISHING YOU A HAPPY DAY !!! (CONTACT PROMOTION MANAGER) Mr. David Smith Online Award Director. Publisher's Clearing House. From contact@intracapitalholdings.com Sun Sep 19 08:33:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 18JFX2kP030960 for ; Sun, 19 Sep 2021 08:33:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******** X-Spam-Status: Yes, score=8.6 required=5.0 tests=BAYES_99,BAYES_999, FORGED_SPF_HELO,HTML_MESSAGE,MISSING_HEADERS,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [40.107.212.88 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [40.107.212.88 listed in wl.mailspike.net] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.1 FORGED_SPF_HELO No description available. X-Spam-Relay-Country: US US ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sun, 19 Sep 2021 08:33:02 -0700 (PDT) Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2088.outbound.protection.outlook.com [40.107.212.88]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18JFWl1o042664 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 19 Sep 2021 09:32:57 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lumigB+uNQrhHg1C50mNEAs4JaBAjWxLYSPMO+3c5QSTvBGqD6SEjMpvj6fuUg6AJ/mrGN27VnIjAKJm4D2UVgAWlYEHTGOSD6v99duIOoUrBsiaZHV6nTfloIK5fITY//FT7sXcjqcqFvoP3JfEBPZHw4M41Uss26DeXybFPMGIb+5dSBmiZXc65jRXYb91wGmr0iXuon7cBNSpLV/EcUGDg5R19+CfvTWrHKLOcsf1ywsRicsL6twMfp2tmwKcQ1tVcE9dpPoMVT26wwn+9mm1bd4lc6rlSjxMXjIIUPHdCDJWWjtu7cl3enw43COu5np6IIw4xvjy01aEjn3sXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=8TNHwnd2M8o7qgeaXUjoUQuHUVFSczxyH3uWfGbUEBM=; b=SfyQQxipsqLnfG0Z0BVbqnKPza1pRxfWn2PZgtPQM8sjsQvJIDKx2DtbuBdat8w1xe1ZUL+2Xghefiu63rf23vOkxLKjE1RxTDL88sqkbVtkuIsHeTXg6wqOk1/RA2m0xF6kMj+7tXBpETOX87OzKcx2zHQne/90zBRjXuNUKapNMdZDSkL/QST7hSpS9racHNNUlwAkTVGIS8sWIA0tW0rBLkKHlJhfommvAui6/38ms8wCb3wkIiIR16HzT91IgYG8CxZF2mtUXOFsalGSVUanei1fQWqcKKcZ/hPARVPg6RwhVGEFy7TzC94rFjy9HPdso3AQeHh7wQh7NTk6Ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intracapitalholdings.com; dmarc=pass action=none header.from=intracapitalholdings.com; dkim=pass header.d=intracapitalholdings.com; arc=none Received: from BYAPR02MB5543.namprd02.prod.outlook.com (2603:10b6:a03:9f::22) by BYAPR02MB4741.namprd02.prod.outlook.com (2603:10b6:a03:52::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.17; Sun, 19 Sep 2021 15:32:39 +0000 Received: from BYAPR02MB5543.namprd02.prod.outlook.com ([fe80::9ca2:8b69:b8b5:b002]) by BYAPR02MB5543.namprd02.prod.outlook.com ([fe80::9ca2:8b69:b8b5:b002%6]) with mapi id 15.20.4523.018; Sun, 19 Sep 2021 15:32:39 +0000 From: "contact intracapitalholdings.com" Subject: [SPAM] Urgente Urgente per favore rispondimi Thread-Topic: Urgente Urgente per favore rispondimi Thread-Index: AQHXrWt1Bw7UC3xq40eV4yAWMX1KMg== Date: Sun, 19 Sep 2021 15:32:39 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 7418f9f5-78db-5d9c-40a2-d1aa03c503c5 authentication-results: protonmail.com; dkim=none (message not signed) header.d=none;protonmail.com; dmarc=none action=none header.from=intracapitalholdings.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 91a03b24-9403-48b2-7340-08d97b82b6ea x-ms-traffictypediagnostic: BYAPR02MB4741: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1728; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: v21VfrLdbvtqNumBnsbNsCw1GWWsddDyHz2CPh0zBJh3R4M2Mer/3p0CG8+wnHhTlUpGknwv1ewVH1httxPDeFlz1DBJuzJgkVDJMEcZ+EZvTPf7Zk40hjUWmjGcGh7iSkX2I6ZOWTZ8qC1aomYOGuQJVBPvNMf077CMQHF2FZWzWYNZru++dmCoVHqsouTkAi3jYEU/x1wsGEWiSYfHlj0uVipeiqQ1E0nEVxpbDYn7X2qigi3ar4X/zibNNwyuxrK/oESKYyNwyIHM9RgSUBYySghKtnzY/3CKKZW6c0PzD/i84VEB7YaFEj7NAWChnXTexzrZ2aj3RWvwOwRaPnZHZghq5MUFpRHBFRN96PdJHKyIuVUWz7LqSs797J63qt7ooFzBzXw7CLhrNCtiUt9VeEnMVyPDl+fz0hKKGRwoBlqiPjNbkvZ3ZrSe2aq/D8LCsFvPh8O8AFgedMM6FwT8M0kSvnxnsBdaKll9ICzlPyAxgNJ1rw+zJPks6YqFunWD1qw22jOvSQQ1OBNvTqfNWAurWU9RZGRbtOzeeFF3tSe4j72enn2O2sOFRC5sKtbXpNdyuPW/p9ttUVy+NkcYOtX2jebCN/1+jcnJhv02De4hkcxaPqKdYeqAJm7tYc3x/nBp5dPutj3uaed6gI+015Yc3EgrfYYurWOr7I/+CPHn0q0v4RwGuSJtHnfF x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR02MB5543.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(39850400004)(396003)(366004)(346002)(136003)(7366002)(38100700002)(76116006)(7406005)(4744005)(122000001)(91956017)(66946007)(19627405001)(71200400001)(8936002)(6506007)(26005)(7416002)(33656002)(55016002)(86362001)(8676002)(7696005)(9686003)(66446008)(66556008)(109986005)(316002)(7336002)(186003)(66476007)(64756008)(52536014)(38070700005)(508600001)(2906002)(5660300002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?P8LDdMAkpiIijXTgDqAd09JYYex3kYepmatIwFfS7Oz8mQDLbwVSnVUYBc?= =?iso-8859-1?Q?xMb91m72imOduor9Jqceweemq8tvCr7GiemOmIDK3NOjKYf1w1oc6ahWTc?= =?iso-8859-1?Q?BLw5ljSDiUz1LR723JbNPYGPAR0AhH+UPqx0yAQojaAvkTS6ApI4z2TTfp?= =?iso-8859-1?Q?DYINqqus/rwWbYHU0Rjab5osQFs4jHLQyO06ar7If3GU4I4mT27bQfoNss?= =?iso-8859-1?Q?8FB2rSHUuznFwt209Mw3ImrV1cq8kL1FBmOsfH6Oooj0aTtZGoPDdAwJW9?= =?iso-8859-1?Q?gy13bEe5B6Sy7egeN5WysBJFuwgv9nFx9Cn305YE/cMTgPjVqXEC7tNdzm?= =?iso-8859-1?Q?TGopwrRu4kUDJb79zVmRBUr9tm6qKNSJaPhQDFMaBBfGsfz3iIZ44LPZBl?= =?iso-8859-1?Q?v6M1rnTeFK6T09WRuiyymgG1a9BgyL4rm988RUGWq/c9TvLfddtKSK1ks5?= =?iso-8859-1?Q?Xm1qgqDpPdGDBrpk5ViPjXXleZcVAXh7FHECcQyd+A4DydLiOOqKgJQntm?= =?iso-8859-1?Q?Dtg4geNUHcv6Oiw6GiADaSzgxNgJ//VHEljQyQn+bX4INj53eg1C2OIRzu?= =?iso-8859-1?Q?9IJR4UjX+yeCTp9mHZZudZhoD5cP3et60zijfpo90QLiTcEvBXt6U+au/K?= =?iso-8859-1?Q?dIF9UcxfBJWnOjJLsVhFM7SD4BdhZbrd2N6GMuPcVeZkftFJlcYoZj2GDT?= =?iso-8859-1?Q?Wc3bYJ3FdlG0wFCwZwU6hVTJQS0NEcgdTNbSRXJOOh1H073aq7+dxq3dFW?= =?iso-8859-1?Q?eoNsNU7Mg04FqGqEIWyyswr0q8JI2khn1VbemnyvdCL4NTYuqmxaYPIFD1?= =?iso-8859-1?Q?BvZ+w1bBI8XPx195thaPFYcgkQbv0YZoy7WmItgVJ3qF2fGh9nYQo+woJ3?= =?iso-8859-1?Q?ZTy2ev+Qh05WZhtRii3KP3bu2PFTYKnq8eBJJ8l6OxIJ+Ve6MNkjKr0z1K?= =?iso-8859-1?Q?iwmDgcmwfg3MpB0+i+VirnqnBOJZUP9mU5iOzNfYwU+56ecMSKjjmqRZ70?= =?iso-8859-1?Q?1M4T9nqvtsStoTUtzFYB38gdZFSoLKavFKHkWl+zaiFC63D0Wz6rFDdU+0?= =?iso-8859-1?Q?IzOuBbCLQo/nNUzkWzzb0fEXmTV8msTNvWrq5fOvGecGSaO6XhLb/WFU1d?= =?iso-8859-1?Q?B3Ew60xl6/8Hag6Gcet2EARy6vHV17OIsuZNDVrRZ9n7XWLX4+HQ4vVx32?= =?iso-8859-1?Q?INC9Lm4T7qezk0TDHWpWF4ziZS0yTrrBbMQVW6t1dMdO5oJETKbLh2JDJf?= =?iso-8859-1?Q?q821OKVImfOOoM0FIyQnerjCZRu48NsihSmTQnz2uNxrNW9jKC/11uhZzS?= =?iso-8859-1?Q?bC5I1t54ls1QaoRPico1XeKW/UyYdkLcVAQSYJyrQCtQzi0=3D?= x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_BYAPR02MB55438B038156D1C177C90272CBDF9BYAPR02MB5543namp_" MIME-Version: 1.0 X-OriginatorOrg: intracapitalholdings.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR02MB5543.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91a03b24-9403-48b2-7340-08d97b82b6ea X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2021 15:32:39.1200 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: fbaa3f43-5507-405a-ac5a-c97593769211 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: KEqProP9gBlBrFHemqXfeZtH5W+gXa50vJZ9FvxyePdUIG1KD6oZMBCLLJZcJfbole/ANXYNm183zKFqKEL6jvHP449Va7Ac91VwosYEg3bYc01iG1nyUYlYIakvZ/p2 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR02MB4741 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 19 Sep 2021 09:32:57 -0600 (CST) for IP:'40.107.212.88' DOMAIN:'mail-bn1nam07on2088.outbound.protection.outlook.com' HELO:'NAM02-BN1-obe.outbound.protection.outlook.com' FROM:'contact@intracapitalholdings.com' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 19 Sep 2021 09:32:57 -0600 (CST) X-Spam-Prev-Subject: Urgente Urgente per favore rispondimi Status: R X-Status: X-Keywords: X-UID: 293 Content-Length: 2033 --_000_BYAPR02MB55438B038156D1C177C90272CBDF9BYAPR02MB5543namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Alla tua attenzione Per favore scusami per questa intrusione ma sono senza fiato infatti ho un = cancro ai polmoni allo stadio 3 e di recente ho contratto il COVID-19 e sec= ondo il mio medico le mie possibilit=E0 di sopravvivenza sono molto scarse,= quindi sapendo che sono molto debole e senza dimenticando che ho solo il m= io cane al mio fianco perch=E8 non ho avuto la possibilit=E0 di mettere su = famiglia figuriamoci avere dei figli vorrei DONARE la mia propriet=E0. Si prega di scrivere alla mia email privata qui sotto: Ackel.kterine2@protonmail.com Dio vi benedica --_000_BYAPR02MB55438B038156D1C177C90272CBDF9BYAPR02MB5543namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Alla tua attenzione

Per favore scusami per questa intrusione ma sono senza fiato infatti h= o un cancro ai polmoni allo stadio 3 e di recente ho contratto il COVID-19 = e secondo il mio medico le mie possibilit=E0 di sopravvivenza sono molto sc= arse, quindi sapendo che sono molto debole e senza dimenticando che ho solo il mio cane al mio fianco perch=E8= non ho avuto la possibilit=E0 di mettere su famiglia figuriamoci avere dei= figli vorrei DONARE la mia propriet=E0.

Si prega di scrivere alla mia email privata qui sotto:

Ackel.kterine2@protonmail.com

Dio vi benedica


--_000_BYAPR02MB55438B038156D1C177C90272CBDF9BYAPR02MB5543namp_-- From jhardin@impsec.org Tue Sep 21 15:36:36 2021 +0000 Return-Path: Delivered-To: moderator for private@spamassassin.apache.org Received: (qmail 28157 invoked by uid 99); 21 Sep 2021 15:36:47 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Sep 2021 15:36:47 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id DD140BFD36; Tue, 21 Sep 2021 15:36:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 2.205 X-Spam-Level: ** X-Spam-Status: No, score=2.205 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id RWM693vb8JwJ; Tue, 21 Sep 2021 15:36:46 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.92.65.100; helo=eur01-he1-obe.outbound.protection.outlook.com; envelope-from=ellenjanna575ryabova@outlook.com; receiver= Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-oln040092065100.outbound.protection.outlook.com [40.92.65.100]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 181257EA01; Tue, 21 Sep 2021 15:36:45 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fpqE5vV5Byqq4WvDqqjyBzKHqse4LM4oZ848iYiDdL8kA5YPdtff0q5QgPguWheBIlac/SSxveEkCujYaZFRbo9Cp8mIzAvxrSkAf/jkOFdPj0vZ6fUxJ5VV1vJiMu497CU4TdHWZ/+JnWCMKOlRQvwSvc4GLAy3tnaIRx5ei2aWkY9WB6VC/d2KLkll2T8FexVk+eHDRe+RsQZbuPozQloSlzxn/y58V8tIKiTZfoUCdw8yuZxMWkk3XCfVkg34BQ9AgSavUkcOBB/W7ipu9kNopiOWrRZlE7D9k2LdzmfKC8xDqgcJRedBvOFj2bQwvm+qSEaoJf6i2UdIdECSUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/sYcYAx1ixl6ViWMNg/MCN1OF8XWKUv2W9iitbbjHU0=; b=VcZe3Z5t1pwSkt5P4YYq4nnf1+UnXHiWwaUmDgfbIp28pZ/0kG8Na3DAV9DQfzAKX19BXx+M0SXdu7rNuoAc8eJZfXoHJ1QMHzKGsJVmoyU4itxi7m4FoSsBXhbaaDuiLmNhfAbUdPvueds+gag/eH4+kkpzF4e1oZ/DoeaBfXLzS9T4RJg2p2kAOVt5dJSIUk3J1SpNq8fWTS1TFygRgfPlIA7VMbEHY+39L5W43RCPbIZUR6lsv6MdXbOiVFgxD9HXY6Yv6Y4M5f3Wm9T0DkHYc5zuOWhr9Tis9kFSmytFPMFp/uKe9U6qWRbWerxKPMATxAkohZdOWn8ACtYuug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/sYcYAx1ixl6ViWMNg/MCN1OF8XWKUv2W9iitbbjHU0=; b=cmAbvbcEz71jJzuYTnt6h4q9gMvWkEqvUmQrbAvBs+RC8yZgwA99+fvkjiv2mM4TmreREI1+ptinlZZkexELuV02gsV0yyoMVYOMgOMHYV6q1+hVWZcEIEAI0JPjy3C4PGIFDz2b6+huBrTjHIjsI/tob5Ue7v0YLE28+kn57OLOH1Kgqnwu5b9WVyMVmFVG25nkwfZTkkxg6T/9G9P4oqnL+7tEjlrlhfyUMrhOV4ziSAl9maHI9iY92Q3MPka9ZnyNOIVRPVXEx5aDrMUp10q/7az0mkapF9Cp9NVHCjiSHMvftZLIDaQNVGCm39GLYgngvvjvkOI8bdZglUoxhg== Received: from AM0PR09MB3874.eurprd09.prod.outlook.com (2603:10a6:208:19a::16) by AM0PR09MB4145.eurprd09.prod.outlook.com (2603:10a6:208:191::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Tue, 21 Sep 2021 15:36:36 +0000 Received: from AM0PR09MB3874.eurprd09.prod.outlook.com ([fe80::c451:9e0d:13ff:451b]) by AM0PR09MB3874.eurprd09.prod.outlook.com ([fe80::c451:9e0d:13ff:451b%9]) with mapi id 15.20.4523.018; Tue, 21 Sep 2021 15:36:36 +0000 From: delan CL Subject: Partnership! Thread-Topic: Partnership! Thread-Index: AQHXrv44AhMZt3/F1kmUP3MKUKI8Wg== Date: Tue, 21 Sep 2021 15:36:36 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: a07b2e58-60cf-f5d7-8242-50e97d3e6c41 x-tmn: [SxPvdYuw0//71l2sOLm5azrDx9T17saQaTz26rAXUU8=] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 18cf1389-ca78-449b-ebb7-08d97d159948 x-ms-exchange-slblob-mailprops: kkYwTTPATwV2Zl9kHJ6wzDY+z1AFkLXF0eiB87n3g5Kdt3AzFsx0zLV8LHteP+zHDC9hojX/7s2LsFOaNgZ4slFfcFRRtmM9+xyxO0x1Kk61MorqJAcBCCCzYR4Fwp1/88yFQjp/dsoGl721TYURGtzcNdeSbr+P9+lRLMNT7vCl3VUL3KtmDHIJtBbzvXNPtONKk0IIpbHn7K4cBuWgcwdwr6rZzIuz2fV29MizPp4s1eKuQDYjUN9f9AIImag622KwCBIjfqxtANkkEMXJrfCDU5FsGSbtCmXpO7LB/JlWNo9BkgZNke+X4ka24ofiaO0ebyu37L3DHpJfxE1VG/ANfcL2ax/vhoicNgWRRY57+qEh3fCythVNiZw+52xDLpIhuyisde+oZ9CfjlpCUMsjw6CdEpA0i38eAps4mF+qeJsl24kJNdXl74o4rIUidULb3s9UBvQHQtBMS1eTMJjr9YRu9wT4LS1gXntiJZUkKHbI7QdCJyO7BbiHS4cwkF2KOyDd46OSj6k7C1nOnhCjFY756DNVSDp9rzS0BT+JYnvyC2Hot1/ilj3n9g0NZ7LOF7J0aHiAUYl+0KLYKbdmmu2u10V+/25pYzZOsfavkqp/dOkdjDYUrXNM47Cd x-ms-traffictypediagnostic: AM0PR09MB4145: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: yEvbDPhTWrUgvxFwh8Yp5hO8MkvW4SES+MUPnTjotQdxupB3r7o7p/uy7PvLMKmxO0vL2yR8XdUQFBCdU7EI++YxRv4cIu6oRFSwHG89jqIXgZsxS8v3S726aIV5pNPzZnoZ9saZpE/W/p2otl52joIj3wtj5ZWmscorCdFq2vb8s+GplNb14YwBzHtEzF7BIXQG15+vg3ytKSfMgP2ZgYtuSbiywstK+k/8TWJH6LLETp5FS+IcdEQfHrL/98syDKB+LrAhwmnednzT/8NQ+QKVjySU7dCSEoFuCII7NAmh0tA+PRJLk29W6sZgPmpCMaCchSZNnNL2aosl4EtWtGvxDiwqcuQVzBvz9T8Aqdtpgl2ayGADFdEcUOYiiX1K7nZYvgoehCHo8vMnHobB58ugy8xyiduCgv82+cFxzxYI6LWZDUPuqgZi3sxeMPTi x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: S+BzBUhCX+NXMJwBsp8tVSHfo2FLCFtIdTFabPmnrdWdsFweB2H+zUBJTJoiahM0hEWnYrb9VbY3QrmWKvHKSWuwaSGdVbZnwxsFpxcLS0lRBHJCxKiJy/GLytb/ZFS7XREGC6iHl70i5wOxg2zwbA== x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM0PR09MB3874.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 18cf1389-ca78-449b-ebb7-08d97d159948 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2021 15:36:36.6226 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR09MB4145 Status: X-Status: X-Keywords: X-UID: 294 Content-Length: 1951 --_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sir, Your reputable Profile gives me the impression to engage you to be a suitab= le partner in our company. It is all about you being a partner as a License= Agent in between my company and the Equatorial Guinea National Oil Company= , (GEPetrol). It is a profitable venture. On your response I will give you = clearer details of this operation. Please be kind to respond using the foll= owing email address: (mikeaustinesino@gmail.com) Regards, Augustine, Michael (B. Eng) Supervisor, Procurement Sinopec Group Email: michael.augustine@sino-pec.org --_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Sir,    

Your reputable Profile gives me the impression to engage you to be a s= uitable partner in our company. It is all about you being a partner as a Li= cense Agent in between my company and the Equatorial Guinea National Oil Co= mpany, (GEPetrol). It is a profitable venture. On your response I will give you clearer details of this operatio= n. Please be kind to respond using the following email address:  (mike= austinesino@gmail.com)

Regards,
Augustine, Michael (B. Eng)
Supervisor, Procurement Sinopec Group
Email: michael.augustine@sino-pec.org
--_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_-- From jhardin@impsec.org Tue Sep 21 15:36:36 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 28157 invoked by uid 99); 21 Sep 2021 15:36:47 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Sep 2021 15:36:47 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id DD140BFD36; Tue, 21 Sep 2021 15:36:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 2.205 X-Spam-Level: ** X-Spam-Status: No, score=2.205 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id RWM693vb8JwJ; Tue, 21 Sep 2021 15:36:46 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=40.92.65.100; helo=eur01-he1-obe.outbound.protection.outlook.com; envelope-from=ellenjanna575ryabova@outlook.com; receiver= Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-oln040092065100.outbound.protection.outlook.com [40.92.65.100]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 181257EA01; Tue, 21 Sep 2021 15:36:45 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fpqE5vV5Byqq4WvDqqjyBzKHqse4LM4oZ848iYiDdL8kA5YPdtff0q5QgPguWheBIlac/SSxveEkCujYaZFRbo9Cp8mIzAvxrSkAf/jkOFdPj0vZ6fUxJ5VV1vJiMu497CU4TdHWZ/+JnWCMKOlRQvwSvc4GLAy3tnaIRx5ei2aWkY9WB6VC/d2KLkll2T8FexVk+eHDRe+RsQZbuPozQloSlzxn/y58V8tIKiTZfoUCdw8yuZxMWkk3XCfVkg34BQ9AgSavUkcOBB/W7ipu9kNopiOWrRZlE7D9k2LdzmfKC8xDqgcJRedBvOFj2bQwvm+qSEaoJf6i2UdIdECSUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/sYcYAx1ixl6ViWMNg/MCN1OF8XWKUv2W9iitbbjHU0=; b=VcZe3Z5t1pwSkt5P4YYq4nnf1+UnXHiWwaUmDgfbIp28pZ/0kG8Na3DAV9DQfzAKX19BXx+M0SXdu7rNuoAc8eJZfXoHJ1QMHzKGsJVmoyU4itxi7m4FoSsBXhbaaDuiLmNhfAbUdPvueds+gag/eH4+kkpzF4e1oZ/DoeaBfXLzS9T4RJg2p2kAOVt5dJSIUk3J1SpNq8fWTS1TFygRgfPlIA7VMbEHY+39L5W43RCPbIZUR6lsv6MdXbOiVFgxD9HXY6Yv6Y4M5f3Wm9T0DkHYc5zuOWhr9Tis9kFSmytFPMFp/uKe9U6qWRbWerxKPMATxAkohZdOWn8ACtYuug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/sYcYAx1ixl6ViWMNg/MCN1OF8XWKUv2W9iitbbjHU0=; b=cmAbvbcEz71jJzuYTnt6h4q9gMvWkEqvUmQrbAvBs+RC8yZgwA99+fvkjiv2mM4TmreREI1+ptinlZZkexELuV02gsV0yyoMVYOMgOMHYV6q1+hVWZcEIEAI0JPjy3C4PGIFDz2b6+huBrTjHIjsI/tob5Ue7v0YLE28+kn57OLOH1Kgqnwu5b9WVyMVmFVG25nkwfZTkkxg6T/9G9P4oqnL+7tEjlrlhfyUMrhOV4ziSAl9maHI9iY92Q3MPka9ZnyNOIVRPVXEx5aDrMUp10q/7az0mkapF9Cp9NVHCjiSHMvftZLIDaQNVGCm39GLYgngvvjvkOI8bdZglUoxhg== Received: from AM0PR09MB3874.eurprd09.prod.outlook.com (2603:10a6:208:19a::16) by AM0PR09MB4145.eurprd09.prod.outlook.com (2603:10a6:208:191::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13; Tue, 21 Sep 2021 15:36:36 +0000 Received: from AM0PR09MB3874.eurprd09.prod.outlook.com ([fe80::c451:9e0d:13ff:451b]) by AM0PR09MB3874.eurprd09.prod.outlook.com ([fe80::c451:9e0d:13ff:451b%9]) with mapi id 15.20.4523.018; Tue, 21 Sep 2021 15:36:36 +0000 From: delan CL Subject: Partnership! Thread-Topic: Partnership! Thread-Index: AQHXrv44AhMZt3/F1kmUP3MKUKI8Wg== Date: Tue, 21 Sep 2021 15:36:36 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: a07b2e58-60cf-f5d7-8242-50e97d3e6c41 x-tmn: [SxPvdYuw0//71l2sOLm5azrDx9T17saQaTz26rAXUU8=] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 18cf1389-ca78-449b-ebb7-08d97d159948 x-ms-exchange-slblob-mailprops: kkYwTTPATwV2Zl9kHJ6wzDY+z1AFkLXF0eiB87n3g5Kdt3AzFsx0zLV8LHteP+zHDC9hojX/7s2LsFOaNgZ4slFfcFRRtmM9+xyxO0x1Kk61MorqJAcBCCCzYR4Fwp1/88yFQjp/dsoGl721TYURGtzcNdeSbr+P9+lRLMNT7vCl3VUL3KtmDHIJtBbzvXNPtONKk0IIpbHn7K4cBuWgcwdwr6rZzIuz2fV29MizPp4s1eKuQDYjUN9f9AIImag622KwCBIjfqxtANkkEMXJrfCDU5FsGSbtCmXpO7LB/JlWNo9BkgZNke+X4ka24ofiaO0ebyu37L3DHpJfxE1VG/ANfcL2ax/vhoicNgWRRY57+qEh3fCythVNiZw+52xDLpIhuyisde+oZ9CfjlpCUMsjw6CdEpA0i38eAps4mF+qeJsl24kJNdXl74o4rIUidULb3s9UBvQHQtBMS1eTMJjr9YRu9wT4LS1gXntiJZUkKHbI7QdCJyO7BbiHS4cwkF2KOyDd46OSj6k7C1nOnhCjFY756DNVSDp9rzS0BT+JYnvyC2Hot1/ilj3n9g0NZ7LOF7J0aHiAUYl+0KLYKbdmmu2u10V+/25pYzZOsfavkqp/dOkdjDYUrXNM47Cd x-ms-traffictypediagnostic: AM0PR09MB4145: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: yEvbDPhTWrUgvxFwh8Yp5hO8MkvW4SES+MUPnTjotQdxupB3r7o7p/uy7PvLMKmxO0vL2yR8XdUQFBCdU7EI++YxRv4cIu6oRFSwHG89jqIXgZsxS8v3S726aIV5pNPzZnoZ9saZpE/W/p2otl52joIj3wtj5ZWmscorCdFq2vb8s+GplNb14YwBzHtEzF7BIXQG15+vg3ytKSfMgP2ZgYtuSbiywstK+k/8TWJH6LLETp5FS+IcdEQfHrL/98syDKB+LrAhwmnednzT/8NQ+QKVjySU7dCSEoFuCII7NAmh0tA+PRJLk29W6sZgPmpCMaCchSZNnNL2aosl4EtWtGvxDiwqcuQVzBvz9T8Aqdtpgl2ayGADFdEcUOYiiX1K7nZYvgoehCHo8vMnHobB58ugy8xyiduCgv82+cFxzxYI6LWZDUPuqgZi3sxeMPTi x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: S+BzBUhCX+NXMJwBsp8tVSHfo2FLCFtIdTFabPmnrdWdsFweB2H+zUBJTJoiahM0hEWnYrb9VbY3QrmWKvHKSWuwaSGdVbZnwxsFpxcLS0lRBHJCxKiJy/GLytb/ZFS7XREGC6iHl70i5wOxg2zwbA== x-ms-exchange-transport-forked: True X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM0PR09MB3874.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 18cf1389-ca78-449b-ebb7-08d97d159948 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Sep 2021 15:36:36.6226 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR09MB4145 Status: X-Status: X-Keywords: X-UID: 295 Content-Length: 1951 --_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sir, Your reputable Profile gives me the impression to engage you to be a suitab= le partner in our company. It is all about you being a partner as a License= Agent in between my company and the Equatorial Guinea National Oil Company= , (GEPetrol). It is a profitable venture. On your response I will give you = clearer details of this operation. Please be kind to respond using the foll= owing email address: (mikeaustinesino@gmail.com) Regards, Augustine, Michael (B. Eng) Supervisor, Procurement Sinopec Group Email: michael.augustine@sino-pec.org --_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Sir,    

Your reputable Profile gives me the impression to engage you to be a s= uitable partner in our company. It is all about you being a partner as a Li= cense Agent in between my company and the Equatorial Guinea National Oil Co= mpany, (GEPetrol). It is a profitable venture. On your response I will give you clearer details of this operatio= n. Please be kind to respond using the following email address:  (mike= austinesino@gmail.com)

Regards,
Augustine, Michael (B. Eng)
Supervisor, Procurement Sinopec Group
Email: michael.augustine@sino-pec.org
--_000_AM0PR09MB38746E3A5609961756DE1EC59FA19AM0PR09MB3874eurp_-- From jhardin@impsec.org Wed Sep 22 00:38:05 2021 -0700 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 50963 invoked by uid 99); 22 Sep 2021 07:38:21 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Sep 2021 07:38:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 443471FF4F0 for ; Wed, 22 Sep 2021 07:38:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.143 X-Spam-Level: **** X-Spam-Status: No, score=4.143 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_ONLY_12=1.629, HTML_MESSAGE=0.2, LOTS_OF_MONEY=0.001, MONEY_FROM_MISSP=0.001, RCVD_IN_BL_SPAMCOP_NET=2, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L4=0.001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=mailgun.net Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id JpHVq71Ps9-M for ; Wed, 22 Sep 2021 07:38:20 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.237.158.61; helo=notifications-01.mailgun.com; envelope-from=storage@mailgun.net; receiver= Received: from notifications-01.mailgun.com (notifications-01.mailgun.com [192.237.158.61]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id B03A07EA03 for ; Wed, 22 Sep 2021 07:38:20 +0000 (UTC) DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mailgun.net; q=dns/txt; s=mg; t=1632296300; h=Reply-To: Date: From: To: Subject: Mime-Version: Content-Type: Message-Id; bh=4u9Zqxd6wvf0TJHr/kQAOy18zlE6ItClNf5fFfuonRY=; b=a2gtNYFPtC6NLMPddYllPQbD0zg3WqpsEr9pBzLcXqgxa4BaQQGSAnmRiYhZ7Ye2PvXeWM8/ YQ0y0yN68QSN0kbq0kS0UBtJ7QBLxeaKVSOao9iTQMEUOQHSwg665vWZjSkg+C2UhL8qcWHb 5jTB87rdorMSh8GFVoli5onumv8= X-Mailgun-Sending-Ip: 192.237.158.61 X-Mailgun-Sid: WyJlMDUyZCIsICJ1c2Vyc0BzcGFtYXNzYXNzaW4uYXBhY2hlLm9yZyIsICIxNyJd Received: from [103.232.53.22] ( [103.232.53.22]) by smtp-out-n01.prod.us-west-2.postgun.com with SMTP id 614add6b65c3cc8c632efc46; Wed, 22 Sep 2021 07:38:19 GMT Message-Id: <20210922073819.49b829a2b53e18ff@mailgun.net> X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="===============0415068716==" Mime-Version: 1.0 Subject: APOSTLES FOUNDATION FINANCIAL SUPPORT !!! To: Recipients From: "AFS" Date: Wed, 22 Sep 2021 00:38:05 -0700 Reply-To: support@apostlesfoundation.com X-Mailer: TurboMailer 2 Status: X-Status: X-Keywords: X-UID: 296 Content-Length: 2019 --===============0415068716== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable Dear beloved, = You have been selected to receive a financial support of $120,000 issued b= y Apostle Foundation. This Financial support is part of Apostle Foundation = humanitarian and philanthropic contribution to individuals and companies du= ring this period of covid 19 pandemic crises. This gesture is to enable the= beneficiaries get back to business and live a normal life again. For more = details kindly contact us through the email below: support@apostlesfoundati= on.com God bless you. = Mr. Regis Cochefert Director: Grants and Programme = Apostles Foundation=20 --===============0415068716== Content-Type: text/html; charset="iso-8859-1" Mime-Version: 1.0 Content-Description: Mail message body Content-Transfer-Encoding: quoted-printable

Dear beloved,

You have been selected to receive a financial support of $120,000 issued= by Apostle Foundation. This Financial support is part of Apostle Foundatio= n humanitarian and philanthropic contribution to individuals and companies = during this period of covid 19 pandemic crises. This gesture is to enable t= he beneficiaries get back to business and live a normal life again. For mor= e details kindly contact us through the email below: support@apostlesfoundation.com

 God bless you.

Mr. Regis Cochefert=20 Director: Grants and Programme

Apostles Foundation

<= DEFANGED_IMG width=3D"1px" height=3D"1px" alt=3D"" src= =3D"http://email.mailgun.net/o/eJwNy0sOhCAMANDTDEtCS_ktOExhQEkUDR3vPyZv-74Z= ghoZDYJJiCbYCElTKhETY3G2Qez9Q-bkcWzP1LP91J6rTz44a0MkCh47kCEu1fXSXQFgtfIjbck= b5eaTRV5jar657k1fa_sDyukj_w"> --===============0415068716==-- From hawaiianldy@hawaiiantel.net Mon Sep 20 16:18:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.1 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_HEADERS, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RELAY_COUNTRY_JP, REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,TO_NO_BRKTS_FROM_MSSP, TO_NO_BRKTS_MSFT,T_SPF_PERMERROR,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9916] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 NSL_RCVD_FROM_USER Received from User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [210.166.222.124 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [210.166.222.124 listed in bl.mailspike.net] * 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool * 0.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: JP ** US Received: from ns.starvations.jp (ns.starvations.jp [210.166.222.124]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18KMI6EX045061 for ; Mon, 20 Sep 2021 16:18:10 -0600 Message-Id: <202109202218.18KMI6EX045061@ga.impsec.org> Received: from ns.starvations.jp (ns.starvations.jp [127.0.0.1]) by ns.starvations.jp (Postfix) with ESMTP id 86AE186CEA03 for ; Tue, 21 Sep 2021 02:05:46 +0900 (JST) Received: from User (unknown [66.154.113.231]) by ns.starvations.jp (Postfix) with ESMTPA id 5E96F865099E; Tue, 21 Sep 2021 01:58:48 +0900 (JST) Reply-To: From: "John Michael" Date: Mon, 20 Sep 2021 09:59:29 -0700 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: [SPAM] [SPAM 4: S25 KAS] Re: failed funds transfer Please contact me X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 20 Sep 2021 16:18:10 -0600 (CST) for IP:'210.166.222.124' DOMAIN:'ns.starvations.jp' HELO:'ns.starvations.jp' FROM:'hawaiianldy@hawaiiantel.net' RCPT:'' X-Greylist: Delayed for 04:43:25 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 20 Sep 2021 16:18:10 -0600 (CST) X-Spam-Prev-Subject: [SPAM 4: S25 KAS] Re: failed funds transfer Please contact me Status: R X-Status: X-Keywords: X-UID: 297
Hi
I have been trying to contact you concerning your transfer which I discovered in an account with our firm.
I noticed that your money could not be transferred because you did not sign the transfer document.
I will appreciate it if you can offer me 5% of the total money so that I will work with you concerning this issue.
If you accept, I will direct you on what next to do.
Yours faithfully
Mr. John Michael...
 From bounces+17618315-c9cf-jhardin=impsec.org@u17618315.wl066.sendgrid.net Thu Sep 23 03:12:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 18NAC2vA027829 for ; Thu, 23 Sep 2021 03:12:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******* X-Spam-Status: Yes, score=7.6 required=5.0 tests=BAYES_80,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,LOTS_OF_MONEY,MONEY_NOHTML, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_VALIDITY_RPBL,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9210] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [149.72.37.212 listed in bl.score.senderscore.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.5 MONEY_NOHTML Lots of money in plain text X-Spam-Relay-Country: US ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 23 Sep 2021 03:12:02 -0700 (PDT) Received: from wrqvnrdq.outbound-mail.sendgrid.net (wrqvnrdq.outbound-mail.sendgrid.net [149.72.37.212]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18NAAAq9038173 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 23 Sep 2021 04:10:16 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vis.org.au; h=content-type:mime-version:content-transfer-encoding: content-description:subject:from:reply-to:to; s=s1; bh=vP+mb75NAk7/UioqQMd+aSlQ/ogXPINt+YGQem4QfS0=; b=oncOpERnZCVX8DjTXfRz0J6yNul7WJj6PLLSeAdb9OVET1IJhxc5d09orm2ZrNs5GR+s UUM+MrZru01V25ScCIwa+ynwhNUJgph5xjatJx7B529lS8eh8tUt3TtgtTM/rgzy+Ez/sX U/0Zd7bmAjRcgwiaPeYcZT2AMPk+1Vbpz3uLgo8QbYzWTJXMxbWA3PBMEu6kAIJaa5KVuI rZY2sCqG6O+BfG/2c1s1zx44Fkx4WInfJRk763S4qwCCZkUdyYah7i1KR2UD8BhWW3lkgS mpEJArCwS9l2ytzD14HXGUN9cGU7s8eNU2FqM6wKzbrE8SdAZZL3HmdPqxoL1P2w== Received: by filterdrecv-6b4b75bfd9-6hkpm with SMTP id filterdrecv-6b4b75bfd9-6hkpm-1-61496C23-16 2021-09-21 05:22:43.394323769 +0000 UTC m=+1666944.317005398 Received: from [192.168.1.200] (unknown) by ismtpd0065p1las1.sendgrid.net (SG) with ESMTP id _QrUUxqfQC2m7IA2MbAfBg Tue, 21 Sep 2021 05:22:43.145 +0000 (UTC) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Pierre's Gift From: Pierre Omidyar Date: Tue, 21 Sep 2021 05:22:44 +0000 (UTC) Message-ID: <_QrUUxqfQC2m7IA2MbAfBg@ismtpd0065p1las1.sendgrid.net> Reply-To: pierresgift_2021@indamail.hu X-SG-EID: =?us-ascii?Q?0+3BEmO2=2Fy=2FqwoxML33=2FOJJwuIr6Cs7dEgMKbLU5NrGWzI4o=2FF8D5OntH+XP8=2F?= =?us-ascii?Q?8=2FvknVWb1j3UmYGzuOTwg+tcwLzryket=2FjhrX9F?= =?us-ascii?Q?691PEgUCmINF7De4qi9BWJyr0wTs3W4pu78YQpe?= =?us-ascii?Q?fZKsTc37nzO1RWZJd68d7BXFWeUeOVI=2F54COCS3?= =?us-ascii?Q?lFcmakennp2Gim6+XHHHsB9xYLemFSURzdq9ZeD?= =?us-ascii?Q?B9P86Cht2JYHFWzwqRoDBijnXXrqNyoqoT8ZzA?= To: YOU X-Entity-ID: 9lSHIkbT6zlRbLVGE2Fjuw== X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 23 Sep 2021 04:10:16 -0600 (CST) for IP:'149.72.37.212' DOMAIN:'wrqvnrdq.outbound-mail.sendgrid.net' HELO:'wrqvnrdq.outbound-mail.sendgrid.net' FROM:'impsec.org@em2834.vis.org.au' RCPT:'' X-Greylist: Delayed for 01:00:09 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 23 Sep 2021 04:10:16 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 18NAAAq9038173 X-Spam-Prev-Subject: Pierre's Gift Status: R X-Status: X-Keywords: X-UID: 298 Content-Length: 2290 Greetings to you and your family. This email will come to you as too good to be true! In a million years, I never thought I would do something like this. My Name is Pierre Omidyar, Below is a Link of me and what i do. http://url8565.vis.org.au/ls/click?upn=-2FLzyn5Z9QiCVbemTMWl7bWgFCCNJxPVbUpYPhDWsFcTiJtrCidQGI24h7zkGEGSsznn6n5Gy0lH1tIbBogC11g-3D-3DONZM_QsxengIMvvAmZyNSVs-2Fv-2FnKn5fwBZzhc-2BYB8Tg9JUNUUED-2F-2FmDLZRAcacEC2-2BxxgHVJRZmItMOVRkYCJtGEdnVGLlkFkJfJ1X86LWyOkMTnp2nw3yROC1XkG-2FO2kDn0cbYokMZjURlH-2FSCMkZPLXP20the3XE6XBRCbccCeb-2FkxMzDCE9zEvYek-2F3VCJjhfs9ZX8FScKr8SyKov2UsgEnA-3D-3D I have been giving my wealth away for a while now to various charities and causes I really care about but recently I had an epiphany and I realized I need to be more personal with my giving. I want to touch ordinary people in a way that has never been done before. http://url8565.vis.org.au/ls/click?upn=-2FLzyn5Z9QiCVbemTMWl7bW0E9D7Gk7Fo05xRWHNSk6GT9M7ydDJjFNVuxlwItfFpx-2FcXrM5W8d-2BsBHse-2BfWbSOdEMlaSX3j1uDDNf6rzvwpVkjl4AU4IxNpoiwy78g1JDH0nwQuhqBv2j7-2BvYTczWghXlQ5LyXOaLUAupDh-2BqcA-3DJPAy_QsxengIMvvAmZyNSVs-2Fv-2FnKn5fwBZzhc-2BYB8Tg9JUNUUED-2F-2FmDLZRAcacEC2-2Bxxgr5TeX0I9hfSUvbyI6-2FZvnMvjpBRXEB1DPwBgY-2Fi-2BtzOrESrPWEURTzXbSY0jm9kBhOhCrOc-2BwmVaIxuU22S3FRH52qEJoRlwfcjxEUynrs2bDshX-2BuOnxZMzzkiWnEbz9U46Soen5YWzu9mcaWeyLw-3D-3D http://url8565.vis.org.au/ls/click?upn=-2FLzyn5Z9QiCVbemTMWl7baTkVmAIjzxsyU2-2BGeba9qmyex-2BNf56Hp7YKRv8Gm41bvl-2BLfBjaejbz2PnPTdp-2FAN9YhIgNd6So32t-2FLujLqKAptv2p-2BH9GcJbmMxfLFIuKg6AV_QsxengIMvvAmZyNSVs-2Fv-2FnKn5fwBZzhc-2BYB8Tg9JUNUUED-2F-2FmDLZRAcacEC2-2BxxglwjSQvTfbC-2FPxiUayHu-2BYUcKoy6KCkh9uxbJpguZMGjuxusnulUPba0MZ4yDUrxK-2Bh9XOY1tPDWn4keZI57UVO6kO29-2F8cjkELwTu7DT9UE8TPvjAmnUU3VQoa4VeTbDlM48GwtfFnGiMQjibrTyGw-3D-3D So I decided I was going to contact 20 people via their email address which I paid for from a Marketing Firm. If you receive this email, I am giving you $1.9 Million. Thinking about it again, I must be crazy to do something like this but crazy is what made me who I am today so lets go for it! All you have to do is reply to this email with your full names and you will be paid $1.9 Million. This is my personal journey to self-fulfilment, I hope you accept this special gift from me and my family. Pierre Omidyar From dolgin@tyachiv.com Thu Sep 23 19:28:52 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=29.0 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,CTE_8BIT_MISMATCH, FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MISSING_HEADERS, MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP,MONEY_NOHTML, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_BL_SPAMCOP_NET,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_NONE,TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 2.5 MONEY_NOHTML Lots of money in plain text * 0.0 FROM_MISSPACED From: missing whitespace * 2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: UA XX Received: from dell.tyachiv.com (198-222.users.khust.com [195.95.222.198] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18O1SgWf012502 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 23 Sep 2021 19:28:52 -0600 Message-Id: <202109240128.18O1SgWf012502@ga.impsec.org> Received: from User (unknown [103.155.81.85]) (Authenticated sender: dolgin) by dell.tyachiv.com (Postfix) with ESMTPA id 296DC422CF; Fri, 24 Sep 2021 00:48:43 +0300 (EEST) Reply-To: From: "'Mission humanitaire et sociales'" Subject: [SPAM] Re : Bonjour, Date: Thu, 23 Sep 2021 14:48:51 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 23 Sep 2021 19:28:52 -0600 (CST) for IP:'195.95.222.198' DOMAIN:'[195.95.222.198]' HELO:'dell.tyachiv.com' FROM:'dolgin@tyachiv.com' RCPT:'' X-Greylist: Delayed for 02:34:18 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 23 Sep 2021 19:28:52 -0600 (CST) X-Spam-Prev-Subject: Re : Bonjour, Status: R X-Status: X-Keywords: X-UID: 299 Content-Length: 2192 Re : Bonjour, Mon nom est Mr Jacques Michel Laville. Je suis dsol de vous contacter de cette manire, je n'ai pas l'habitude de contacter les personnes de cette faon, le temps ne me laisse pas le choix car je n'ai pas longtemps vivre mais je souhaiterais que vous preniez le temps de lire mon message, afin de prendre la bonne dcision. Je sais que mon message va vous paratre quelque peu insolite, mais ayez confiance car je suis une personne honnte. Je voudrais que vous y prtiez une attention particulire car le grand Humaniste Raoul Follereau nous a enseign que nul n'a le droit d'tre Heureux tout seul Je suis de nationalit Franaise. J'ai rsid il y a quelques annes au Qubec, en Turquie, puis en Libye ou j'ai fait fortune dans des affaires florissantes que j'ai entreprises dans le domaine caf, du fer et dans le textile. Ce qui m'a permis de bnficier d'importants fonds valus ce jour somme de 25.500.000 d'Euros. En effet, je m'appelle Jacques Michel Laville, Franais (Courbevoie Hauts-de-Seine) rsident au Canada. Je suis propritaire dune entreprise dimportation du Coton et du Fer, Je nai pas eu la chance dans ma vie, car jai perdu mon pouse ainsi que nos 2 enfants lors dun accident Bristol en Angleterre, je fus beaucoup affect et je nai pas pu me remarier ce jour. Je souffre malheureusement d'un terrible cancer la Gorge qui est en Phase terminale, c'est--dire que je suis condamn une mort sre et certaine. Mon mdecin traitant m'a inform que mes jours sont compts du fait de mon tat de sant dgrad. Or ma situation est telle que je suis veuf et sans enfants. C'est pour cela que je voudrais de faon gracieuse et dans le souci d'aider les dmunis, vous lguer ces fonds afin de vous permettre d'difier une Fondation qui portera mon nom. Je vous prie de bien vouloir accepter cette offre pour ne pas que mes Avoirs deviennent systmatiquement la proprit du gouvernement Franais. Ds rception de mon message, Veuillez prendre contact avec mon notaire par courriel pour de plus amples informations. Matre Arthur Catheau Email: maitre_arthur.catheau@yahoo.com Que Dieu Vous Bnisse Cordialement, Jacques Laville From accdeptfedminagric66@gmail.com Wed Sep 29 11:37:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,DEAR_FRIEND,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORM_FRAUD_5,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, HK_SCAM,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MONEY_FORM_SHORT,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,MSGID_FROM_MTA_HEADER,NML_ADSP_CUSTOM_MED, RCVD_IN_MSPIKE_H2,RCVD_IN_PSBL,RCVD_IN_SBL,RCVD_IN_VALIDITY_RPBL, SPF_HELO_FAIL,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, SPOOF_GMAIL_MID,TVD_PH_SEC,T_FILL_THIS_FORM_SHORT,T_MONEY_PERCENT, URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7433] * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [77.247.110.21 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [64.250.88.250 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [64.250.88.250 listed in bl.score.senderscore.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [64.250.88.250 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [accdeptfedminagric66[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [accdeptfedminagric66[at]gmail.com] * 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=helo;id=jatheon.emt.ca;ip=64.250.88.250;r=ga.impsec.org] * 0.1 TVD_PH_SEC BODY: Message includes a phrase commonly used in * phishing mails * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.6 URG_BIZ Contains urgent matter * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 HK_SCAM No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.9 SPOOFED_FREEMAIL No description available. * 0.6 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 2.4 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 1.0 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.1 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: CA XX Received: from jatheon.emt.ca (mx01.t.88.iasl.com [64.250.88.250]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18THbSBq011508 for ; Wed, 29 Sep 2021 11:37:37 -0600 Message-Id: <202109291737.18THbSBq011508@ga.impsec.org> Received: from [77.247.110.21] (unknown [77.247.110.21]) by jatheon.emt.ca (Postfix) with ESMTP id 306525DD865; Sat, 11 Sep 2021 14:18:41 -0400 (EDT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Matter Of Trust..!!!!!!CA To: Recipients From: "Dr.Ken Obiorah" Date: Sat, 11 Sep 2021 20:18:37 +0200 Reply-To: drkobiorah@yahoo.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 29 Sep 2021 11:37:37 -0600 (CST) for IP:'64.250.88.250' DOMAIN:'mx01.t.88.iasl.com' HELO:'jatheon.emt.ca' FROM:'accdeptfedminagric66@gmail.com' RCPT:'' X-Greylist: Delayed for 40:15:30 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 29 Sep 2021 11:37:37 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 18THbSBq011508 X-Spam-Prev-Subject: Matter Of Trust..!!!!!!CA Status: R X-Status: X-Keywords: X-UID: 300 Content-Length: 3692 Federal Ministry of Agriculture and Natural Resources. Federal capital territory Office. complex block A,area 11 P.M.B.135 Garki Abuja.Fct Dear Friend It is with trust and confidence that i write to make this urgent business proposal to you. I was assigned by two of my colleague to seek for a foreign partner who will assist us in providing a convenient foreign account in any designated bank abroad for the transfer of us$52,750,000.00 pending on our arrival in your country for utilization and disbursement with the owner of the account. This amount results from a deliberate inflation of the value of a contract awarded by our ministry, the Federal Ministry of Agriculture (F.M.A)to an expatriate company.the contract has been executed and payment made to the original contractor, remaining the over-invoiced amount of us$52.750 million, which we want to transfer the funds out the country in our favour for disbursement among ourselves. The transfer of this money can only be possible with the help of a foreigner who will be presented as the beneficiary of the fund. As government officials, we are not allowed to operate foreign accounts, and this is the reason why we decided to contact you. We have agreed that if you/your company can act as the beneficiary of this fund (us$52,750,000.00 million)15% of the total sum will be for you for providing the account while 85% will be reserved for us. We hereby solicit for your assistance in providing a convenient account number in a designated bank abroad where this fund would be transferred. We intend coming over there on the completion of this transfer to secure our own share of the money. Please note that we have been careful and have made all arrangements towards the success and smooth transfer of the fund to your account before you. For security reasons and confidentiality of this transaction, we demand that you should not expose this proposal and the entire transaction to anybody. We are putting so much trust in you with the hope that you would not betray us or sit on this money when it is finally transferred into your account. Be rest assured that this transaction is 100% risk free. If this proposal is acceptable to you,indicate your interest by sending a email to us including your bank name & address, account number,telephone number. Note: our president Muhammadu Buhari collaborated with Ibrahim Magu as the new EFCC chairman, Economic Financial Crime Commission, Mr.Ibrahim Magu to stop the junior ranks officers from transferring funds out of the country. He sent different Cublication to many countries in the world as propaganda to discourage all government Officials from transferring funds into an overseas account to avoid and save guides the countries economy. Apparently, so that other government officials will not benefits from these( oil windfalls venture) where he has been a culprit alone with his aides. More details about this transaction will be given to you as soon as we receive your positive respond. Note that the particular nature of your company's business is irrelevant to this transaction. if this transaction interests you, your urgent response will be appreciated. In addition, there are some faceless beings in my country that are making use of top government official names to swindle money from innocent citizens and that includes my name. You can confirm by searching the name of our Central Bank of Nigeria Governor; you will see that his name is part of the scam list meanwhile we are innocent officials completely unaware of the situation happening. Yours faithfully, Dr.Ken Obiorah Private E-mail:drkennethobiorah2@yahoo.com Cellphone: +234-81-0920-6368 From ebarrio@cultura.gba.gob.ar Thu Sep 30 15:37:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=15.0 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HTML_MESSAGE,LOTS_OF_MONEY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO, RCVD_IN_MSPIKE_H2,RELAY_COUNTRY_AR,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9994] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9994] * 0.5 RELAY_COUNTRY_AR Relayed via Argentina * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [170.155.9.222 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [maviswan142[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails X-Spam-Relay-Country: AR ** ** ** ** ** Received: from mail.cultura.gba.gob.ar (mail.cultura.gba.gob.ar [170.155.9.222]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 18ULbiJh008151 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 30 Sep 2021 15:37:53 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.cultura.gba.gob.ar (Postfix) with ESMTP id 95BBA20786EF8; Tue, 28 Sep 2021 11:59:14 -0300 (-03) Received: from mail.cultura.gba.gob.ar ([127.0.0.1]) by localhost (mail.cultura.gba.gob.ar [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BPl898rVtCDq; Tue, 28 Sep 2021 11:59:14 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mail.cultura.gba.gob.ar (Postfix) with ESMTP id 964BF206BF57F; Tue, 28 Sep 2021 10:19:21 -0300 (-03) X-Virus-Scanned: amavisd-new at cultura.gba.gob.ar Received: from mail.cultura.gba.gob.ar ([127.0.0.1]) by localhost (mail.cultura.gba.gob.ar [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3vZRa_KotfPI; Tue, 28 Sep 2021 10:19:21 -0300 (-03) Received: from mail.cultura.gba.gob.ar (mail.cultura.gba.gob.ar [10.2.253.20]) by mail.cultura.gba.gob.ar (Postfix) with ESMTP id 01076206A9A78; Tue, 28 Sep 2021 08:33:22 -0300 (-03) Date: Tue, 28 Sep 2021 08:33:22 -0300 (ART) From: mavis Reply-To: MAVIS WANCZYK Message-ID: <2102725256.21969.1632828802921.JavaMail.zimbra@cultura.gba.gob.ar> Subject: [SPAM] I have a donation of $ 4.8 Million for you MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_9b279bfb-88e9-45bf-a6f1-cd01034f12b6" Thread-Index: BBLwxh0oVW2Qs00ZFpo3zT6h6EmYww== Thread-Topic: I have a donation of $ 4.8 Million for you X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 30 Sep 2021 15:37:53 -0600 (CST) for IP:'170.155.9.222' DOMAIN:'mail.cultura.gba.gob.ar' HELO:'mail.cultura.gba.gob.ar' FROM:'ebarrio@cultura.gba.gob.ar' RCPT:'' X-Greylist: Delayed for 44:58:47 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 30 Sep 2021 15:37:53 -0600 (CST) X-Spam-Prev-Subject: I have a donation of $ 4.8 Million for you Status: R X-Status: X-Keywords: X-UID: 301 --=_9b279bfb-88e9-45bf-a6f1-cd01034f12b6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hello, I have a donation of $ 4.8 Million for you. I won the America lottery, valued at $ 758.700 million, and I'm donating a portion to charities in memory of my late wife who died of cancer. Contact me via (maviswan044@gmail.com) for more information. --=_9b279bfb-88e9-45bf-a6f1-cd01034f12b6 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit



Hello, I have a donation of $ 4.8 Million for you. I won the America lottery, valued at $ 758.700 million, and I'm donating a portion to charities in memory of my late wife who died of cancer. Contact me via (maviswan044@gmail.com) for more information.
--=_9b279bfb-88e9-45bf-a6f1-cd01034f12b6-- From jhardin@impsec.org Sat Oct 2 07:34:19 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 94856 invoked by uid 99); 2 Oct 2021 07:41:25 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 02 Oct 2021 07:41:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 80D4B1FF4EF for ; Sat, 2 Oct 2021 07:41:24 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.582 X-Spam-Level: **** X-Spam-Status: No, score=4.582 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_4_NEW_MONEY=0.007, LOTS_OF_MONEY=0.001, MISSING_MID=0.14, MONEY_FRAUD_5=2.434, RCVD_IN_BL_SPAMCOP_NET=2, SPF_PASS=-0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id QFfNTXv0fJal for ; Sat, 2 Oct 2021 07:41:24 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=210.189.85.37; helo=mxsv03.wadax.ne.jp; envelope-from=milkclub@ghouse.jp; receiver= Received: from mxsv03.wadax.ne.jp (mxsv03.wadax.ne.jp [210.189.85.37]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTP id 11EC27E89B for ; Sat, 2 Oct 2021 07:41:24 +0000 (UTC) Received: from sv27.wadax.ne.jp (sv27.wadax.ne.jp [211.133.134.77]) by mxsv03.wadax.ne.jp (Postfix) with ESMTP id 2C267416E4F0 for ; Sat, 2 Oct 2021 16:35:21 +0900 (JST) Received: (qmail 2551 invoked by uid 101); 2 Oct 2021 16:34:22 +0900 Received: from unknown (HELO info.54xpti1o15rurlhs03whlwys2c.mx.internal.cloudapp.net) (milkclub@ghouse.jp@40.74.137.18) by 0 with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Oct 2021 16:34:21 +0900 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Thanks For Your Reply... To: Recipients From: "Ms. Reem Al-Hashimi" Date: Sat, 02 Oct 2021 07:34:19 +0000 Reply-To: remmhashimi@kakao.com Status: X-Status: X-Keywords: X-UID: 302 Content-Length: 1440 Hello Sir/Ma, My name is Reem E. A, the Emirates Minister of State and Managing Director = of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing= to you to stand as my partner to receive my share of gratification from fo= reign companies whom I helped during the bidding exercise towards the Dubai= World Expo 2020 Committee and also i want to use this funds to assist Coro= navirus Symptoms and Causes. I"m serving as a minister, there is a limit to my personal income and inves= tment level and For this reason, I cannot receive such a huge sum back to = my country or my personal account, so an agreement was reached with the for= eign companies to direct the gratifications to an open beneficiary account = with a financial institution where it will be possible for me to instruct f= urther transfer of the fund to a third party account for investment purpose= which is the reason i contacted you to receive the fund as my partner for = investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. If you can handle the fund in a good investment.Reply to: reeninvestor111@k= akao.com Regards, Reem From jhardin@impsec.org Sun Oct 3 07:24:19 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 87050 invoked by uid 99); 3 Oct 2021 07:32:53 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Oct 2021 07:32:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 086D31FF422 for ; Sun, 3 Oct 2021 07:32:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.442 X-Spam-Level: **** X-Spam-Status: No, score=4.442 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_4_NEW_MONEY=0.007, LOTS_OF_MONEY=0.001, MONEY_FRAUD_5=2.434, RCVD_IN_BL_SPAMCOP_NET=2, SPF_PASS=-0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id kvk-jdMRel_f for ; Sun, 3 Oct 2021 07:32:52 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=103.141.96.19; helo=sv10658.xserver.jp; envelope-from=contact@japanacsa.com; receiver= Received: from sv10658.xserver.jp (sv10658.xserver.jp [103.141.96.19]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 2BFD1BD3EC for ; Sun, 3 Oct 2021 07:32:52 +0000 (UTC) Received: from virusgw10001.xserver.jp (virusgw10001.xserver.jp [183.181.92.8]) by sv10658.xserver.jp (Postfix) with ESMTP id 96D86186EC344F; Sun, 3 Oct 2021 16:24:25 +0900 (JST) Received: from sv10658.xserver.jp (103.141.96.19) by virusgw10001.xserver.jp (F-Secure/fsigk_smtp/521/virusgw10001.xserver.jp); Sun, 03 Oct 2021 16:24:25 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/521/virusgw10001.xserver.jp) Received: from info.54xpti1o15rurlhs03whlwys2c.mx.internal.cloudapp.net (unknown [40.74.137.18]) by sv10658.xserver.jp (Postfix) with ESMTPSA id 0A197186EC345E; Sun, 3 Oct 2021 16:24:24 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Thanks For Your Reply... To: Recipients From: "Ms. Reem Al-Hashimi" Date: Sun, 03 Oct 2021 07:24:19 +0000 Reply-To: remmhashimi@kakao.com Message-Id: <20211003072424.0A197186EC345E@sv10658.xserver.jp> Status: X-Status: X-Keywords: X-UID: 303 Content-Length: 1440 Hello Sir/Ma, My name is Reem E. A, the Emirates Minister of State and Managing Director = of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing= to you to stand as my partner to receive my share of gratification from fo= reign companies whom I helped during the bidding exercise towards the Dubai= World Expo 2020 Committee and also i want to use this funds to assist Coro= navirus Symptoms and Causes. I"m serving as a minister, there is a limit to my personal income and inves= tment level and For this reason, I cannot receive such a huge sum back to = my country or my personal account, so an agreement was reached with the for= eign companies to direct the gratifications to an open beneficiary account = with a financial institution where it will be possible for me to instruct f= urther transfer of the fund to a third party account for investment purpose= which is the reason i contacted you to receive the fund as my partner for = investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. If you can handle the fund in a good investment.Reply to: reeninvestor111@k= akao.com Regards, Reem From asaldanar1900@alumno.ipn.mx Wed Oct 6 15:18:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 196MI2e7025326 for ; Wed, 6 Oct 2021 15:18:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****** X-Spam-Status: Yes, score=6.0 required=5.0 tests=BAYES_99,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9932] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [40.107.212.114 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [40.107.212.114 listed in wl.mailspike.net] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [ewynn284[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: US US ** Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 06 Oct 2021 15:18:02 -0700 (PDT) Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam07on2114.outbound.protection.outlook.com [40.107.212.114]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 196MF3AU037179 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 6 Oct 2021 16:15:08 -0600 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Eps7g7q2mZuvI9tKeV2IXk/UASmZfsCDn2wX8YJYmebYLW4fUijC36QlZs6/gvDPvyg/q3i7SQQSmUZb9YQe3AUpKpiu42FliNpOS7YN3iYuVwKT1rkubiwxpznWDTjrE4LbKJG/yMBPHbX6Nsm/TItB8ZPgkRFAAW+AbFDdZVAGj1QW8F3SMD6d+eUlI/IhXV+VPU0OROb9F2mYp+dUhec5j02iDB+7Holwsd5eIui5mzcv2jvbkrg94RyH9aSevCO9A9/J9EVM5LupuE9EOBVgH/9GJHzKGDaBAVtRPTEI29lsy7syDXDIiYP2NZLi/O7tmwW+eJkAk+vFF66PtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5uSzPSsW9avzEzN+hgqBxXjGN8Bz+I5kaguSrDvgFa8=; b=bxNH1EWdNkunINYA403WsSebnBijhVyb2dPhxYwboW/Gf017GfR7okwnLicE8nq/z0tcosfDiLMo5sSQYkCHIzzcXOXDnnsWreSx1irpHEEfBnsMDiC22xcZz7eNzPng68IctCJNckFVm7zhUvDAGqzhvmg1DyrWJHKiqAilZ9G7iOSwtYxnmaVjUpzY+35Oz9A47OmNvTUY9i5AUG5/ftg6lsTij0xAi1Y6Swm0LYSeftqNF7fBymJceoxseE7g18v95dSJMMXLVkSMk8SZr4DgstuYM6J861pv7vmhFwkoxtlHBNudt4XUnmQpLMlOlvCWA+FukJvE338RrqBLsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=alumno.ipn.mx; dmarc=pass action=none header.from=alumno.ipn.mx; dkim=pass header.d=alumno.ipn.mx; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=correoipn.onmicrosoft.com; s=selector2-correoipn-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5uSzPSsW9avzEzN+hgqBxXjGN8Bz+I5kaguSrDvgFa8=; b=lx8GySnxaBGsPi70vtotHSZ/mJvpyI7yWBih+RdKBMI5hRKXeS36xElCs9i2+lDF7RR1ouOzix6T4tRk8oZgUXwnmru9g0liZ/N7N7K4WeCVfZc+W6//CEMIeuAhvLT99KOC0RmhMjqGmDdDjyZ8EQ6AB0Hp80I1JdGB3Wk41Dc= Received: from SN2PR03MB2221.namprd03.prod.outlook.com (2603:10b6:804:c::24) by SN6PR03MB4590.namprd03.prod.outlook.com (2603:10b6:805:fe::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.19; Wed, 6 Oct 2021 22:14:49 +0000 Received: from SN2PR03MB2221.namprd03.prod.outlook.com ([fe80::6121:57:b8e1:3bd7]) by SN2PR03MB2221.namprd03.prod.outlook.com ([fe80::6121:57:b8e1:3bd7%5]) with mapi id 15.20.4587.019; Wed, 6 Oct 2021 22:14:49 +0000 From: Akari Arisbeth Saldana Ramirez To: Avisos del Administrador Subject: [SPAM] Re: Info Thread-Topic: Info Thread-Index: AdepI0Vst34kJdEpXkiLDzM643vuoASHBxuwAAAAiNAAAAA7UAAAAEMAAAAAXJAAAAF7AAAAAJ1gAAAAtTAAAAA/0AAAAdLAAAAAQAAAAAECUAAAAEygAAAAa1AAAABjMAAAANBQAAABF0AAAABrIAAAAEUwAAAAWoAAAABlcAAAAF4gAAAAXjAAAADygAAAAElAAAAAUfAAAABScAAAAGDAAAAAVkAAAABWwAAAAKugAAAA2aAAAABZkAAAAGDgAAAAYjAAAABhsAAAAxTwAAAAV3AAAABq8AAAAG+gAAAD0bA= Date: Wed, 6 Oct 2021 22:14:49 +0000 Message-ID: Reply-To: "ewynn284@gmail.com" Accept-Language: es-ES, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: correo.ipn.mx; dkim=none (message not signed) header.d=none;correo.ipn.mx; dmarc=none action=none header.from=alumno.ipn.mx; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 874123ed-6070-482b-a34b-08d98916b695 x-ms-traffictypediagnostic: SN6PR03MB4590: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7Ojd6qDFR1iYWxMJRvRfvwUgvTq3qj6mnI2H2S9rCc+YX2UnrBbQLR73ldCtsLv5kKAw4pLbOgXpFQpXj77z4goqgK+bUNZwgn3GJ5DvYgpKH1TKhiPcGmVFij/qIOw3ZNioX2dIw+l2U/N6sMhWJrCme8yXW9wh3S5D0/W2ucPMQTuwBD/aokIKS1lOdK2fnl0/qYs3vW1gZbkuCKc/bqKHAtlo49EVdg05QAG9xiX60vYXwaSTPlIqlOYZU09ribYyfmSXVhljGpZ4ensFD5RQ5B4iW2wPFLdL70ZtNiSmrKz8gsteLfktGZg1TZ+2HDKxaxYudT2W/5LKuaqMYKzs0Is8aEgtQ33GuVKK/o8P3u2tq0t2UPb3Ewfz6YWB4FwjQJ09LotNtGXoQ5bXOv6QkTX6/e/6kfIVxZE9wYPLEe5olfDvG2DnwSBYqc5WdtRP+Dl4W3nqhpwrO5eA29q1bnkXCuQIZx2Mpbf7bv5qItiT/EfGfBTk7NEa26P6zb3Va6507D19pZ0jHrPBZqDvw/lQT493JKboPWLp6o2oCuCix+ldMh3W7Hc5yuXVp0oYUWOKA6V23A9l4mTt2iSz2cnprXt/tVzziqTx3ZhRcJ8V84H32W0otqcXeYty914RFHGm+lhDGwi1TjFd/sHhNzIV44YqlnurxSKjDeA2zk86w7jjra6V+3IdTMRVEocqcTGzP+1KzLj/wNONT95h9tdsdEwZ5Tfjz7756lw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN2PR03MB2221.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(4744005)(508600001)(122000001)(55016002)(83380400001)(71200400001)(7416002)(38100700002)(316002)(786003)(86362001)(76116006)(66946007)(8796002)(33656002)(66806009)(66476007)(5660300002)(7116003)(7366002)(7406005)(7336002)(2906002)(64756008)(66446008)(66556008)(38070700005)(52536014)(2860700004)(186003)(6506007)(7696005)(6862004)(8676002)(3480700007)(9686003)(26005)(8936002)(340484016);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?w05EKCvk7qTVFE8/BgUyKLydEmdBNOJ6QWDxG0XHPvp7tmRewGnkniUUwv?= =?iso-8859-1?Q?wDjkKFaazy5wnprcNbF4f1ouPYtEFVbH4ATXBWgCu2kGrAMvHfQJzsh/B6?= =?iso-8859-1?Q?wma2Mo6Aybre8xd+vQRBoQB5bquNF9GfGd5tNe2VLOe9E45BZ0ElifWIZ4?= =?iso-8859-1?Q?xIhLHV1967NWD8CzVCzXOTC6B2cbW7f7BpcaBLhxdnuSKqmrx28HneAw7M?= =?iso-8859-1?Q?dRenKHjtHEWtJ0cK2+GurqJcebVr11fqqpru96q5Ve3Wpb4+8KhorYOTc9?= =?iso-8859-1?Q?mJaWqgs5bvPqfSvCMiw2cf8V5bYc+7tXp78r6AoDg+VwAm29+dTv0WXbdi?= =?iso-8859-1?Q?XOyhjvArSwoR8zLLjkJyiZU2J0UnGEtVpqR2IQt/Ko/fugLNphr3IpSvBH?= =?iso-8859-1?Q?pdCNk4JX8Rotr0A3Rx53KTJvzMT4gba6hOcQH31PvwbNGQHXvY6KC8UlQG?= =?iso-8859-1?Q?0nohhn7SUoxZEOIQmH1Zx390z3lP5VaOQ9LNbtZ0JcQxyK1uF3oY3DOPJO?= =?iso-8859-1?Q?qeuGLFuX8wjTVS5dJtQNaAmjGuFrHZpwDa/4HbVWfgVW6gORaSTCCilI0P?= =?iso-8859-1?Q?8o75EdAennKFxp9CMOj2UORYVFT9DQXn15LDh/ypiGPZwBABBf4hA0J9qq?= =?iso-8859-1?Q?A4VfAHVxXKl66Wfk49HOLTgLwFz2FJ8seL5Vv8GYQU8MNZJ+qfaiyOXK7V?= =?iso-8859-1?Q?nZYOSJpN9VgeJlTAIu6m9AGlRoORSRutjftTXVK/4dFVqoJthLlaAteeV7?= =?iso-8859-1?Q?k4VYkOYpSiB17jXDSVp48bDBFxK1vrNt4e5AXk73PtgAjS8mqbTNxDdCyV?= =?iso-8859-1?Q?OtMuJjT2wpNjgqEcypeyGFtcxOqC7GQPXSNRRDgIz2RVTKN41pjaqUf7v9?= =?iso-8859-1?Q?pLGA3j7+DcIkakoDgg0SPFPgoFH4Lq6u1kr1Vjo3cZejW8yE2v1zfIsS45?= =?iso-8859-1?Q?ZGI5JCRb5bnitpSbA5t2PLlbnntj1Rs8xUNpToBgMOmjb2xyGcs7EiA4cL?= =?iso-8859-1?Q?znz5ESEOa9V1M9ouw3orysT7DhJVVMhdcDSlNkvgHm7QImE+oRJrbcX70a?= =?iso-8859-1?Q?sY6+K6+W8ujwDrgeQNw4FNsVSRFNSPVaCZHtGiqCUVUJvQW2fQMQd3cWQW?= =?iso-8859-1?Q?nxHPW3MWEdXZLRXp8HbM9a11wl2HbUG7Bn+4AF22C06/xzaRBtN4jbux/q?= =?iso-8859-1?Q?IFIpSmEVyUT0GSpSlIFrlRfFplNT51aDvZhpC5lwjEIlOZQ2xmv/UokDX4?= =?iso-8859-1?Q?knSWYjMxrTcqJkjNIWacbXHemQrfDLWsFNniXyX2JeQvcMEO/4GHAQGMFK?= =?iso-8859-1?Q?630EHpBnK2Fe7UJUyxDONoJ3y8unuEe+tY4v0ZSq+WwfmnA=3D?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 X-OriginatorOrg: alumno.ipn.mx X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN2PR03MB2221.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 874123ed-6070-482b-a34b-08d98916b695 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2021 22:14:49.1873 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f94bf4d9-8097-4794-adf6-a5466ca28563 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zqztHaE4GPNKMcd/mRbwxn2vr8ORQiI02DTFOQenPOOrVGqmWxOmE9JL69OsDlIRVJDrSPi4Xeug8g6CICNsU5SFCHtqBLTixnAT9YDk7I0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR03MB4590 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Oct 2021 16:15:08 -0600 (CST) for IP:'40.107.212.114' DOMAIN:'mail-bn1nam07on2114.outbound.protection.outlook.com' HELO:'NAM02-BN1-obe.outbound.protection.outlook.com' FROM:'asaldanar1900@alumno.ipn.mx' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 06 Oct 2021 16:15:08 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 196MF3AU037179 X-Spam-Prev-Subject: Re: Info Status: R X-Status: X-Keywords: X-UID: 304 Good day I am Mrs. Elaine Wynn, a divorce and an American billionaire businesswoman, philanthropist, and art collector. I have recently been diagnosed with Colorectal cancer and a rare heart disease, which has defiled all medical treatment. The intention of this email is to employ the expertise of a Charity minded individual, who can identify a viable and guarantee reasonable distribution of my wealth to the needy. I cannot rely on family and closest relatives anymore, as they did not show responsible behavior when I entrusted part of my wealth to them to distribute to charitable organizations but instead, they used the money for their personal needs. If you are interested do get back to me, so I can provide you with further details. Thanks, and stay blessed Mrs. Elaine Wynn From Lorraine@us.org Thu Oct 7 22:42:22 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.1 required=5.0 tests=ADVANCE_FEE_5_NEW,BAYES_95, FREEMAIL_FORGED_REPLYTO,HK_NAME_MR_MRS,MSGID_FROM_MTA_HEADER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RDNS_NONE, SPF_HELO_NONE,SPF_NONE,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9896] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [202.169.252.210 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [202.169.252.210 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.6 URG_BIZ Contains urgent matter * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 HK_NAME_MR_MRS No description available. * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.3 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) X-Spam-Relay-Country: ID ID Received: from helpdesk.blueline.co.id ([202.169.252.210]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1984gBVN006016 for ; Thu, 7 Oct 2021 22:42:22 -0600 Message-Id: <202110080442.1984gBVN006016@ga.impsec.org> Received: from [193.142.59.138] (unknown [202.169.244.65]) by helpdesk.blueline.co.id (Postfix) with ESMTP id D87AF20F9EA6; Thu, 7 Oct 2021 23:19:22 +0800 (CIT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Greetings from Lorraine Wirangee, To: Recipients From: "Miss. Lorraine" Date: Thu, 07 Oct 2021 08:19:04 -0700 Reply-To: lorrainewirengee@yahoo.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 07 Oct 2021 22:42:22 -0600 (CST) for IP:'202.169.252.210' DOMAIN:'[202.169.252.210]' HELO:'helpdesk.blueline.co.id' FROM:'Lorraine@us.org' RCPT:'' X-Greylist: Delayed for 09:41:31 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 07 Oct 2021 22:42:22 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1984gBVN006016 X-Spam-Prev-Subject: Greetings from Lorraine Wirangee, Status: R X-Status: X-Keywords: X-UID: 305 My name is Lorraine Wirangee; I am a 24 years old female from Romania.I seek for your assistance to be my partner and adviser for an investment in your country, money that I inherited from my late mother I wish to relocate to your country and I will give you more details after I hear from you. I await your urgent reply and May God bless you. Lorraine Wirangee. From jhardin@impsec.org Sat Oct 9 06:14:04 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 39268 invoked by uid 99); 9 Oct 2021 06:47:29 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Oct 2021 06:47:29 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 59DA2BFB7E for ; Sat, 9 Oct 2021 06:47:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 4.709 X-Spam-Level: **** X-Spam-Status: No, score=4.709 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_4_NEW_MONEY=0.095, LOTS_OF_MONEY=0.001, MONEY_FRAUD_5=2.611, RCVD_IN_BL_SPAMCOP_NET=2, SPF_NONE=0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id U_TH1anhpjKw for ; Sat, 9 Oct 2021 06:47:29 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=202.254.236.151; helo=sv5150.xserver.jp; envelope-from=delivery@boo-craft.com; receiver= Received: from sv5150.xserver.jp (sv5150.xserver.jp [202.254.236.151]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id B25047E8B2 for ; Sat, 9 Oct 2021 06:47:28 +0000 (UTC) Received: from virusgw5001.xserver.jp (virusgw5001.xserver.jp [202.254.236.243]) by sv5150.xserver.jp (Postfix) with ESMTP id ED6A018414486D; Sat, 9 Oct 2021 15:14:13 +0900 (JST) Received: from sv5150.xserver.jp (202.254.236.151) by virusgw5001.xserver.jp (F-Secure/fsigk_smtp/521/virusgw5001.xserver.jp); Sat, 09 Oct 2021 15:14:13 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/521/virusgw5001.xserver.jp) Received: from info.reqfvs5rfzuedea5ldkk4hpcxg.lx.internal.cloudapp.net (unknown [20.89.58.29]) by sv5150.xserver.jp (Postfix) with ESMTPSA id 86DCC18D90A6D4; Sat, 9 Oct 2021 15:14:07 +0900 (JST) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: My Transaction To: Recipients From: "Ms. Reem Hashimi" Date: Sat, 09 Oct 2021 06:14:04 +0000 Reply-To: remmhashimi@kakao.com Message-Id: <20211009061407.86DCC18D90A6D4@sv5150.xserver.jp> Status: X-Status: X-Keywords: X-UID: 306 Content-Length: 1440 Hello Sir/Ma, My name is Reem E. A, the Emirates Minister of State and Managing Director = of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing= to you to stand as my partner to receive my share of gratification from fo= reign companies whom I helped during the bidding exercise towards the Dubai= World Expo 2020 Committee and also i want to use this funds to assist Coro= navirus Symptoms and Causes. I"m serving as a minister, there is a limit to my personal income and inves= tment level and For this reason, I cannot receive such a huge sum back to = my country or my personal account, so an agreement was reached with the for= eign companies to direct the gratifications to an open beneficiary account = with a financial institution where it will be possible for me to instruct f= urther transfer of the fund to a third party account for investment purpose= which is the reason i contacted you to receive the fund as my partner for = investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. If you can handle the fund in a good investment.Reply to: reeninvestor111@k= akao.com Regards, Reem From mailer@bmwusa.com Sat Oct 9 11:57:08 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.0 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BIGNUM_EMAILS_FREEM,DEAR_BENEFICIARY,FORM_FRAUD_5, FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY,LOTTO_AGENT, MAY_BE_FORGED,MIME_HTML_ONLY,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, RCVD_IN_VALIDITY_RPBL,SPF_HELO_NONE,SPF_SOFTFAIL, T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9983] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [142.93.32.46 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 3.0 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.2 BIGNUM_EMAILS_FREEM Lots of email addresses/leads, free email * account * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.5 LOTTO_AGENT Claims Agent * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 2.8 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: CA ** Received: from bizcloud-server1.klemsdopioputars.net (bizcloud-server1.klemsdopioputars.net [142.93.32.46] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 199Husmj028823 for ; Sat, 9 Oct 2021 11:57:08 -0600 Received: from bmwusa.com (bizcloud-server1.klemsdopioputars.net [IPv6:::1]) by bizcloud-server1.klemsdopioputars.net (Postfix) with ESMTP id 675B77F8AA1 for ; Sat, 9 Oct 2021 08:39:07 +0000 (UTC) Reply-To: bmwofficeinfo@mail2consultant.com From: BMW To: jhardin@impsec.org Subject: [SPAM] You've made it! Date: 09 Oct 2021 03:45:21 -0500 Message-ID: <20211009034521.84357C703C98AC7F@bmwusa.com> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 09 Oct 2021 11:57:08 -0600 (CST) for IP:'142.93.32.46' DOMAIN:'[142.93.32.46]' HELO:'bizcloud-server1.klemsdopioputars.net' FROM:'mailer@bmwusa.com' RCPT:'' X-Greylist: Delayed for 08:22:29 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 09 Oct 2021 11:57:08 -0600 (CST) X-Spam-Prev-Subject: You've made it! Status: R X-Status: X-Keywords: X-UID: 307 Content-Length: 2719

BMW ofa North America, LLC
300 Chestnut Ridge Road.
Woodcliff Lake=
NJ 07677-7731, USA.

NOTE: If you received this message in your S= PAM/BULK folder, that is because there are restrictions implemented by your= Internet Service Provider, we urge that you treat it genuinely.

Dear Beneficiary (jhardin@impsec.org)

This is to inform you that you have been automatically selected by our rand= om Computerized Email Selection System as a beneficiary of our ongoing prom= otional program winning you the prize of a brand new BMW 7 Series Car and a= Check of $1.5 million.

Description of prize vehicle;
Model: BMW = X7 xDrive40i All Wheel Drive SUV
Body: SUV
HWY: 24 MPG
City: 19 M= PG
Exterior: Mineral White Metallic
Interior: Cognac
Engine: 3.0L= Straight 6-Cyl Engine
Trans: Automatic.

The selection process, carried out by our Computerized Email Selection = System for verifiably random results to follow through with the Promotional= Marketing code which ensures that prizes are awarded following the laws of= chance. The raffle draw random email selection process was initiated with = a database of over 250,000 email addresses drawn from the internet, with yo= ur email(jhardin@impsec.org) selected as the number 7th winner.

The BMW Promotional Marketing Lottery Program is authorized and supported b= y the International Chamber of Commerce(ICC), also Licensed by the Internat= ional Association of Gaming Regulators (IAGR).

Winners case file ref= erence registration number is assigned to a specific fiduciary claims offic= er. For more information as regards certifying the claims process of your p= rize, kindly be advised to contact your assigned fiduciary officer with det= ails seen below.

Name: Stefan Richmann
Email: bmwofficeinfo@m= ail2consultant.com

Contact your assigned fiduciary officer by pr= oviding him with your Reg. pin code Number: 0011185003/25

To certify= your claims, fill out the requested identifiable information:

Name:=
Address :
Nationality :
DOB :
Phone :
Drivers license numbe= r:
Reg pin code Number: 0011185003/25

Initiation of case file authorization process for clearance would only comm= ence upon confirmation of the above requested identifiable information.
=
Congratulations! To You, from all our staffs.


Regards,
Be= rnhard Kuhnt
CEO and President
BMW of North America
BMW GROUP
U= nited States of America
©2021

From support@netflash.net Mon Oct 11 22:24:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 19C5O1Is003009 for ; Mon, 11 Oct 2021 22:24:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******** X-Spam-Status: Yes, score=8.7 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,HK_NAME_MR_MRS,HTML_MESSAGE,LOTS_OF_MONEY,MILLION_USD, MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,RCVD_IN_DNSWL_LOW,SPF_FAIL, SPF_HELO_NONE,T_MONEY_PERCENT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9972] * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, * low trust * [195.3.96.119 listed in list.dnswl.org] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=support%40netflash.net;ip=195.3.96.119;r=ga.impsec.org] * 2.0 MILLION_USD BODY: Talks about millions of dollars * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.1 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required * MIME headers * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: AT ** AT Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Mon, 11 Oct 2021 22:24:02 -0700 (PDT) Received: from smtpout-fallback.aon.at (smtpout-fallback.aon.at [195.3.96.119]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19C5NFHT045637 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 11 Oct 2021 23:23:19 -0600 Received: (qmail 18173 invoked from network); 12 Oct 2021 05:16:35 -0000 Received: from unknown (HELO smtpout.aon.at) ([172.18.1.202]) (envelope-sender ) by fallback44.highway.telekom.at (qmail-ldap-1.03) with SMTP for ; 12 Oct 2021 05:16:35 -0000 X-A1Mail-Track-Id: 1634015795:18172:fallback44:172.18.1.202:1 Received: (qmail 32551 invoked from network); 12 Oct 2021 05:16:15 -0000 Received: from 90-152-138-79.static.highway.a1.net (HELO WIN-IDQV31UJJAE) ([90.152.138.79]) (envelope-sender ) by smarthub82.res.a1.net (qmail-ldap-1.03) with SMTP for ; 12 Oct 2021 05:16:13 -0000 X-A1Mail-Track-Id: 1634007850:27411:smarthub82:90.152.138.79:2996 From: "Mrs. Grace Briggs Affleck" Subject: [SPAM] From Mrs. Grace Briggs To: Content-Type: text/html; charset=utf-8 Reply-To: Date: Mon, 11 Oct 2021 22:16:13 -0700 Message-Id: <111320211016227C88E3CB9C-DFD3AA3660@netflash.net> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 11 Oct 2021 23:23:20 -0600 (CST) for IP:'195.3.96.119' DOMAIN:'smtpout-fallback.aon.at' HELO:'smtpout-fallback.aon.at' FROM:'support@netflash.net' RCPT:'' X-Greylist: Delayed for 00:06:31 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 11 Oct 2021 23:23:20 -0600 (CST) X-Spam-Prev-Subject: From Mrs. Grace Briggs MIME-Version: 1.0 Status: R X-Status: X-Keywords: X-UID: 308 Content-Length: 2239 From Mrs. Grace Briggs

  Hello Dear,

I am Mrs. Grace Briggs Affleck from the UNITED KINGDOM,was married to late Mr Affleck , but am now a widow, I am currently in London with my only daughter  Stephanie lewis , she is 11  years of age,  I am writing to ask for your help to please accept my child in the name of God and help me to raise her up, I grew up as an orphan and now a widow, I have nobody to help take care of her because I was recently diagnosed cancer and I have only two months to live, I don’ t want her to suffer again because she has suffered a lot ever since the death of her father and my illness, we have the sum of 7m$ (SEVEN MILLION UNITED STATES DOLLARS ) in one of the banks in UNITED STATES OF AMERICA ,which we inherited from her late father (my husband) We are willing to transfer the ownership of the money to your name while you help my daughter to come over to your country to continue her education, and take care of her needs until she grows up and be able to take care of herself, she is a lovely child and I don’t want her to suffer anymore, my husband people abandoned us and confiscated all my husband properties in the states, and even planned to kills us due to their greed, we are hiding here in United Kingdom and I don’t want anything to happen to my beloved child, please help me adopt her as your own child and give her the best in life, please do that and God will bless you and your family, We are willing to offer you the 20% of the total money I told you about if you help me to adopt my child and train her for me.
Like I said before, I have only two months to live due to this cancer illness.
Please help us.

Send your reply to us
Thanks for your help
Yours I am Mrs. Grace Briggs Affleck

From jhardin@impsec.org Wed Oct 13 14:25:30 2021 +0300 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 68986 invoked by uid 99); 13 Oct 2021 11:25:32 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Oct 2021 11:25:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id A52151FF4E9 for ; Wed, 13 Oct 2021 11:25:31 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 3.397 X-Spam-Level: *** X-Spam-Status: No, score=3.397 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_REPLYTO_END_DIGIT=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNDISC_FREEM=3.099] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 3YghPRhJMW4E for ; Wed, 13 Oct 2021 11:25:31 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.219.195; helo=mail-yb1-f195.google.com; envelope-from=jacobbarney32@gmail.com; receiver= Received: from mail-yb1-f195.google.com (mail-yb1-f195.google.com [209.85.219.195]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id E9243BD864 for ; Wed, 13 Oct 2021 11:25:30 +0000 (UTC) Received: by mail-yb1-f195.google.com with SMTP id z5so5603765ybj.2 for ; Wed, 13 Oct 2021 04:25:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=Up0euE0T7PDAvcflpiaUZY3A6bcvHprIyA15lwDbsnE=; b=Uxhi+tJF5JsN+t3zBjBP4ElazEFiR8J/sL4zMoKHxvHqrFqoZYE29tKkEFiXN2FgQH n9fpP6LvbEXx2bFKPpdc97EgT6eIy2pWArDup7AI10GN6n5Vz82OwhOeuXtGAIyjPOxy VfNWG309AbcFR4hvBTTIqSfmM0N0Eq1GU4kdg/rkfRjseuv4d8jC1tgfbMO3veMxzujp l/OYEeDCvX3OkraEEApSnE31aN4dfkLIrxI6JEvkrV1G+l2Qqelul5lBtOKYe7ocScCI 15gctydIHRZajnQIWr632uCb/dZaLMWs9aDPtewJxF69llM+t4c6hgjfZj4GMnJOzqCb kKLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=Up0euE0T7PDAvcflpiaUZY3A6bcvHprIyA15lwDbsnE=; b=q3W34EjEcBAZArIdvUWNigi9LEc+ehmNWx+KJ3XFmufE/PzWyq6pmKbAcU+cwbR9KB NTLV+c0yLnqmXohK8Dt6jGRBM4ouZVGI1XSKcSUdvkqRvlRQjXtv+fKjA9I7uFn6ah2U so+cZ6KHO3rVveifCnEZ/V99PtNpOsRgUAnW6Z9b5Odcd3Cy04hG0NXqdjurbs4fd4dk IpicjXSf3zqF0l2WH9+cNluWkJDzry0vb6l6hb0embYEoCB34QVCFY/x/PVsARbBwSyY HhoZ9W0Ps7KEH0YmYapoPr+qg4HAEWZ2M0eQnI9ivbpePpQGF+wLVkUBvJ5wOpjR5mGM LPyg== X-Gm-Message-State: AOAM533NQJzAWaFF0CdrZgDpy3gduAyZA6BejQls1caU+FH6gAwVCcYB F6BWXqC2G9jYMbsWiuAklhkDjXxnHLNWoIYRuwc= X-Google-Smtp-Source: ABdhPJw3PFbBnZ8OBPiPoy6gPFL9XYsQO/hMwlJ7m+sLroVfo9zd/z1Bdh8rJkawY3SUgj+rL/1wWmK4qWVp1QCVB3Y= X-Received: by 2002:a25:2e0a:: with SMTP id u10mr34923097ybu.374.1634124330519; Wed, 13 Oct 2021 04:25:30 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:7000:6642:0:0:0:0 with HTTP; Wed, 13 Oct 2021 04:25:30 -0700 (PDT) Reply-To: lydiawright836@gmail.com From: LYDIA WRIGHT Date: Wed, 13 Oct 2021 14:25:30 +0300 Message-ID: Subject: Hello friend To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Status: X-Status: X-Keywords: X-UID: 309 Greetings dear, I intend to donate funds to a charity in your country with your help... Please respond for additional information here. (lydiawright836@gmail.com),if you are interested. regards Mrs. Lydia A. Wright Akron, Ohio, U.S.A From abdussamadabdullahi29@gmail.com Wed Oct 13 08:07:34 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.9 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,DEAR_SOMETHING,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LOTS_OF_MONEY, MILLION_USD,MONEY_ATM_CARD,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, TVD_PH_BODY_META,T_FILL_THIS_FORM_SHORT,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.222.43 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.222.43 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [abdussamadabdullahi29[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [alkasimunadi221[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [abdussamadabdullahi29[at]gmail.com] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 2.0 MILLION_USD BODY: Talks about millions of dollars * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 TVD_PH_BODY_META No description available. * 3.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.6 MONEY_ATM_CARD Lots of money on an ATM card * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 2.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-ua1-f43.google.com (mail-ua1-f43.google.com [209.85.222.43]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19DE7UZF004854 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 13 Oct 2021 08:07:34 -0600 Received: by mail-ua1-f43.google.com with SMTP id 64so4667846uab.12 for ; Wed, 13 Oct 2021 07:07:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=uXiwUEg8ziDW6jXfBLE12iad1/vKFnitVYIKDJCB9n4=; b=OsGt3jUQMBqz8yajSvP6jwySsGfX2SM5dz5BBsSWTGdgOJadBQDeULM7sjvZUelyhF +WblvZHyfOfBQGfBmZHUf40UGIG41eGX8jOnIFH1/dMY9v+cA3l21riVNqlpEFXufdkE WLFlQx+6g8u2BYx+qFMFTFeuYJULnKUZYWeTk1KfZAQL0K12+p8+sNJFTxfPThsk20o4 Gezirn2S1+Fv2del7qH3BH+Yue7hMo2gHj4ZsmKUIRw+CXfZjHvbjk5OKnoqoc3CjgN4 snA8O4GoyjiWDH01ThnAYRwpBFfwitsUYI2VQSlx46p0XVjjyw9Sm4w5sOZsq8mQotf3 tjMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=uXiwUEg8ziDW6jXfBLE12iad1/vKFnitVYIKDJCB9n4=; b=o+/jYawXRrvGl7wsdYE5ht5em5TUMSHPGs1r1Aq0r8KNWEGYlibWMyiFrOK4Uv1Wxv 1fUN7OjhTRyoBWqDtXPW8To33dnkifjUUTCPVV3WgyxYhfbN0av8Lz+DLAi3gpqD9m/m lbOwEPR1ITHh5sKxM55U+mNxMAzmAraXifA1CU9+sjbny+T1K2DeB6f1uo9aVfLA4uBs OjLqkfpu5pRRRiF+6v2309W+BYjQPg8u4XOUCE03QkCQCCZZsKr/5gXkr7Px0/BMUI9T tcY0B3nY5KRkRPvSpgt8fYhrQ3tAYXphn8uDcQz8W92V+YOvEPui8HqzTVnt6Ax5nZKd ASsA== X-Gm-Message-State: AOAM5306lCk0kUxU2qAyrXUCKM8QcEseSpgtSANrxoYSW4lW7llInUZT mhHp+QnG7c5vXrlN6BcvGmzD9NwYyE9GWef4IMs= X-Google-Smtp-Source: ABdhPJw6Un1+qt8UlOb0vOfcsKpnDsNzIpVrhl3DirIbwhqF0QqxCa/lMM1198EP63betFUHYBYfY7FJSzWxG+/zDsQ= X-Received: by 2002:a05:6102:3910:: with SMTP id e16mr13573345vsu.16.1634134049369; Wed, 13 Oct 2021 07:07:29 -0700 (PDT) MIME-Version: 1.0 Reply-To: alkasimunadi221@gmail.com From: abdussamad abdullahi Date: Wed, 13 Oct 2021 15:06:55 +0100 Message-ID: Subject: [SPAM] Dear Sir/Ma, To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="00000000000087343605ce3c7b39" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 13 Oct 2021 08:07:34 -0600 (CST) for IP:'209.85.222.43' DOMAIN:'mail-ua1-f43.google.com' HELO:'mail-ua1-f43.google.com' FROM:'abdussamadabdullahi29@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 13 Oct 2021 08:07:34 -0600 (CST) X-Spam-Prev-Subject: Dear Sir/Ma, Status: R X-Status: X-Keywords: X-UID: 310 Content-Length: 5869 --00000000000087343605ce3c7b39 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable --=20 Dear Sir/Ma, This is to inform you of a very important information which will be of a great help to redeem you from all the difficulties you have been experiencing in getting your long overdue payment due to excessive demand for money from you by both corrupt Bank officials and Courier Companies after which your fund remain unpaid to you. I am Mrs.Kristalina Georgieva, Managing Director (MD) of the International Monetary Fund (IMF). It may interest you to know that reports have reached our office by so many correspondences on the uneasy way which people like you are treated by Various Banks and Courier Companies Diplomat(s) across Europe to Africa and Asia London UK, and we have decided to put a stop to that and that is why I was appointed to handle your transaction here in Washington, DC 20431, USA. All Governmental and Non-Governmental prostates, NGO's, Finance Companies, Banks, Security Companies and Diplomat(s) which have been in contact with you of late have been instructed to back off from your transaction and you have been advised NOT to respond to them anymore since the I.M.F Head Office is now directly in charge of your payment $15,000,000.00 USD (Fifteen Million United State Dollars) You are hereby advised NOT to remit further payment to any institutions with respect to your transaction as your fund will be transferred to you directly from our source. I hope this is clear. Any action contrary to this instruction is at your own risk. kindly send the follow details for the release of your fund to you okay 1.YOUR FULL NAME=E2=80=A6 2.YOUR HOME PHONE NUMBER=E2=80=A6 3.YOUR OFFICE NUMBER=E2=80=A6 4.ADDRESS WERE YOU WANT THEM TO SEND YOUR ATM CARD=E2=80=A6 5.(P.O BOX NUMBER/ADDRESS)=E2=80=A6 6.YOUR AGE/GENDER=E2=80=A6 7.YOUR CURRENT OCCUPATION=E2=80=A6 Yours Faithfully, Regards, --00000000000087343605ce3c7b39 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


--
Dear Sir/Ma,

This is to info= rm you of a very important information which will be
of a great help to redeem you from all the difficulties y= ou have been
experiencing in gettin= g your long overdue payment due to excessive
demand for money from you by both corrupt Bank officials and Cour= ier
Companies after which your fund= remain unpaid to you.

I am Mrs.Kristalina Georgieva, Managing Di= rector (MD) of the International
Mo= netary Fund (IMF). It may interest you to know that reports have
reached our office by so many correspondences= on the uneasy way which
people lik= e you are treated by Various Banks and Courier Companies
Diplomat(s) across Europe to Africa and Asia London U= K, and we have
decided to put a sto= p to that and that is why I was appointed to
handle your transaction here in Washington, DC 20431, USA.
<= div style=3D"color:rgb(34,34,34)">
All Governmental and Non-Governmental prostates, NGO's, Finance
Companies, Banks, Security Companies a= nd Diplomat(s) which have been
in c= ontact with you of late have been instructed to back off from your
transaction and you have been advised NOT t= o respond to them anymore
since the= I.M.F Head Office is now directly in charge of your payment
$15,000,000.00 USD (Fifteen Million United State = Dollars)

You are hereby advised NOT to remit further payment to a= ny
institutions with respect to you= r transaction as your fund will be
= transferred to you directly from our source. I hope this is clear. Any
action contrary to this instruction is = at your own risk.

kindly send the follow details for the release = of your fund to you okay=C2=A0

=
1.YOUR FULL NAME=E2=80=A6
2.YOUR HOME PHONE NUMBER=E2=80=A6
3.YOUR OFFICE NUMBER=E2=80=A6
4.ADDRESS WERE YOU WANT THEM TO SEND YOUR ATM CAR= D=E2=80=A6
5.(P.O BOX NUMBER/ADDRES= S)=E2=80=A6
6.YOUR AGE/GENDER=E2=80= =A6
7.YOUR CURRENT OCCUPATION=E2=80= =A6


Yours Faithfully= ,
Regards,
--00000000000087343605ce3c7b39-- From gustavo@globalrelay.net Sat Oct 16 05:45:25 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************************** X-Spam-Status: Yes, score=28.2 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_PSBL,RCVD_IN_SBL_CSS, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [102.89.3.245 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU XX Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19GBjIJi043302 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 16 Oct 2021 05:45:25 -0600 Message-Id: <202110161145.19GBjIJi043302@ga.impsec.org> Received: from [192.168.8.103] (unknown [102.89.3.245]) by mx.er33.ru (Postfix) with ESMTPSA id E6E5120AFB2; Fri, 15 Oct 2021 12:34:02 +0300 (MSK) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News To: Recipients From: "Jonathan Hugo" Date: Fri, 15 Oct 2021 10:33:55 +0100 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 16 Oct 2021 05:45:25 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: Delayed for 01:30:41 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 16 Oct 2021 05:45:25 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19GBjIJi043302 X-Spam-Prev-Subject: Good News Status: R X-Status: X-Keywords: X-UID: 311 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From gustavo@globalrelay.net Sun Oct 17 03:23:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19H9MtGV031406 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 17 Oct 2021 03:23:01 -0600 Message-Id: <202110170923.19H9MtGV031406@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id E0CB9302CDC; Sat, 16 Oct 2021 22:25:26 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Sun, 17 Oct 2021 03:25:24 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 03:23:01 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 03:23:01 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19H9MtGV031406 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 312 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From alessandrahorto@agerio.com.br Sun Oct 17 10:34:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.5 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_95,DEAR_FRIEND,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS, LOTS_OF_MONEY,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,RELAY_COUNTRY_BR, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE,TEQF_USR_POLITE, USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9652] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 1.0 TEQF_USR_POLITE To and from user nearly same + polite greeting * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.3 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: BR ** ** ** ** Received: from mail.agerio.com.br (mail3.agerio.com.br [177.47.113.51]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19HGYtZb012870 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 17 Oct 2021 10:34:59 -0600 Received: from mimosa.agerio.com.br (unknown [192.168.252.10]) by mail.agerio.com.br (Postfix) with ESMTP id 0BF9B614CC; Sun, 17 Oct 2021 11:55:03 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=agerio.com.br; s=default; t=1634482507; bh=2q31gy4k5R/DJs0eL5OO6ZbeJWvdQ44vutGSP4M3piU=; h=Subject:To:From:Date:Reply-To:From; b=PjKGFLiMxdyJPcP9dk1Zgk9KGl3UwWwwwSMkWzxthpAqPVsAsNsjBhk8gv5MxviNR /6uGuUP1NzRAR2Sjzf9E8h5uyBXZw/lH0VMYvlhpiS9Ipe0N7EUaBGu6FeExoBFyqa fcoAOqhElnS77qmJmW+hmcBhkgB8a1yraFWcVB940Zw1s8bLru5qGdXREgxb+t3mxN UEDkJjvOB7kSALln3O7fCrZiCS1/RJX8qRc69m8MzXHmhqFP3K4IiAdlqP3EiuyRdU QLTVL7P0mYjLDLAoGtlAyp5DNmsHbMkdIwkOfxBMlFZWlyfwW+7x/pz9n8tMuvXvAf 77MrS7EqcOHvQ== Received: from localhost (localhost [127.0.0.1]) by mimosa.agerio.com.br (Postfix) with ESMTP id 1FB16B2B342; Sun, 17 Oct 2021 11:52:47 -0300 (-03) X-Virus-Scanned: amavisd-new at mimosa.agerio.com.br Received: from mimosa.agerio.com.br ([127.0.0.1]) by localhost (mimosa.agerio.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1gUTiS4qVEWt; Sun, 17 Oct 2021 11:52:46 -0300 (-03) Received: from info.14p54xjy1kgu5m1lxoc4mq0acd.mx.internal.cloudapp.net (unknown [192.168.252.8]) by mimosa.agerio.com.br (Postfix) with ESMTPS id 7DA10B2B0C0; Sun, 17 Oct 2021 11:52:40 -0300 (-03) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Investment fund.. To: Recipients From: "Ms. Reem E.A" Date: Sun, 17 Oct 2021 14:52:31 +0000 Reply-To: reem2018@daum.net Message-Id: <20211017145240.7DA10B2B0C0@mimosa.agerio.com.br> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 10:34:59 -0600 (CST) for IP:'177.47.113.51' DOMAIN:'mail3.agerio.com.br' HELO:'mail.agerio.com.br' FROM:'alessandrahorto@agerio.com.br' RCPT:'' X-Greylist: Delayed for 00:58:15 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 10:34:59 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19HGYtZb012870 X-Spam-Prev-Subject: Investment fund.. Status: R X-Status: X-Keywords: X-UID: 313 Content-Length: 1539 Dear Friend, Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is however, valued at Euro €47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment. REPLY TO: reem.alhashimi@yandex.com FOR MORE DETAILS My Profile: https://www.zu.ac.ae/leadership2008/hashemi.html Regards, Ms. Reem. From alessandrahorto@agerio.com.br Sun Oct 17 10:36:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.3 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_95,DEAR_FRIEND,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS,LOTS_OF_MONEY, MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,RELAY_COUNTRY_BR,REPTO_419_FRAUD, SPF_HELO_NONE,SPF_NONE,TEQF_USR_POLITE,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9652] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 TEQF_USR_POLITE To and from user nearly same + polite greeting * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.3 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: BR ** ** ** ** Received: from mail.agerio.com.br (mail3.agerio.com.br [177.47.113.51]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19HGZvCL012899 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 17 Oct 2021 10:36:01 -0600 Received: from mimosa.agerio.com.br (unknown [192.168.252.10]) by mail.agerio.com.br (Postfix) with ESMTP id 921196219C; Sun, 17 Oct 2021 11:55:07 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mimosa.agerio.com.br (Postfix) with ESMTP id 22AADB2B4AA; Sun, 17 Oct 2021 11:53:06 -0300 (-03) X-Virus-Scanned: amavisd-new at mimosa.agerio.com.br Received: from mimosa.agerio.com.br ([127.0.0.1]) by localhost (mimosa.agerio.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mSVPPNVmxZT; Sun, 17 Oct 2021 11:53:05 -0300 (-03) Received: from info.14p54xjy1kgu5m1lxoc4mq0acd.mx.internal.cloudapp.net (unknown [192.168.252.8]) by mimosa.agerio.com.br (Postfix) with ESMTPS id E71CEB2B30B; Sun, 17 Oct 2021 11:52:59 -0300 (-03) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Investment fund.. To: Recipients From: "Ms. Reem E.A" Date: Sun, 17 Oct 2021 14:52:51 +0000 Reply-To: reem2018@daum.net Message-Id: <20211017145259.E71CEB2B30B@mimosa.agerio.com.br> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 10:36:02 -0600 (CST) for IP:'177.47.113.51' DOMAIN:'mail3.agerio.com.br' HELO:'mail.agerio.com.br' FROM:'alessandrahorto@agerio.com.br' RCPT:'' X-Greylist: Delayed for 00:58:49 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 10:36:02 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19HGZvCL012899 X-Spam-Prev-Subject: Investment fund.. Status: R X-Status: X-Keywords: X-UID: 314 Content-Length: 1539 Dear Friend, Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is however, valued at Euro €47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment. REPLY TO: reem.alhashimi@yandex.com FOR MORE DETAILS My Profile: https://www.zu.ac.ae/leadership2008/hashemi.html Regards, Ms. Reem. From alessandrahorto@agerio.com.br Sun Oct 17 06:15:41 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.6 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_95,DEAR_FRIEND,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS,LOTS_OF_MONEY, MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,RCVD_IN_BL_SPAMCOP_NET, RELAY_COUNTRY_BR,REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NONE, TEQF_USR_POLITE,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9652] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_BR Relayed via Brazil * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 TEQF_USR_POLITE To and from user nearly same + polite greeting * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 2.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.3 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: BR ** ** ** ** Received: from mail.agerio.com.br (mail3.agerio.com.br [177.47.113.51]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19HCFbbg042651 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 17 Oct 2021 06:15:41 -0600 Received: from mimosa.agerio.com.br (unknown [192.168.252.10]) by mail.agerio.com.br (Postfix) with ESMTP id B38A26113F; Sun, 17 Oct 2021 08:12:16 -0300 (-03) Received: from localhost (localhost [127.0.0.1]) by mimosa.agerio.com.br (Postfix) with ESMTP id D3A70B2873E; Sun, 17 Oct 2021 08:10:11 -0300 (-03) X-Virus-Scanned: amavisd-new at mimosa.agerio.com.br Received: from mimosa.agerio.com.br ([127.0.0.1]) by localhost (mimosa.agerio.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QevhduB0wy2t; Sun, 17 Oct 2021 08:10:11 -0300 (-03) Received: from info.14p54xjy1kgu5m1lxoc4mq0acd.mx.internal.cloudapp.net (unknown [192.168.252.8]) by mimosa.agerio.com.br (Postfix) with ESMTPS id BCC3DB285BB; Sun, 17 Oct 2021 08:10:05 -0300 (-03) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Investment fund.. To: Recipients From: "Ms. Reem E.A" Date: Sun, 17 Oct 2021 11:09:57 +0000 Reply-To: reem2018@daum.net Message-Id: <20211017111005.BCC3DB285BB@mimosa.agerio.com.br> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 06:15:41 -0600 (CST) for IP:'177.47.113.51' DOMAIN:'mail3.agerio.com.br' HELO:'mail.agerio.com.br' FROM:'alessandrahorto@agerio.com.br' RCPT:'' X-Greylist: Delayed for 00:46:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 06:15:41 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19HCFbbg042651 X-Spam-Prev-Subject: Investment fund.. Status: R X-Status: X-Keywords: X-UID: 315 Content-Length: 1539 Dear Friend, Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is however, valued at Euro €47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment. REPLY TO: reem.alhashimi@yandex.com FOR MORE DETAILS My Profile: https://www.zu.ac.ae/leadership2008/hashemi.html Regards, Ms. Reem. From jhardin@impsec.org Sun Oct 17 20:25:07 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 49783 invoked by uid 99); 17 Oct 2021 23:53:40 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Oct 2021 23:53:40 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 3522CBFB78 for ; Sun, 17 Oct 2021 23:53:40 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 4.707 X-Spam-Level: **** X-Spam-Status: No, score=4.707 tagged_above=-999 required=6.31 tests=[ADVANCE_FEE_4_NEW_MONEY=0.095, LOTS_OF_MONEY=0.001, MONEY_FRAUD_5=2.611, RCVD_IN_BL_SPAMCOP_NET=2, SPF_PASS=-0.001, XFER_LOTSA_MONEY=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id phRgeEpBUWqG for ; Sun, 17 Oct 2021 23:53:39 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=200.123.0.224; helo=mx01.soc.gtdperu.pe; envelope-from=datosabiertos@munisanisidro.gob.pe; receiver= Received: from MX01.soc.gtdperu.pe (mx01.soc.gtdperu.pe [200.123.0.224]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 72A317E8D7 for ; Sun, 17 Oct 2021 23:53:39 +0000 (UTC) Received: from mail.munisanisidro.gob.pe (correo.munisanisidro.gob.pe [200.123.25.211]) by MX01.soc.gtdperu.pe with ESMTP id 19HNrWSg019649-19HNrWSi019649 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 17 Oct 2021 18:53:32 -0500 Received: from info.54xpti1o15rurlhs03whlwys2c.mx.internal.cloudapp.net (unknown [40.74.137.18]) (Authenticated sender: datosabiertos) by mail.munisanisidro.gob.pe (Postfix) with ESMTPSA id 9CC6A4B48EEB; Sun, 17 Oct 2021 15:25:22 -0500 (-05) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Thanks For Understanding To: Recipients From: "Ms. Reem Al-Hashimi" Date: Sun, 17 Oct 2021 20:25:07 +0000 Reply-To: remmhashimi@kakao.com Message-Id: <20211017202524.9CC6A4B48EEB@mail.munisanisidro.gob.pe> X-MSI-MailScanner-Information: Please contact the ISP for more information X-MSI-MailScanner-ID: 9CC6A4B48EEB.A27A3 X-MSI-MailScanner: Found to be clean X-MSI-MailScanner-From: datosabiertos@munisanisidro.gob.pe Status: X-Status: X-Keywords: X-UID: 316 Content-Length: 1436 Hello Sir/Ma, My name is Reem E. A, the Emirates Minister of State and Managing Director = of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing= to you to stand as my partner to receive my share of gratification from fo= reign companies whom I helped during the bidding exercise towards the Dubai= World Expo 2020 Committee and also i want to use this funds to assist Coro= navirus Symptoms and Causes. I"m serving as a minister, there is a limit to my personal income and inves= tment level and For this reason, I cannot receive such a huge sum back to = my country or my personal account, so an agreement was reached with the for= eign companies to direct the gratifications to an open beneficiary account = with a financial institution where it will be possible for me to instruct f= urther transfer of the fund to a third party account for investment purpose= which is the reason i contacted you to receive the fund as my partner for = investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution wai= ting my instruction for further transfer to a destination account as soon a= s I have your information indicating interest to receive and invest the fun= d, I will compensate you with 30% of the total amount and you will also get= benefit from the investment. If you can handle the fund in a good investment.Reply to: remmhashimi@kakao= .com Regards, Reem From jhardin@impsec.org Mon Oct 18 14:54:02 2021 +0000 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 83923 invoked by uid 99); 18 Oct 2021 14:54:15 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Oct 2021 14:54:14 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 506DE1FF4DE for ; Mon, 18 Oct 2021 14:54:14 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 4.202 X-Spam-Level: **** X-Spam-Status: No, score=4.202 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=0.3, MISSING_SUBJECT=1.767, RCVD_IN_HOSTKARMA_BL=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=cqxcompany.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id mxXMM5rlMCp3 for ; Mon, 18 Oct 2021 14:54:13 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=167.172.86.26; helo=mail0.cqxcompany.com; envelope-from=sales@cqxcompany.com; receiver= Received: from mail0.cqxcompany.com (mail0.cqxcompany.com [167.172.86.26]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 732977E8DF for ; Mon, 18 Oct 2021 14:54:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=cqxcompany.com; h=Reply-To:From:To:Date:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; i=sales@cqxcompany.com; bh=84JpFv/9rM5DkWWnvrRD6Ne3vIgiZNKmxSW8sKdmsww=; b=zZXP/goGFdRbpYtuHI9/hKuRaJ48gu0SpceIl8hg+chaUb7J5wO8T6V8rzWvi3tkGlxETF17/2Uj JqlBtqw2gfO+VEknJM3a9Uw9Wy/FdtId1Js62lclfiqC/lx8jh0Detix4tNcdKcILVofFnfUn67T odRfyW9JuAIMaUzeWTs= Reply-To: majialfutt@gmail.com From: Majid Al Futtaim To: users@spamassassin.apache.org Date: 18 Oct 2021 14:54:02 +0000 Message-ID: <20211018145402.0491EC6CB59F1E2F@cqxcompany.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable Status: X-Status: X-Keywords: X-UID: 317 Hello Friend, You have been awarded a donation, reply for more details. Majid Al Futtaim. From gustavo@globalrelay.net Sun Oct 17 15:32:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19HLWDU8034084 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 17 Oct 2021 15:32:17 -0600 Message-Id: <202110172132.19HLWDU8034084@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 9BF4C2AAB66; Sat, 16 Oct 2021 21:59:18 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Sun, 17 Oct 2021 02:59:16 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 15:32:17 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 15:32:17 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19HLWDU8034084 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 318 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From bulgaria@photomate.eu Sun Oct 17 17:02:18 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.6 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,DEAR_FRIEND,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY, MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,MSGID_FROM_MTA_HEADER, REPTO_419_FRAUD,SPF_HELO_NONE,SPF_NEUTRAL,TEQF_USR_POLITE, XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9997] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9997] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [reem2018[at]daum.net] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.0 TEQF_USR_POLITE To and from user nearly same + polite greeting * 2.4 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 1.3 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: CZ CZ Received: from brain.mindsystem.cz (brain.mindsystem.cz [81.0.237.147]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 19HN2DBE040581 for ; Sun, 17 Oct 2021 17:02:18 -0600 Message-Id: <202110172302.19HN2DBE040581@ga.impsec.org> Received: (qmail 19837 invoked by uid 1068); 16 Oct 2021 23:11:49 -0000 Received: from brain.mindsystem.cz (HELO info.14p54xjy1kgu5m1lxoc4mq0acd.mx.internal.cloudapp.net) (81.0.237.147) by brain.mindsystem.cz with SMTP; 16 Oct 2021 23:11:49 -0000 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Investment fund.. To: Recipients From: "Ms. Reem E.A" Date: Sat, 16 Oct 2021 23:11:36 +0000 Reply-To: reem2018@daum.net X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 17:02:18 -0600 (CST) for IP:'81.0.237.147' DOMAIN:'brain.mindsystem.cz' HELO:'brain.mindsystem.cz' FROM:'bulgaria@photomate.eu' RCPT:'' X-Greylist: Delayed for 20:27:01 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 17 Oct 2021 17:02:18 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19HN2DBE040581 X-Spam-Prev-Subject: Investment fund.. Status: R X-Status: X-Keywords: X-UID: 319 Content-Length: 1539 Dear Friend, Good day to you. Apparently this email will be coming to you as a surprise since we have not met before now. My name is Reem E. Al-Hashimi, the Emirates Minister of State for international cooperation and Managing Director of United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing you to know if your would be willing to receive and invest a huge sum on my behalf. This fund is my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020. Am a single Arab women and serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or in my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is however, valued at Euro €47,745,533.00 Million Euro and the financial institution is waiting for my instruction to transfer the funds to any designated account. I have decided to compensate you with 30% of the total amount and you will also get benefit from the investment. REPLY TO: reem.alhashimi@yandex.com FOR MORE DETAILS My Profile: https://www.zu.ac.ae/leadership2008/hashemi.html Regards, Ms. Reem. From gustavo@globalrelay.net Mon Oct 18 01:12:57 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.0 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL, RELAY_COUNTRY_RU,SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [102.89.1.241 listed in zen.spamhaus.org] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU XX Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19I7Co9T030345 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 18 Oct 2021 01:12:57 -0600 Message-Id: <202110180712.19I7Co9T030345@ga.impsec.org> Received: from [192.168.8.103] (unknown [102.89.1.241]) by mx.er33.ru (Postfix) with ESMTPSA id 9DCB718249E; Thu, 14 Oct 2021 22:10:30 +0300 (MSK) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News To: Recipients From: "Jonathan Hugo" Date: Thu, 14 Oct 2021 20:10:23 +0100 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Oct 2021 01:12:57 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Oct 2021 01:12:57 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19I7Co9T030345 X-Spam-Prev-Subject: Good News Status: R X-Status: X-Keywords: X-UID: 320 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From quincyseguros33@wellfare.cloudns.cx Mon Oct 18 16:25:54 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.4 required=5.0 tests=ADVANCE_FEE_5_NEW,BAYES_50, DKIM_INVALID,DKIM_SIGNED,FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_SCAM,LOCALPART_IN_SUBJECT, PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE,PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE, SPF_HELO_PASS,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5973] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 1.1 LOCALPART_IN_SUBJECT Local part of To: address appears in * Subject * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [martinamayer903[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 2.0 HK_SCAM No description available. * 1.5 PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE To: name matches everything in * local email - LCASE headers * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.0 PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE Forged replyto and * __PDS_TONAME_EQ_TOLOCAL * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 1.7 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian * 419) * 2.8 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: GR Received: from service.cloudns.cc (o16789115x47.service.cloudns.cc [92.118.231.107]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19IMPplK025708 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 18 Oct 2021 16:25:54 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=wellfare.cloudns.cx; h=Message-Id:Mime-Version:From:To:Reply-To:Subject:Date:Content-type: Content-transfer-encoding; i=quincyseguros33@wellfare.cloudns.cx; bh=AaT8IealN3Dnm6Ieb3eIBWVhby9t11Oae2C9Kfc4EgM=; b=Jvn++qCnE42i+UoqSHadrTjNHvNwltR3ZRVk2rfjNasFXUoDm9/rljT69V+6bQrA5Dln4VOIxjnQ emGSTdYVteYg3XgLGMAI3AMyIxIIYU6PZcZJzb1mMyQ1h1tzX2avsuvMwqgIBxCGEXlw/RgxynFT G6eWhys1Mt8pHsOSaxw= Message-Id: Mime-Version: 1.0 From: Quincyseguros To: "jhardin" Reply-To: martinamayer903@gmail.com Subject: [SPAM] jhardin, refer to your compensation Date: Tue, 19 Oct 2021 00:15:38 +0200 X-Bounce-Tracking-Info: Content-type: text/plain; charset=iso-8859-1; format=flowed X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Oct 2021 16:25:54 -0600 (CST) for IP:'92.118.231.107' DOMAIN:'o16789115x47.service.cloudns.cc' HELO:'service.cloudns.cc' FROM:'quincyseguros33@wellfare.cloudns.cx' RCPT:'' X-Greylist: Delayed for 00:10:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 18 Oct 2021 16:25:54 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by ga.impsec.org id 19IMPplK025708 X-Spam-Prev-Subject: jhardin, refer to your compensation Status: R X-Status: X-Keywords: X-UID: 321 Content-Length: 2039 We are Funds Investigation Unit fighting criminal activities around the globe.This is to inform you that, we have been working towards the eradication of fraudsters and scam Artists in Europe United States and Africa with the help of the Organization of African Unity (OAU), the International Monetary Fund (IMF) and FBI. We have been able to track down so many of this scam artist in various parts of African countries and Europe, which includes (United Kingdom, Spain, Ghana, Nigeria, Cameroon and Senegal) and they are all in Government custody now, they will appear at International Criminal Court (ICC) Hague (Netherlands) soon for Criminal/Fraud Justice. We have been able to track down some of these criminals element from different countries, and a lot of funds have been recovered. Due to this manadate these funds is said to be re-imburse back to individauls, we are therefore writing you to respond since your data is among the beneficiary list so as to get possible procedures on how you can file for this claim. We have arranged your payment to be paid to you direct to your financial institution in your country or via a check. To receive the above fund, you are therefore advised to contact the (International Bank official) who will transfer the fund to your bank account from Reserve Bank. We have advised the Bank Agent to open a private email address with a new number as to enable us to monitor this payment and the transfer communications to avoid further delay or misdirection of your fund. Kindly contact the Reserve Bank private Bank Agent now with the below contact details: Contact: MRS. MARTINA MAYER Email: martinamayer903@gmail.com Compensation Fund Transfer Dept. (Bank International) 1. Your Full Name: 2. Your Age: 3. Occupation: 4. Cell/Mobile Number: Please send all replies to Yours in Service. MR. WILSON STEWART. United Nations Funds Investigation Unit. Please make sure you are a scam victim to respond to this Email if this mail come as an Error Ignore it and Delete Immediately From gustavo@globalrelay.net Wed Oct 20 02:56:38 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,REPTO_419_FRAUD_GM, SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19K8uSjk028170 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 20 Oct 2021 02:56:38 -0600 Message-Id: <202110200856.19K8uSjk028170@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 14E1125ABF; Sat, 16 Oct 2021 21:46:30 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Sun, 17 Oct 2021 02:46:28 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 02:56:38 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 02:56:38 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19K8uSjk028170 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 322 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From helenidaho0@gmail.com Wed Oct 20 07:07:08 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************* X-Spam-Status: Yes, score=13.7 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_80, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8233] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.219.174 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.219.174 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [helenidaho0[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [helenidaho0[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-yb1-f174.google.com (mail-yb1-f174.google.com [209.85.219.174]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19KD74pN023159 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 20 Oct 2021 07:07:08 -0600 Received: by mail-yb1-f174.google.com with SMTP id q189so11723912ybq.1 for ; Wed, 20 Oct 2021 06:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=2BuGo0XJOOJdsyhORbJNtAzOCA2tEE7EgFRmVobqxeA=; b=eYDWJyaOdAzLQrizseCFoA21gjs/0CRQx/RR7qThfAUrz/e1w6PDivhuQgdH87RmLv mhRyUzt9aBFXxNNprV1d0rmMGhFUBWFkLNjF4c44NUZ86y8K7IezXkrf9FMEFZnH1LZE DgTAj+UX58oZTWmlnQFkuD+XhhTZwQ3qaVphhPuexGen0w1XBvQR3PZVaiak+nJPj922 1J2Suj1UGIOILk+wn5vmAdzxpDzZO2NmqSKBItEQpyxNNkj4KI9VirVyslj0UWNWyJ1H tHGZq2+4glkLr5Q9KUMOl3xWqw49HdD9JjMR0xvho3MYMuk+SBcQnA5iP277FYxE9G3c CqcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:content-transfer-encoding; bh=2BuGo0XJOOJdsyhORbJNtAzOCA2tEE7EgFRmVobqxeA=; b=qZ0m6QPgUJesQcDjduQeavdz3WBPnh4c+9yGaowDXVGidOKZxmo+P+NGRK3+a5lINr F7HPyoOa69u0vpPZziSGqvJxxL7M6Ql1DAEQ6M6yI15rQHQhg/UZE8W712ziHmVdAh6b l6Bo5NxJCDr7a/HNAkHWi0FvLls/O1cOaxHnMvOVSjr+bLxb+77eaK/xILYBuboBKRf9 1ICZTZdi68NJxllyZMSCHkgIs4nVyVWp1z5znxW9PWi8x81ykON9ZRvLqg42jMRLMiQD 6vqKuyEumqdhSKCHHlES2M6Sq5AOQhS6Ufgz/50GucQ2mcDKGwr66I22kEGhI1Dd61f7 STpA== X-Gm-Message-State: AOAM532Z5uTUkIQ+oJRtRSNS2XPGa3aL5ff+3rooTT/kogqwoA+NmMju 81w0r29Uur9cFFspykiePVSJgwm+29MgpiFgNPY= X-Google-Smtp-Source: ABdhPJyNbsfmi6yAvkdJNwvL1kwd4+XdmnVDO8S6dciNi/mtpeqkAkBAvNjnj7knNzR0xLxUxd4ZarNQ+SI5mtiZDF8= X-Received: by 2002:a25:1186:: with SMTP id 128mr42711718ybr.547.1634735221745; Wed, 20 Oct 2021 06:07:01 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6918:3b23:b0:60:f3aa:c237 with HTTP; Wed, 20 Oct 2021 06:07:01 -0700 (PDT) Reply-To: helenadamsidaho@gmail.com From: "MARIE H. HYPPOLITE" Date: Wed, 20 Oct 2021 14:07:01 +0100 Message-ID: Subject: [SPAM] HELP THE NEED ONES. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 07:07:08 -0600 (CST) for IP:'209.85.219.174' DOMAIN:'mail-yb1-f174.google.com' HELO:'mail-yb1-f174.google.com' FROM:'helenidaho0@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 07:07:08 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19KD74pN023159 X-Spam-Prev-Subject: HELP THE NEED ONES. Status: R X-Status: X-Keywords: X-UID: 323 My Beloved in the Lord. I am Mrs. Marie F. Hyppolite. A (Citizen of the United States of America), an elderly widow who suffers from a prolonged illness (cancer). I am currently admitted to a private hospital, I have funds I inherited from my late loving husband, Mr. Hyppolite Smith. which he deposited in a bank before his death through covid-19, and I need a very honest and God-fearing family that can use these funds for the work of God and 30% of the total funds will be for their compensation for doing this work of God in charity orphanage home project in your country. Please, if your Family will be able to use these funds for the Lord’s work, respond kindly for more details. mariehyppolitesmith@yahoo.com Your Sister in the Lord. Marie F. Hyppolite From backup@pksmak.ru Wed Oct 20 11:15:12 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************************** X-Spam-Status: Yes, score=35.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HEADER_FROM_DIFFERENT_DOMAINS,MISSING_HEADERS, MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_ZBI,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_13,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 1.5 NSL_RCVD_HELO_USER Received from HELO User * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [81.91.35.158 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [81.91.35.158 listed in bl.score.senderscore.com] * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 2.1 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 RCVD_IN_MSPIKE_ZBI No description available. * 1.3 FROM_MISSPACED From: missing whitespace * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: RU XX Received: from mail.pksmak.ru (www.pksmak.ru [81.91.35.158]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19KHF6C3044032 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 20 Oct 2021 11:15:11 -0600 Received: from [103.167.92.100] (helo=User) by mail.pksmak.ru with esmtpa (Exim 4.92) (envelope-from ) id 1mcjJT-00056A-2Q; Tue, 19 Oct 2021 12:13:32 +0500 Reply-To: From: "Private Mail" Subject: [SPAM] Portfolio Management Date: Tue, 19 Oct 2021 00:13:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: Sender: backup@pksmak.ru X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 11:15:12 -0600 (CST) for IP:'81.91.35.158' DOMAIN:'www.pksmak.ru' HELO:'mail.pksmak.ru' FROM:'backup@pksmak.ru' RCPT:'' X-Greylist: Delayed for 33:58:10 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 11:15:12 -0600 (CST) X-Spam-Prev-Subject: Portfolio Management Status: R X-Status: X-Keywords: X-UID: 324 Hello, You have effective skills in portfolio management. We have a private business proposition for you, contact me for more details. Thank you, Datuk. Sip100/10-16-21/2.8wwe.158 From gustavo@globalrelay.net Wed Oct 20 14:48:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************** X-Spam-Status: Yes, score=30.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,REPTO_419_FRAUD_GM, SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19KKmfmq013970 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 20 Oct 2021 14:48:47 -0600 Message-Id: <202110202048.19KKmfmq013970@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id CDFEA2A901A; Sat, 16 Oct 2021 21:48:11 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Sun, 17 Oct 2021 02:48:08 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 14:48:47 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 20 Oct 2021 14:48:47 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19KKmfmq013970 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 325 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From datosabiertos@munisanisidro.gob.pe Thu Oct 21 11:43:40 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.8 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,LOTS_OF_MONEY,MONEY_FRAUD_5,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP,REPTO_419_FRAUD,SPAM_BOOSTER_04, SPF_HELO_NONE,SPF_PASS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9996] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9996] * 6.0 REPTO_419_FRAUD Reply-To is known advance fee fraud collector * mailbox * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [40.74.137.18 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 2.4 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money * 2.2 MONEY_FRAUD_5 Lots of money and many fraud phrases X-Spam-Relay-Country: PE PE JP Received: from MX01.soc.gtdperu.pe (mx01.soc.gtdperu.pe [200.123.0.224]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19LHhXtR001834 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 21 Oct 2021 11:43:40 -0600 Received: from mail.munisanisidro.gob.pe (correo.munisanisidro.gob.pe [200.123.25.211]) by MX01.soc.gtdperu.pe with ESMTP id 19I21VD7014783-19I21VD9014783 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 17 Oct 2021 21:01:31 -0500 Received: from info.54xpti1o15rurlhs03whlwys2c.mx.internal.cloudapp.net (unknown [40.74.137.18]) (Authenticated sender: datosabiertos) by mail.munisanisidro.gob.pe (Postfix) with ESMTPSA id 0B35146CC620; Sun, 17 Oct 2021 14:27:17 -0500 (-05) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Thanks For Understanding To: Recipients From: "Ms. Reem Al-Hashimi" Date: Sun, 17 Oct 2021 19:27:09 +0000 Reply-To: remmhashimi@kakao.com Message-Id: <20211017192718.0B35146CC620@mail.munisanisidro.gob.pe> X-MSI-MailScanner-Information: Please contact the ISP for more information X-MSI-MailScanner-ID: 0B35146CC620.A1795 X-MSI-MailScanner: Found to be clean X-MSI-MailScanner-From: datosabiertos@munisanisidro.gob.pe X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 11:43:40 -0600 (CST) for IP:'200.123.0.224' DOMAIN:'mx01.soc.gtdperu.pe' HELO:'MX01.soc.gtdperu.pe' FROM:'datosabiertos@munisanisidro.gob.pe' RCPT:'' X-Greylist: Delayed for 87:41:43 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 11:43:40 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19LHhXtR001834 X-Spam-Prev-Subject: Thanks For Understanding Status: R X-Status: X-Keywords: X-UID: 326 Content-Length: 1401 Hello Sir/Ma, My name is Reem E. A, the Emirates Minister of State and Managing Director of the United Arab Emirates (Dubai) World Expo 2020 Committee. I am writing to you to stand as my partner to receive my share of gratification from foreign companies whom I helped during the bidding exercise towards the Dubai World Expo 2020 Committee and also i want to use this funds to assist Coronavirus Symptoms and Causes. I"m serving as a minister, there is a limit to my personal income and investment level and For this reason, I cannot receive such a huge sum back to my country or my personal account, so an agreement was reached with the foreign companies to direct the gratifications to an open beneficiary account with a financial institution where it will be possible for me to instruct further transfer of the fund to a third party account for investment purpose which is the reason i contacted you to receive the fund as my partner for investment in your country. The amount is valued at Euro 47,745,533.00 with a financial institution waiting my instruction for further transfer to a destination account as soon as I have your information indicating interest to receive and invest the fund, I will compensate you with 30% of the total amount and you will also get benefit from the investment. If you can handle the fund in a good investment.Reply to: remmhashimi@kakao.com Regards, Reem From gustavo@globalrelay.net Thu Oct 21 11:48:00 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.7 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19LHlt8R001882 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 21 Oct 2021 11:48:00 -0600 Message-Id: <202110211748.19LHlt8R001882@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 3706D2179CA; Fri, 15 Oct 2021 13:52:14 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Fri, 15 Oct 2021 18:52:11 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 11:48:00 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 11:48:00 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19LHlt8R001882 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 327 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From mrodilijames@gmail.com Thu Oct 21 15:18:08 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: **************** X-Spam-Status: Yes, score=16.3 required=5.0 tests=ADVANCE_FEE_4_NEW,BAYES_99, BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,T_HK_NAME_FM_MR_MRS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.219.176 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.219.176 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrodilijames[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 3.5 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian * 419) * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19LLI3uD020951 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 21 Oct 2021 15:18:08 -0600 Received: by mail-yb1-f176.google.com with SMTP id v7so2490500ybq.0 for ; Thu, 21 Oct 2021 14:18:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=XrlDmmSh1mftzV1K9xmuQAw8+QabWj2irDNtOEft9aA=; b=aQRlRBA1PaOZJQ1pyRaeCAGSJxtaQTTeoAM08Wqsgk9rK93WWnq5SRvcq1iOBBg/gI 8JrClu9igW0VoIc36msalWtW1oOaM+4kKhWY/UtbCAj22zN8BcTxgSGYLRZ2A/29nxVu ICknXTYTUClIyiBvKpTsJlGGEp9HOKoBTQdmaqQHYVr2zoZNAJBtNXb2gwB/S6tDCNYg BI3QYgCtZJiYV5rKDmfuZZ3D+8xP8/Hza1OjUVFHSgrLTCtoBBKzB1+Joir1GYwTboPL 28ANZ3Za9SmtvURB8m1b0pKYrRqMEAYkrjhMAc1LTm+xP/5ReEYnB8sZQxhzlozl0Sdy T09Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=XrlDmmSh1mftzV1K9xmuQAw8+QabWj2irDNtOEft9aA=; b=pVFgazenXrKCoVYDqePMc4aUiC4h9Lh/x80L0Rc28VRh7gV+FKUAtYXSaQMG4uM5+x kTcbvhR6P7NxhpQA/8Kq8uiO8HJdWR47tkVtas8zQGe2WlzMJM0hiPSh6P3HEBw3y5Tc Jg5nk5vQpSsQKd0LPt0QW4EvFuuu3HZ3RRAw7JYLaOzTN6t+R1ayTRppn/L5e43EQ1gC ZxCFHvGGFoIBTBDzvioHPfv4U6TJc64Nj/vMgYAMYnOyaDR2dZrxc0xM+XjVk9NSL93Q qlqFjF+Z0IgNnk7AUN7negDonTPoUZ+hjR2jsekXwBOq0RRmpbBqrb97or5vGCSHmEVO NhwQ== X-Gm-Message-State: AOAM533OqJyMSYe4qdAkA+IgOrJXzSpuabvQh43Sm9HHlTYZzeNKzcaU 7HVuDNAfyiLnhmGkgfYKPrZYOW8s4c9xnd8DiLg= X-Google-Smtp-Source: ABdhPJzcwIhBQ5Y8QT7tphMuesl+nAX6oAlmn6TmQQTdp8N7P0CHdnCDP3RJIIeuIS8+Lzw/I8k/VHVU7Om6DynOAE4= X-Received: by 2002:a25:e092:: with SMTP id x140mr4827175ybg.448.1634851081909; Thu, 21 Oct 2021 14:18:01 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:7108:639c:0:0:0:0 with HTTP; Thu, 21 Oct 2021 14:18:01 -0700 (PDT) Reply-To: legalcosme@hotmail.com From: "Mr. Cosme Amossou" Date: Fri, 22 Oct 2021 05:18:01 +0800 Message-ID: Subject: [SPAM] Re; To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 15:18:08 -0600 (CST) for IP:'209.85.219.176' DOMAIN:'mail-yb1-f176.google.com' HELO:'mail-yb1-f176.google.com' FROM:'mrodilijames@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 15:18:08 -0600 (CST) X-Spam-Prev-Subject: Re; Status: R X-Status: X-Keywords: X-UID: 328 Hello, My name is Mr.Cosme Amossou, I apologize for contacting you in this manner but the situation at hand demands urgent attention from all presumed beneficiaries. I have an important subject to share with you, regarding my late client Mr.Peter fund's domicile in his bank. Write back to me for more detailed information. Best regards Mr. Cosme From gustavo@globalrelay.net Thu Oct 21 20:59:46 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.7 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19M2xbYn002437 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 21 Oct 2021 20:59:46 -0600 Message-Id: <202110220259.19M2xbYn002437@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 83D01112F10; Thu, 14 Oct 2021 16:36:05 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Thu, 14 Oct 2021 21:36:03 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 20:59:46 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 21 Oct 2021 20:59:46 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19M2xbYn002437 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 329 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From gustavo@globalrelay.net Fri Oct 22 08:38:44 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.7 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19MEcUuv037999 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 22 Oct 2021 08:38:44 -0600 Message-Id: <202110221438.19MEcUuv037999@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 37F5420D546; Fri, 15 Oct 2021 12:51:33 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Fri, 15 Oct 2021 17:51:31 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Oct 2021 08:38:44 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Oct 2021 08:38:44 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19MEcUuv037999 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 330 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From gustavo@globalrelay.net Fri Oct 22 17:28:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.7 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,MAY_BE_FORGED, MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL, RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU, REPTO_419_FRAUD_GM,SPAM_BOOSTER_04,SPAM_BOOSTER_13,SPF_FAIL, SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19MNSgGm037877 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 22 Oct 2021 17:28:51 -0600 Message-Id: <202110222328.19MNSgGm037877@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id B412B1A598E; Fri, 15 Oct 2021 11:31:46 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Fri, 15 Oct 2021 16:31:44 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Oct 2021 17:28:51 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 22 Oct 2021 17:28:51 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19MNSgGm037877 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 331 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From peter.saija@nl.abnamro.com Sat Oct 23 04:44:14 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.2 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_99,DEAR_FRIEND,FREEMAIL_FORGED_REPLYTO,HTML_MESSAGE, LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,RDNS_NONE,RELAY_COUNTRY_JP,SPF_FAIL, SPF_HELO_NONE,TEQF_USR_POLITE,TO_EQ_FM_DOM_SPF_FAIL,TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9945] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=peter.saija%40nl.abnamro.com;ip=114.160.61.210;r=ga.impsec.org] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.0 TEQF_USR_POLITE To and from user nearly same + polite greeting * 1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed * 2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: JP XX Received: from ns1.town.ajigasawa.lg.jp ([114.160.61.210]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19NAi7qP025060 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 23 Oct 2021 04:44:14 -0600 Received: from [103.167.90.58] ([103.167.90.58]) (authenticated bits=0) by ns1.town.ajigasawa.lg.jp (8.13.8/8.13.8) with ESMTP id 19M7AK8w012219; Fri, 22 Oct 2021 16:13:55 +0900 Message-Id: <202110220713.19M7AK8w012219@ns1.town.ajigasawa.lg.jp> Content-Type: multipart/alternative; boundary="===============1061111924==" MIME-Version: 1.0 Subject: [SPAM] Good Morning.. To: Recipients From: "J.P" Date: Fri, 22 Oct 2021 00:13:46 -0700 Reply-To: dejongpeter@yandex.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 04:44:14 -0600 (CST) for IP:'114.160.61.210' DOMAIN:'[114.160.61.210]' HELO:'ns1.town.ajigasawa.lg.jp' FROM:'peter.saija@nl.abnamro.com' RCPT:'' X-Greylist: Delayed for 27:25:16 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 04:44:14 -0600 (CST) X-Spam-Prev-Subject: Good Morning.. Status: R X-Status: X-Keywords: X-UID: 332 Content-Length: 1083 You will not see this in a MIME-aware mail reader. --===============1061111924== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Dear friend, Good Morning. I am writing to seek your help to secure and inv= est 29.5 Million USD in your Country. I am writing you from the Netherlands= Abn Amro Bank N.V. Contact me urgently at : dejongpeter@yandex.com for det= ails. Kind Regards J. Peter --===============1061111924== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body = Dear friend, Good Morning. I am writing to see= k your help to secure and invest 29.5 Million USD in your Country. I am wri= ting you from the Netherlands Abn Amro Bank N.V. Contact me urgently at : d= ejongpeter@yandex.com for details. Kind Regards J. Peter --===============1061111924==-- From gustavo@globalrelay.net Sat Oct 23 12:41:24 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,REPTO_419_FRAUD_GM, SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19NIfF9F019183 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 23 Oct 2021 12:41:24 -0600 Message-Id: <202110231841.19NIfF9F019183@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id E668E25B9D; Sat, 16 Oct 2021 21:46:47 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Sun, 17 Oct 2021 02:46:45 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 12:41:24 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 12:41:24 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19NIfF9F019183 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 333 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From gustavo@globalrelay.net Sat Oct 23 23:33:30 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************************** X-Spam-Status: Yes, score=29.9 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, MSGID_FROM_MTA_HEADER,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_PSBL, RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,REPTO_419_FRAUD_GM, SPAM_BOOSTER_13,SPF_FAIL,SPF_HELO_NONE,TO_EQ_FM_DOM_SPF_FAIL, TO_EQ_FM_SPF_FAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.122.69.142 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.122.69.142 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) * [176.122.69.142 listed in bl.mailspike.net] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jonhugo1964[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=gustavo%40globalrelay.net;ip=176.122.69.142;r=ga.impsec.org] * 10 SPAM_BOOSTER_13 Boost score for BAYES_999 + * RELAY_COUNTRY_CN/BR/RU * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed * 0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF * failed X-Spam-Relay-Country: RU US Received: from mx.er33.ru (mx.er33.ru [176.122.69.142] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19O5XHDU029434 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 23 Oct 2021 23:33:30 -0600 Message-Id: <202110240533.19O5XHDU029434@ga.impsec.org> Received: from MoeClub.europe-west3-c.c.deguo-2.internal (214.55.141.34.bc.googleusercontent.com [34.141.55.214]) by mx.er33.ru (Postfix) with ESMTPSA id 14A5B209ADA; Fri, 15 Oct 2021 12:28:00 +0300 (MSK) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Good News Respond ASAP To: Recipients From: "Jonathan Hugo" Date: Fri, 15 Oct 2021 17:27:57 +0800 Reply-To: jonhugo1964@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 23:33:30 -0600 (CST) for IP:'176.122.69.142' DOMAIN:'[176.122.69.142]' HELO:'mx.er33.ru' FROM:'gustavo@globalrelay.net' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 23 Oct 2021 23:33:30 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19O5XHDU029434 X-Spam-Prev-Subject: Good News Respond ASAP Status: R X-Status: X-Keywords: X-UID: 334 Greetings, I want to use this opportunity to offer you a business undertaking with a very high monetary gain and value, mutually beneficial to both parties if you are interested. Please allow me give you a brief picture of my offer by confirming your personal and private Email to me. Best Regards, Jonathan Hugo From mail2021@glorious-angel.com Mon Oct 25 15:39:41 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.5 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_50,DEAR_SOMETHING,FILL_THIS_FORM,FILL_THIS_FORM_LONG, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, LOTS_OF_MONEY,MONEY_FORM,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, MSGID_FROM_MTA_HEADER,NA_DOLLARS,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DNSWL_NONE,RCVD_IN_SBL_CSS,RELAY_COUNTRY_JP,SPF_HELO_NONE, SPF_PASS,TEQF_USR_POLITE,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5727] * 0.5 RELAY_COUNTRY_JP Relayed via Japan * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [40.74.71.179 listed in zen.spamhaus.org] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [64.56.177.38 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [joseramonjr1[at]daum.net] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * 0.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 1.4 TEQF_USR_POLITE To and from user nearly same + polite greeting * 1.8 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 3.1 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.5 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: JP JP JP Received: from mail.ohs.estore.co.jp (h038.ty.estore.co.jp [64.56.177.38]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19PLdYAT024948 for ; Mon, 25 Oct 2021 15:39:41 -0600 Message-Id: <202110252139.19PLdYAT024948@ga.impsec.org> Received: from mail.ohs.estore.co.jp (h042.ty.estore.co.jp [64.56.177.42]) by tymailrelay01.ty.estore.co.jp (Postfix) with SMTP id 5CB732CAAFA for ; Tue, 26 Oct 2021 04:50:00 +0900 (JST) Received: (qmail 16460 invoked from network); 26 Oct 2021 04:06:51 +0900 X-ohsqaws: 1962362f36a6c68e9fa50f60 Received: from unknown (HELO info.14p54xjy1kgu5m1lxoc4mq0acd.mx.internal.cloudapp.net) (40.74.71.179) by 0 with SMTP; 26 Oct 2021 04:06:51 +0900 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Hello To: Recipients From: "Andujar Jose Ramon Jr" Date: Mon, 25 Oct 2021 19:06:48 +0000 Reply-To: joseramonjr1@daum.net X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 25 Oct 2021 15:39:41 -0600 (CST) for IP:'64.56.177.38' DOMAIN:'h038.ty.estore.co.jp' HELO:'mail.ohs.estore.co.jp' FROM:'mail2021@glorious-angel.com' RCPT:'' X-Greylist: Delayed for 01:19:52 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 25 Oct 2021 15:39:41 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 19PLdYAT024948 X-Spam-Prev-Subject: Hello Status: R X-Status: X-Keywords: X-UID: 335 Content-Length: 2052 Dear Sir/Madam, How are you doing today? As strange as this mail may seems, I would like you to receive it in good fate even though we haven't met before now. My name is Andujar Jose Ramon Jr, a Sergeant in American Army and i served in Afghanistan from 2010 until the unfortunate takeover of the Talibans in August this year. During my stay in Afghanistan, I and some of my colleaques found an oil vessel abandoned by oil thivies in a lake between Afghanistan and Turkey so we repaired the vessel and through the information we got in the vessel we contacted the buyers who directed us on how to get the crude oil to the them. Because of the nature of the business and our jobs we did not want to transfer the money to the US so, we decided to open a private EXCREW account in Turkey without a beneficiary details to enable us to transfer it to anyone we may choose to be the beneficiary. The total Amount in this deal is $24.7m {twenty four million, seven hondred thousand US dollars} and you stand a chance of getting %20 of the total sum as compensation while the %80 will be used for an investment that you will handle and benefit from the proceeds. This sounds like a joke right? Well, it is not a joke, so it need to be taken seriously. In order to start the pepper work in the bank with your name, i would like to have the following details about you if you would like to be part of this. 1. FULL NAME: 2. YOUR AGE: 3. SEX: 4. NATIONALITY: 5. COUNTRY OF RESIDENCE: 6. TELEPHONE NUMBER: 7. YOUR MARITAL STATUS: 8. YOUR OCCUPATION: 9. CURRENT ADDRESS: 10.COPY OF ID As soon as i receives the above requrements, i will send it to the bank and also open a communication between you and the bank for better communication. In order for us to succeed in this transaction, i would want you to handle this confidentail. No word of this should for any reason get to any ear. I want to believe that i can trust you I will be waiting for your earliest response to my private Email: andujarjoseramonjr@yandex.com Best Regards, Andujar Jose Ramon Jr From pastorj272@gmail.com Tue Oct 26 16:12:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_80,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,NA_DOLLARS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,T_MONEY_PERCENT,UNDISC_FREEM, UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8657] * 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) * [209.85.210.180 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [pastorj272[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.210.180 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [estherkatherine1960[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [pastorj272[at]gmail.com] * 0.6 NA_DOLLARS BODY: Talks about a million North American dollars * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.1 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 3.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19QMCljI033141 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 26 Oct 2021 16:12:50 -0600 Received: by mail-pf1-f180.google.com with SMTP id t184so847069pfd.0 for ; Tue, 26 Oct 2021 15:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=CxUBhvynCQMtXNovsiuwtcSvxVMrZQT5k58jQBxMhtY=; b=V12Q5Hjh3MQ0WRB34qCT9a622dtYFuA6Q0EGVT0L2tD1Rq7a+Xf3h6l7cnrqA7nOVd Uc/PaO+/HasGJVa8P8T+4DvzaMtGdz30APi8+yDcVGvkAdDomWt6UIApduKtUFZsfbVc ++nJVqOLKbFqhi/3IAz3JHQKS25PbztbDd6/jAFQ6aMRBC1r7tibr7ndnm8bmmye8z8M xWnZ++Cgr0P2q8uG01S0g8dp0dlBWmb+L5DHhAvf4q9ccMngksxV8QBudii69Vg4Bz7l 2s7pqk9FzkjgCJAiaTzeCSVabREmpnAXonQ82xQGTLrBd73EKYpfWXgyfmLul68GEU4l 9T8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=CxUBhvynCQMtXNovsiuwtcSvxVMrZQT5k58jQBxMhtY=; b=YrPeOBJyrAQH2v4VyStY/wYgAAHcAeeefszEaW5DMKoHiIFfI/W0n4+LKYo+hzSuQ2 ungwcLnfmt8mk5m5jJeXVE3PZ2ssd5IsYEbP7QsRVOWHTE93XKIIssc7cluBP8Eo/y/T 3vKNfjbO4E70JdNpOrFVntpH9SuAwQqVZOKwr79MxYplp7+gsqv/uJwV+PAmx8+t44mr wMil7uCmLSe/TJc6rBJ+loM4v7lB/KuFbHZ9jgf+eckunJ/bQ7wQK91r356AHkgnbaAc KprerkKtgSrWWcnVfL3TloCCBsRuC83ZawVZJ5wqp4k32qKRzHxN7iCZNAQfX8FSHtTl GuFw== X-Gm-Message-State: AOAM533tUOLY2c/g0tL/dEiMzpOS0FfzvTARwa1a++ZVE64UpPdo/syL YvAZIOJS9+37JK5XbIcwvAQPcI6FfWT9n3e3YYE= X-Google-Smtp-Source: ABdhPJy/+eW+c2ozZaaD3pD73e7BIBdH0paBOGaSWZ+Anpaa37nUOVPInm7bn8DkCHwPx7LnaRi1O7oW8iioZVMrHl8= X-Received: by 2002:a63:b917:: with SMTP id z23mr13647176pge.303.1635286363304; Tue, 26 Oct 2021 15:12:43 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6a11:49d:0:0:0:0 with HTTP; Tue, 26 Oct 2021 15:12:42 -0700 (PDT) Reply-To: estherkatherine1960@gmail.com From: Esther Katherine Date: Tue, 26 Oct 2021 15:12:42 -0700 Message-ID: Subject: [SPAM] Urgent!!! To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:12:50 -0600 (CST) for IP:'209.85.210.180' DOMAIN:'mail-pf1-f180.google.com' HELO:'mail-pf1-f180.google.com' FROM:'pastorj272@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:12:50 -0600 (CST) X-Spam-Prev-Subject: Urgent!!! Status: R X-Status: X-Keywords: X-UID: 336 Content-Length: 1505 Dear Beloved, Kindly pardon me for any inconvenience this letter may cost you, I want you to understand my point very well. I am Miss Esther Katherine, I have been suffering from ovarian cancer and the doctor says that I have just a few days to live. I am from (Paris) France, but I was in the United States of America with my late husband as an importation and exportation Business family before he died and I started this bad illness. Due to the Virus all over the world and now that I am about to end the race like this, without any family members and no children. My late husband and I had Millions of dollars in Bank of America which I instructed the Bank to share with the Orphanages Homes in the USA immediately this sickness started. But my mind is not at rest because I am writing this letter now with the help of my laptop beside my sickbed. We also have $17.5 Million US Dollars at Barclays Bank in America and I will also instruct the bank manager to transfer the fund to you as a foreigner business partner that will apply to the bank, That they should release the funds to you to start building orphanage homes and help poor people with it. But you will assure me that you will take 20% of the fund and use 80% to the orphanage homes in your country and other countries for my heart to rest. I have just a few days to end my life due to ovarian cancer disease. Respond to me immediately for further details: katherinepascal123@mypanel.biz Thank You. Best Regards Miss Esther Katherine. From info@briq-institute.org Tue Oct 26 16:34:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD, MONEY_FREEMAIL_REPTO,NSL_RCVD_FROM_USER,SPF_HELO_NONE,SPF_PASS, UNDISC_MONEY,URG_BIZ,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9740] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jm3461128[at]gmail.com] * 0.6 URG_BIZ Contains urgent matter * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.2 MONEY_ATM_CARD Lots of money on an ATM card * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: DE ** ** Received: from email.briq-institute.org (email.briq-institute.org [131.220.86.225]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19QMXv3E034354 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=FAIL) for ; Tue, 26 Oct 2021 16:34:01 -0600 Received: from briq-sv042.ad.briq-institute.org (10.144.40.42) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.7; Wed, 27 Oct 2021 00:28:43 +0200 Received: from User (10.144.40.226) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server id 15.1.2375.7 via Frontend Transport; Wed, 27 Oct 2021 00:28:41 +0200 Reply-To: From: "Mr. James Mike" Subject: [SPAM] =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= =?utf-8?B?MzAzKSA2MzItMDYxNg==?= Date: Wed, 27 Oct 2021 01:20:24 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <273e2873-c726-4350-82dc-cb16b5a070ed@briq-sv042.ad.briq-institute.org> To: Undisclosed recipients:; X-TM-AS-Product-Ver: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-AS-Result: No-12-72.840200-8.000000 X-TMASE-MatchedRID: AzEHJdHXt76dIDUGmRnk0mzBijri5+RVfqDbgsmLG+S2WymsB9JR6vh5 gT8kXkoMco/5UQpJ3CFbfsp4cg4kJwPCwyUF7AZoTALGGFqq5RVFYhJJXmHGL/yQXCBzKijhyi0 cpfLXkLbYkSKA4RGFAJOb99BtizXWzhQRr4Zp1fiwHUYUUuuMQvhy2Kco24WsPzpf+cBTvo9DJi enRpkiMgKUIyGmIR6t4yf6Jl3/aOQqgbs43b5u5T15aor0pUPeegJr1XbWCal/2iy8d1BiwvdJg PhE31FftBV4C5PHNYl6AiRZ1weEEKPFjJEFr+olfeZdJ1XsoriE9QXZyL0OCIsSLRubxrvNkHB2 DlHJ/54yARVOgMb8bNlX11pmnb6i0ZDDMtqWchjdB/CxWTRRu7MYjwSs96EiTcob1S4330on+7O QMJa6E1d8idQQrT24gCFTEocxozlyPudfW0xm07QhpQD7IX1DQCl30gpd5m8= X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 12-72.840200-8.000000 X-TMASE-Version: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-SNTS-SMTP: DFBC4395A57FFA04523E7B7BB405075AF0313BA343DD9E8CDA56550455985D312000:F X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:34:01 -0600 (CST) for IP:'131.220.86.225' DOMAIN:'email.briq-institute.org' HELO:'email.briq-institute.org' FROM:'info@briq-institute.org' RCPT:'' X-Greylist: Delayed for 00:05:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:34:01 -0600 (CST) X-Spam-Prev-Subject: =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= Status: R X-Status: X-Keywords: X-UID: 337 Content-Length: 1037 Hi, How are you today? I am Diplomatic Agent, Mr. James Mike, I have arrived here in JFK International Airport New york With your ATM Card Worth, $10.8M Dollars. But I need to hear from you urgent because I receive another address from this woman by name, Mrs. Virgina Tanner and she told me that you have authorized Her to receive the ATM Card for you because you are very ill now, Is this truth,let me know.Did you send you this woman called,Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Also, I want you to send me $100.00 for the airport clearance certificate. Remember I was sent from UPS Courier Company, Director,to make delivery of this ATM Card to your house address So If I did not hear from you urgent,I will complete this delivery to Mrs. Virgina Tanner as your representative. I wait for your urgent response now,Did you send you this woman called, Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Diplomatic Agent, Mr. James Mike, CALL OR TEXT +1 (303) 632-0616 From info@briq-institute.org Tue Oct 26 16:34:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD, MONEY_FREEMAIL_REPTO,NSL_RCVD_FROM_USER,SPF_HELO_NONE,SPF_PASS, UNDISC_MONEY,URG_BIZ,USER_IN_BLACKLIST_TO,USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9740] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jm3461128[at]gmail.com] * 0.6 URG_BIZ Contains urgent matter * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.2 MONEY_ATM_CARD Lots of money on an ATM card * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: DE ** ** Received: from email.briq-institute.org (email.briq-institute.org [131.220.86.225]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19QMXvsM034357 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=FAIL) for ; Tue, 26 Oct 2021 16:34:01 -0600 Received: from briq-sv043.ad.briq-institute.org (10.144.40.43) by briq-sv043.ad.briq-institute.org (10.144.40.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.7; Wed, 27 Oct 2021 00:28:46 +0200 Received: from User (10.144.40.226) by briq-sv043.ad.briq-institute.org (10.144.40.43) with Microsoft SMTP Server id 15.1.2375.7 via Frontend Transport; Wed, 27 Oct 2021 00:28:44 +0200 Reply-To: From: "Mr. James Mike" Subject: [SPAM] =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= =?utf-8?B?MzAzKSA2MzItMDYxNg==?= Date: Wed, 27 Oct 2021 01:20:27 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <451d4e0d-c7a1-4928-af3a-15e4975d21d0@briq-sv043.ad.briq-institute.org> To: Undisclosed recipients:; X-TM-AS-Product-Ver: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-AS-Result: No-12-72.840200-8.000000 X-TMASE-MatchedRID: AzEHJdHXt76dIDUGmRnk0mzBijri5+RVfqDbgsmLG+S2WymsB9JR6vh5 gT8kXkoMco/5UQpJ3CFbfsp4cg4kJwPCwyUF7AZoTALGGFqq5RVFYhJJXmHGL/yQXCBzKijhyi0 cpfLXkLbYkSKA4RGFAJOb99BtizXWzhQRr4Zp1fiwHUYUUuuMQvhy2Kco24WsPzpf+cBTvo9DJi enRpkiMgKUIyGmIR6t4yf6Jl3/aOQqgbs43b5u5T15aor0pUPeegJr1XbWCal/2iy8d1BiwvdJg PhE31FftBV4C5PHNYl6AiRZ1weEEKPFjJEFr+olfeZdJ1XsoriE9QXZyL0OCIsSLRubxrvNkHB2 DlHJ/54yARVOgMb8bNlX11pmnb6i0ZDDMtqWchjdB/CxWTRRu7MYjwSs96EiTcob1S4330on+7O QMJa6E1d8idQQrT24gCFTEocxozlyPudfW0xm07QhpQD7IX1DQCl30gpd5m8= X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 12-72.840200-8.000000 X-TMASE-Version: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-SNTS-SMTP: A54F2DCCB57AD08783D95E90A88C37D04C2A734BC5D4F2CBA848C3E562E324132000:F X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:34:01 -0600 (CST) for IP:'131.220.86.225' DOMAIN:'email.briq-institute.org' HELO:'email.briq-institute.org' FROM:'info@briq-institute.org' RCPT:'' X-Greylist: Delayed for 00:05:05 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 16:34:01 -0600 (CST) X-Spam-Prev-Subject: =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= Status: R X-Status: X-Keywords: X-UID: 338 Content-Length: 1037 Hi, How are you today? I am Diplomatic Agent, Mr. James Mike, I have arrived here in JFK International Airport New york With your ATM Card Worth, $10.8M Dollars. But I need to hear from you urgent because I receive another address from this woman by name, Mrs. Virgina Tanner and she told me that you have authorized Her to receive the ATM Card for you because you are very ill now, Is this truth,let me know.Did you send you this woman called,Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Also, I want you to send me $100.00 for the airport clearance certificate. Remember I was sent from UPS Courier Company, Director,to make delivery of this ATM Card to your house address So If I did not hear from you urgent,I will complete this delivery to Mrs. Virgina Tanner as your representative. I wait for your urgent response now,Did you send you this woman called, Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Diplomatic Agent, Mr. James Mike, CALL OR TEXT +1 (303) 632-0616 From info@briq-institute.org Tue Oct 26 17:21:50 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD, MONEY_FREEMAIL_REPTO,NSL_RCVD_FROM_USER,SPF_HELO_NONE,SPF_PASS, UNDISC_MONEY,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9740] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jm3461128[at]gmail.com] * 0.6 URG_BIZ Contains urgent matter * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.2 MONEY_ATM_CARD Lots of money on an ATM card * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: DE ** ** Received: from email.briq-institute.org (email.briq-institute.org [131.220.86.225]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19QNLkv5039159 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=FAIL) for ; Tue, 26 Oct 2021 17:21:50 -0600 Received: from briq-sv042.ad.briq-institute.org (10.144.40.42) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.7; Wed, 27 Oct 2021 01:16:37 +0200 Received: from User (10.144.40.226) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server id 15.1.2375.7 via Frontend Transport; Wed, 27 Oct 2021 01:16:35 +0200 Reply-To: From: "Mr. James Mike" Subject: [SPAM] =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= =?utf-8?B?MzAzKSA2MzItMDYxNg==?= Date: Wed, 27 Oct 2021 02:08:18 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: <28d49d41-7c45-4f67-8419-e0a93457bd69@briq-sv042.ad.briq-institute.org> To: Undisclosed recipients:; X-TM-AS-Product-Ver: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-AS-Result: No-12-72.840200-8.000000 X-TMASE-MatchedRID: AzEHJdHXt76dIDUGmRnk0mzBijri5+RVfqDbgsmLG+S2WymsB9JR6vh5 gT8kXkoMco/5UQpJ3CFbfsp4cg4kJwPCwyUF7AZoTALGGFqq5RVFYhJJXmHGL/yQXCBzKijhyi0 cpfLXkLbYkSKA4RGFAJOb99BtizXWzhQRr4Zp1fiwHUYUUuuMQvhy2Kco24WsPzpf+cBTvo9DJi enRpkiMgKUIyGmIR6t4yf6Jl3/aOQqgbs43b5u5T15aor0pUPeegJr1XbWCal/2iy8d1BiwvdJg PhE31FftBV4C5PHNYl6AiRZ1weEEKPFjJEFr+olfeZdJ1XsoriE9QXZyL0OCIsSLRubxrvNkHB2 DlHJ/54yARVOgMb8bNlX11pmnb6i0ZDDMtqWchjdB/CxWTRRu7MYjwSs96EiTcob1S4330on+7O QMJa6E1d8idQQrT24gCFTEocxozlyPudfW0xm07QhpQD7IX1DQCl30gpd5m8= X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 12-72.840200-8.000000 X-TMASE-Version: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-SNTS-SMTP: F2F748D9B6ABA248604E7918D30A5B965FCE497D24BAC6706AF355ADE5F341E52000:F X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 17:21:50 -0600 (CST) for IP:'131.220.86.225' DOMAIN:'email.briq-institute.org' HELO:'email.briq-institute.org' FROM:'info@briq-institute.org' RCPT:'' X-Greylist: Delayed for 00:05:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 17:21:50 -0600 (CST) X-Spam-Prev-Subject: =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= Status: R X-Status: X-Keywords: X-UID: 339 Content-Length: 1037 Hi, How are you today? I am Diplomatic Agent, Mr. James Mike, I have arrived here in JFK International Airport New york With your ATM Card Worth, $10.8M Dollars. But I need to hear from you urgent because I receive another address from this woman by name, Mrs. Virgina Tanner and she told me that you have authorized Her to receive the ATM Card for you because you are very ill now, Is this truth,let me know.Did you send you this woman called,Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Also, I want you to send me $100.00 for the airport clearance certificate. Remember I was sent from UPS Courier Company, Director,to make delivery of this ATM Card to your house address So If I did not hear from you urgent,I will complete this delivery to Mrs. Virgina Tanner as your representative. I wait for your urgent response now,Did you send you this woman called, Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Diplomatic Agent, Mr. James Mike, CALL OR TEXT +1 (303) 632-0616 From info@briq-institute.org Tue Oct 26 18:43:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************* X-Spam-Status: Yes, score=21.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_95,FORGED_MUA_OUTLOOK, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HK_NAME_MR_MRS,LOTS_OF_MONEY,MONEY_ATM_CARD, MONEY_FREEMAIL_REPTO,NSL_RCVD_FROM_USER,SPF_HELO_NONE,SPF_PASS, UNDISC_MONEY,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9740] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [jm3461128[at]gmail.com] * 0.6 URG_BIZ Contains urgent matter * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 1.0 HK_NAME_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.2 MONEY_ATM_CARD Lots of money on an ATM card * 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: DE ** ** Received: from email.briq-institute.org (email.briq-institute.org [131.220.86.225]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19R0hCro045752 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=FAIL) for ; Tue, 26 Oct 2021 18:43:16 -0600 Received: from briq-sv042.ad.briq-institute.org (10.144.40.42) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.7; Wed, 27 Oct 2021 02:38:01 +0200 Received: from User (10.144.40.226) by briq-sv042.ad.briq-institute.org (10.144.40.42) with Microsoft SMTP Server id 15.1.2375.7 via Frontend Transport; Wed, 27 Oct 2021 02:37:59 +0200 Reply-To: From: "Mr. James Mike" Subject: [SPAM] =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= =?utf-8?B?MzAzKSA2MzItMDYxNg==?= Date: Wed, 27 Oct 2021 03:29:42 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: To: Undisclosed recipients:; X-TM-AS-Product-Ver: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-AS-Result: No-12-72.840200-8.000000 X-TMASE-MatchedRID: AzEHJdHXt76dIDUGmRnk0mzBijri5+RVfqDbgsmLG+S2WymsB9JR6vh5 gT8kXkoMco/5UQpJ3CFbfsp4cg4kJwPCwyUF7AZoTALGGFqq5RVFYhJJXmHGL/yQXCBzKijhyi0 cpfLXkLbYkSKA4RGFAJOb99BtizXWzhQRr4Zp1fiwHUYUUuuMQvhy2Kco24WsPzpf+cBTvo9DJi enRpkiMgKUIyGmIR6t4yf6Jl3/aOQqgbs43b5u5T15aor0pUPeegJr1XbWCal/2iy8d1BiwvdJg PhE31FftBV4C5PHNYl6AiRZ1weEEKPFjJEFr+olfeZdJ1XsoriE9QXZyL0OCIsSLRubxrvNkHB2 DlHJ/54yARVOgMb8bNlX11pmnb6i0ZDDMtqWchjdB/CxWTRRu7MYjwSs96EiTcob1S4330on+7O QMJa6E1d8idQQrT24gCFTEocxozlyPudfW0xm07QhpQD7IX1DQCl30gpd5m8= X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 12-72.840200-8.000000 X-TMASE-Version: SMEX-14.0.0.3092-8.6.1018-26492.003 X-TM-SNTS-SMTP: AD50E021D8EF8781A90E3335C722C0BC5D13D74AEDC473C69FA04B9B8A5038322000:F X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 18:43:17 -0600 (CST) for IP:'131.220.86.225' DOMAIN:'email.briq-institute.org' HELO:'email.briq-institute.org' FROM:'info@briq-institute.org' RCPT:'' X-Greylist: Delayed for 00:05:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 26 Oct 2021 18:43:17 -0600 (CST) X-Spam-Prev-Subject: =?utf-8?B?KioqUGhpc2hpbmcqKio6IENBTEwgT1IgVEVYVCArMSAo?= Status: R X-Status: X-Keywords: X-UID: 340 Content-Length: 1037 Hi, How are you today? I am Diplomatic Agent, Mr. James Mike, I have arrived here in JFK International Airport New york With your ATM Card Worth, $10.8M Dollars. But I need to hear from you urgent because I receive another address from this woman by name, Mrs. Virgina Tanner and she told me that you have authorized Her to receive the ATM Card for you because you are very ill now, Is this truth,let me know.Did you send you this woman called,Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Also, I want you to send me $100.00 for the airport clearance certificate. Remember I was sent from UPS Courier Company, Director,to make delivery of this ATM Card to your house address So If I did not hear from you urgent,I will complete this delivery to Mrs. Virgina Tanner as your representative. I wait for your urgent response now,Did you send you this woman called, Mrs. Virgina Tanner to receive your ATM CARD worth $10.8Mus Dollars from Me. Diplomatic Agent, Mr. James Mike, CALL OR TEXT +1 (303) 632-0616 From apmail-jhardin-owner@apache.org Sat Oct 30 10:42:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 19UHg2Ml028159 for ; Sat, 30 Oct 2021 10:42:02 -0700 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, FREEMAIL_REPLYTO_END_DIGIT,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE, RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, SPF_PASS,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: FI US FI ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 30 Oct 2021 10:42:02 -0700 (PDT) Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 19UHdKDQ015267 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 30 Oct 2021 11:39:24 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id 8F6445FD66 for ; Sat, 30 Oct 2021 17:39:18 +0000 (UTC) Received: (qmail 21807 invoked by uid 500); 30 Oct 2021 17:39:18 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 21804 invoked by uid 99); 30 Oct 2021 17:39:18 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 30 Oct 2021 17:39:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 5E401BFB86 for ; Sat, 30 Oct 2021 17:39:17 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id 1SSwE_svLh6d for ; Sat, 30 Oct 2021 17:39:17 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::52a; helo=mail-pg1-x52a.google.com; envelope-from=matthew7emeila@gmail.com; receiver= Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id A656E7EA9D for ; Sat, 30 Oct 2021 17:39:16 +0000 (UTC) Received: by mail-pg1-x52a.google.com with SMTP id r28so13119088pga.0 for ; Sat, 30 Oct 2021 10:39:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=ADciItFz38EhjKJRJVIzviT2gaS7CyubfwbNTiIGfDE=; b=ayA9H+xeKSqUqYPC+aw0X6zD2LcmtqNJqL15o6SbtJ+SFP8olwYt2/njAt6HAUpe17 pp7JbumnLsvMM1of5UXjSjXRyDf115eeYePsYu16GHay+KuD6Z5HbJVyDEIVLtelTIgV Kb1mnSGbn+3HWrKvrNixHYw9hJVutuFykbDyn/MiIWDSxgjEh2bZjEtEQzY2c0FrF0+/ //cJdisJQavX6ZYkt8X4n4Udlzj0Zov9dBwxac9gpIFwssLFhf4KP3Tmlt7qSRV0zcP0 ja11s6K25LCEo0T3UK8iEkgWaVeiMpGT7cf9BEYm2Hu6cUaCisjghbRMhEn/983IpwKi YQpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=ADciItFz38EhjKJRJVIzviT2gaS7CyubfwbNTiIGfDE=; b=4DeExAl7ccMDrT4y3PWtEHUPxuuXh6QhDihN5XWitNguzQgIXmeqmceK53byjwH0el gn9kO5r8XU4Sv42vdrAMxdK2HmshmbOq+tnsiLve7dEZFowcmZSN5/gc1wcmmj/df/fz puqhqNKS/162U8kTsZ3JP4Fv9+fZs0FFt/tf0482wwep+2UGAeSx3fAzzmHLeqIpSfxl 06xHDldS4INOLyZ4jPyfZqK4c57aS5K4XgockocCpO2jjyL3IGW684wDSKGNuHM2drcv ryyXp5ZRhH4/1k57tzjrTywtpmLSJVFEMeQOVvD/xj1aBfrojgdh4HFDXtlDKyHHYqqs yPqQ== X-Gm-Message-State: AOAM530vErslXyaVycd8DcwgegsraOS2ZEv07g/5wDHYxCUFaifqiB+p X+ku4JTQBK3izvZZ+NfUImb+tL3f7ZB1Ir3WMn4= X-Google-Smtp-Source: ABdhPJzU2Fq4WhWqR+/jRoHRpca7D6x0QadxwHuwQ4rjZO55Up6JsMt8VxZi/ZedJqvsWHzwcsH+BHe2DbP3kEJvzDQ= X-Received: by 2002:a05:6a00:a02:b0:47b:f59a:2c80 with SMTP id p2-20020a056a000a0200b0047bf59a2c80mr18148262pfh.41.1635615555173; Sat, 30 Oct 2021 10:39:15 -0700 (PDT) MIME-Version: 1.0 Reply-To: williamsmartyrs888@gmail.com From: Williams Martyrs Date: Sat, 30 Oct 2021 18:37:08 +0100 Message-ID: Subject: To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="00000000000027c1c005cf956c02" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 30 Oct 2021 11:39:25 -0600 (CST) for IP:'95.216.194.37' DOMAIN:'mxout1-he-de.apache.org' HELO:'mxout1-he-de.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 30 Oct 2021 11:39:25 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 341 --00000000000027c1c005cf956c02 Content-Type: text/plain; charset="UTF-8" Hello Friend, I wrote an earlier email to you about your family members' funds being transferred to your nominated bank account . --00000000000027c1c005cf956c02 Content-Type: text/html; charset="UTF-8"
Hello Friend, I wrote an earlier email to you about your family members' funds being transferred to your nominated bank account .

--00000000000027c1c005cf956c02-- From info@dienmaythienhoa.com.vn Thu Nov 4 10:21:45 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.9 required=5.0 tests=BAYES_95,FILL_THIS_FORM, FILL_THIS_FORM_LONG,FORM_FRAUD,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,KHOP_HELO_FCRDNS,LCL_REPLY_TO_CHINA, LOTS_OF_MONEY,MAY_BE_FORGED,MONEY_FORM,MONEY_FREEMAIL_REPTO, RCVD_IN_SBL,RCVD_IN_VALIDITY_RPBL,RELAY_COUNTRY_RU,SPF_HELO_NONE, SPF_NONE,SUBJ_ALL_CAPS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99% * [score: 0.9631] * 2.5 LCL_REPLY_TO_CHINA Reply to an address in sina.com, qq.com or * aliyun.com * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [156.96.56.15 listed in zen.spamhaus.org] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [178.248.71.27 listed in bl.score.senderscore.com] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [qatarfoundation01[at]qq.com] * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.1 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 1.0 FORM_FRAUD Fill a form and a fraud phrase X-Spam-Relay-Country: RU US Received: from pdc.Outdoor.local (static-178-248-71-27.broadband.intercom-technology.net [178.248.71.27] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1A4GKoY1021427 for ; Thu, 4 Nov 2021 10:21:36 -0600 Received: from [156.96.56.15] ([156.96.56.15]) by pdc.Outdoor.local with Microsoft SMTPSVC(6.0.3790.1830); Thu, 4 Nov 2021 19:12:10 +0300 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] =?utf-8?q?QATAR_FOUNDATION_OF_=C2=A31=2C000=2C000GBP!?= To: Recipients From: info@dienmaythienhoa.com.vn Date: Thu, 04 Nov 2021 11:58:42 -0700 Reply-To: qatarfoundation01@qq.com Message-ID: X-OriginalArrivalTime: 04 Nov 2021 16:12:12.0394 (UTC) FILETIME=[B9D7B4A0:01D7D196] X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 04 Nov 2021 10:21:45 -0600 (CST) for IP:'178.248.71.27' DOMAIN:'[178.248.71.27]' HELO:'pdc.Outdoor.local' FROM:'info@dienmaythienhoa.com.vn' RCPT:'' X-Greylist: Delayed for 00:06:44 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 04 Nov 2021 10:21:45 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1A4GKoY1021427 X-Spam-Prev-Subject: =?utf-8?q?QATAR_FOUNDATION_OF_=C2=A31=2C000=2C000GBP!?= Status: R X-Status: X-Keywords: X-UID: 342 Content-Length: 1040 QATAR FOUNDATION Address: Qatar Foundation Building Al Wajba Area,P.O. Box 5825 Doha,Qatar. Qatar Foundation is a government-funded organization here in Qatar,founded 1995 by decree of Sheikh Hamad bin Khalifa Al Thani, Emir of Qatar.Qatar Foundation in conjunction with the European Union(UK),These Donations are freely given to individuals for their business,educational and personal development.Congratulation,You were among the lucky beneficiary selected to receive this donations award sum of 1,000,000GBP(One Million Great Britain pounds Sterly)each as charity donations/aid from the Qatar Foundation to promote your business and personal developments. For more details on how to receive your Donation Bank Draft,please contact the President of Qatar Foundation with your pin numbers(QF-999-9814),Full Names,Sex,Contact Address, country, Nationality,Occupation, date of birth and your Valid Phone Number via contact details below. YOU HAVE TO REPLAY THIS MAIL BELOW ONLY. President of Qatar Foundation: Dr Mohammad Fathy Saoud From mrsaishagaddafi48@gmail.com Thu Nov 4 14:36:57 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.4 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,DEAR_FRIEND,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, LOTS_OF_MONEY,MILLION_HUNDRED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,UNDISC_MONEY,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.44 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.208.44 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrsaishagaddafi48[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [mrsaishagaddafi48[at]gmail.com] * 0.7 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.6 URG_BIZ Contains urgent matter * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1A4Kao7h042871 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 4 Nov 2021 14:36:56 -0600 Received: by mail-ed1-f44.google.com with SMTP id r4so24957568edi.5 for ; Thu, 04 Nov 2021 13:36:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=rwmEg2KA4HfT5C3uGSABl46GazPWgmi7syIxeQOUG4o=; b=JYHkY+xFaoeiqpu45e+EHAcXQUgwEMWmfAIHCYQR5O5yQ7Sr5bEVoA5x2qd5Elbg+r EgKjOJwAmUkziYJhEIbm1QcaZn7ihqYS9MvplUbC5UA7vYTMu5WikwyALHpn0kuq5B2D BKbO5+FNs9xLeNqbYOER2Ocy729/meemlVSvgEaN6ocrHSw77GPpiIY3Zi2d7Itq5wsQ El8KRjASW8ajIIEOJvRxiwTcgc2uN65abWkBOzxhIvEcbq0Emm85xybDfKpzvBTNGUpm 5vluRybUtdhByFUc5H9I7uOh1vnSE1XN0Md5GeGWjkH3MiJGMxePljAFUojY97BtUzdZ BmiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=rwmEg2KA4HfT5C3uGSABl46GazPWgmi7syIxeQOUG4o=; b=HOM2MnYWR/KkEdpAdpjDarWzSRwA7otH+GfAfzJykiIMsbZ81LfCneMZ6EXUr80CfI BfmgUyia8m5v90DnPISg/qnwTpXAA28hlnsjj9JavKaoTHygWLoS1cG2R6DfKJT5y9BZ +8NFBPt7nQu0/GHzy9Cx7PqISfGKgSevg1bP3lCyoPGVff1h8E39y2LrBWaySg9jzMP5 cODzt13gFC7SumE8ElWkD0DI9nHZibKUDC47b2QVIKs8thngBAeTH0NR4qQGjHopcZB8 1qKN2xSXBeHGDXWYAVl2BCYWEv5FjS8R5Qi8ZMGpgdWEiXI1q7jPkTbz98U16ljLPZwW j8HQ== X-Gm-Message-State: AOAM532QRo1Ucs/+clYhQOWPaSUsRU3hr+KcI8xPftLTuO5jQpt9goni 8vmM/i6dzUuImFcFLrVC8PjxgVr0cKhPnGo9Kmw= X-Google-Smtp-Source: ABdhPJyrTYx4Wls/kY0HNZ/YH4+0ntdEpuBoAfiHG6rorPZRFs/c6mMLR0igm5Nc1TacyTgejIaC2I3My0rXRQjI8rk= X-Received: by 2002:a17:907:9908:: with SMTP id ka8mr68836509ejc.164.1636058207042; Thu, 04 Nov 2021 13:36:47 -0700 (PDT) MIME-Version: 1.0 From: M_A_Mrs Aisha Gaddafi Date: Thu, 4 Nov 2021 21:36:35 +0100 Message-ID: Subject: [SPAM] I have this project Fund to invest To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="00000000000043430e05cffc7c6b" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 04 Nov 2021 14:36:57 -0600 (CST) for IP:'209.85.208.44' DOMAIN:'mail-ed1-f44.google.com' HELO:'mail-ed1-f44.google.com' FROM:'mrsaishagaddafi48@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 04 Nov 2021 14:36:57 -0600 (CST) X-Spam-Prev-Subject: I have this project Fund to invest Status: R X-Status: X-Keywords: X-UID: 343 Content-Length: 2186 --00000000000043430e05cffc7c6b Content-Type: text/plain; charset="UTF-8" Dear Friend, May i use this medium to open a mutual communication with you seeking your acceptance towards investing in your country under your management as my partner, My name is Aisha Gaddafi and presently living in Oman, i am a Widow and single Mother with three Children, the only biological Daughter of late Libyan President (Late Colonel Muammar Gaddafi) and presently i am under political asylum protection by the Omani Government. I have funds worth "Twenty Seven Million Five Hundred Thousand United State Dollars" -$27.500.000.00 US Dollars which i want to entrust on you for investment project in your country.If you are willing to handle this project on my behalf, kindly reply urgent to enable me provide you more details to start the transfer process. I shall appreciate your urgent response through my email address below: ( mgaddafi506@gmail.com ) Best Regards Mrs Aisha --00000000000043430e05cffc7c6b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Dear Friend,
=C2=A0 =C2=A0 =C2=A0 =C2=A0May i =C2=A0use= this medium to open a mutual communication with you seeking your acceptanc= e towards investing in your country under your management as my partner, My= name is Aisha =C2=A0Gaddafi and presently living in Oman, i am a Widow and= single Mother with three Children, the only biological Daughter of late Li= byan President (Late Colonel Muammar Gaddafi) and presently i am under poli= tical asylum protection by the Omani Government.

I have funds worth = "Twenty Seven Million Five Hundred Thousand United State Dollars"= -$27.500.000.00 US Dollars which i want to entrust on you for investment p= roject in your country.If you are willing to handle this project on my beha= lf, kindly reply urgent to enable me provide you more details to start the = transfer process.
I shall appreciate your urgent response through my ema= il address below: =C2=A0( mgaddafi= 506@gmail.com )

Best Regards
Mrs Aisha
--00000000000043430e05cffc7c6b-- From info@imfc.org Sun Nov 7 00:45:57 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.4 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_50,DATE_IN_PAST_03_06,DEAR_BENEFICIARY,FOUND_YOU, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE, LOTS_OF_MONEY,MILLION_HUNDRED,MIME_HTML_ONLY,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_RPBL, RDNS_NONE,RELAY_COUNTRY_CN,SPF_FAIL,SPF_HELO_NONE,SUBJ_ALL_CAPS, TO_NO_BRKTS_NORDNS_HTML,XFER_LOTSA_MONEY,YOU_INHERIT autolearn=disabled version=3.4.4 X-Spam-Report: * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5977] * 1.5 RELAY_COUNTRY_CN Relayed via China * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [194.99.45.24 listed in zen.spamhaus.org] * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [101.201.47.99 listed in bl.score.senderscore.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [bealitoniua9[at]gmail.com] * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=info%40imfc.org;ip=101.201.47.99;r=ga.impsec.org] * 0.8 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.6 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.2 YOU_INHERIT Discussing your inheritance * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.2 FOUND_YOU I found you... * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 1.2 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML * only * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: CN XX Received: from mail.jixintec.com ([101.201.47.99]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1A76jnCZ016918 for ; Sun, 7 Nov 2021 00:45:57 -0600 Received: from imfc.org (unknown [194.99.45.24]) by mail.jixintec.com (Postfix) with ESMTP id E65EC87608 for ; Sun, 7 Nov 2021 09:29:42 +0800 (CST) Reply-To: bealitoniua9@gmail.com From: "Christopher A. Wray" To: jhardin@impsec.org Subject: [SPAM] COURT ORDER RESTITUTION, SCAM VICTIM!!! Date: 06 Nov 2021 18:29:42 -0700 Message-ID: <20211106182942.089D56BCACDC4B66@imfc.org> MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Nov 2021 00:45:57 -0600 (CST) for IP:'101.201.47.99' DOMAIN:'[101.201.47.99]' HELO:'mail.jixintec.com' FROM:'info@imfc.org' RCPT:'' X-Greylist: Delayed for 04:53:54 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Nov 2021 00:45:57 -0600 (CST) X-Spam-Prev-Subject: COURT ORDER RESTITUTION, SCAM VICTIM!!! Status: R X-Status: X-Keywords: X-UID: 344 Content-Length: 2073

--
FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, DC = 20535 USA

Attn: Beneficiary

After proper and several investigations by the Western Union, Money
G= ram, International Monetary Fund (IMF) and United Nations (UN)
Offices w= e found your name amongst those that have sent money through
Western Uni= on, Cash App, Zelle, Venmo, Bank Transfer/Deposit and Money
Gram in the = course of receiving your Inheritance, Lottery, United
Nation compensatio= n funds which proves that you have truly been
swindled by those unscrupu= lous persons by sending money to them
through the above mentioned means.

To this regard United Nations (UN) held a meeting with the Board of
D= irectors of WESTERN UNION, MONEYGRAM, INTERNATIONAL MONETARY FUND
(IMF) = the FBI alongside with the MINISTRY of FINANCE. As a result of
our inves= tigations it was agreed that the sum of Six Million Five
Hundred Thousan= d United States Dollars (U.S. $6, 500,000.00) should be
transferred to y= ou from the funds set aside by The United States
Department of the Treas= ury to compensate scam victims.

The compensation scheme is open to people who wired money to scammersvia Western Union and MoneyGram between January 1, 2004 to December
19,= 2019, the deadline for lodging these claims is December 12, 2021.

This case is being handled and supervised by the FBI therefore we havesubmitted your details to affect the transfer of your funds to you.
Co= ntact the Western Union agent office through the information below:

Contact Person: Betsy Holden
Address: Western Union Post Office, Cali= fornia
Email: bealitoniua9@gma= il.com

Yours sincerely,
Christopher A. Wray
FBI Director

From miss.maureen0@gmail.com Sun Nov 7 14:27:02 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,BODY_EMAIL_419_FRAUD_GM,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, LOTS_OF_MONEY,MILLION_HUNDRED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,UNDISC_MONEY,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7524] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.210.171 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.210.171 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [miss.maureen0[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [miss.maureen0[at]gmail.com] * 0.6 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.6 URG_BIZ Contains urgent matter * 2.5 BODY_EMAIL_419_FRAUD_GM Email address in body is likely advance * fee fraud collector mailbox * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1A7KQtMI042367 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 7 Nov 2021 14:27:02 -0600 Received: by mail-pf1-f171.google.com with SMTP id g19so8093070pfb.8 for ; Sun, 07 Nov 2021 12:26:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=jq+8P9BxI/GAW08FesNnQxzs3jvRfrYL3Swk3yqrLnU=; b=VLDdCuromFw8CeHM6mGkgBr6ni/h5tKRcEtVnXFlY2VCqI9qgPlg7PALoJAaYY39dt OwKdCfRDi3IyrWC0o0+qMJN0IbD6RCJdeXh9WVMBxl7JOv/g+H/TjgOfzKzF9Pykn93E D7aQ6IMsld8tVwgp2B6x2s5MIR+/XwWMW6hik03oz5u86hPVs3gR697/n4pDMxp17EM+ 9TVJaxpXoBzouftpqAdf11VauceMcSK4ZWMPcS8vdwuRAwCTWsuXJG8zCVRWTfzEDsxC J5d2zgpn4lAtAogsjDcB7Aa+pwEQmxri5L3LnRJHeYVqPN64ZiAKVDPmhrBaPc4PeY6p e5cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jq+8P9BxI/GAW08FesNnQxzs3jvRfrYL3Swk3yqrLnU=; b=EuCr8MkvZ/wvK1U2Wuwiw7XRTk3OcW8iEkrOiAqkxVcAYms/zmRDwQluXr2oscsz4O uf4sQTO5N0mbgfAW+YnVY6RxT8kA8568b2iVdwoHq8JFG7Q1yW5bpuTj/o+9LJyZVVTG u86nGlmJ0cAA81T9cbc+GEDX/kXKbnLEP5UeG8QYI/awkRBPxw4g5Ye5UAmFM2IN0b6o dE5tQ0r+Hef0tQsfZyJEVx4v1Ie+jiXhn6nJzVzfXqdWHQTUzws4Eiaq2+WPjh11c1QA wjnvJEmYTw/B+VjNHkIgKoMcRyXnIR+yKcv+3fbC92eLbm/1iyIm2VYjYYpecL91KQim +zNQ== X-Gm-Message-State: AOAM532UP4hF7hF/ktzH3Xhb1Ry59RUTo7X7N+E7NxerZVInZxrL5IoI qU3Cete8GUQAS5TZCsI8cqwMr46y5byrUJwVccI= X-Google-Smtp-Source: ABdhPJxlAqfqJrpyY+R09Uhbhi2F4Z7VIXO4OmZjeHFbQ90AfyjRJ5N+Qe2+3PQEhOwCvMmySiVZv9gWXZnOcL3L9ns= X-Received: by 2002:a63:b25d:: with SMTP id t29mr40723678pgo.79.1636316812692; Sun, 07 Nov 2021 12:26:52 -0800 (PST) MIME-Version: 1.0 From: M_G_Mrs Aisha Gaddafi Date: Sun, 7 Nov 2021 21:26:35 +0100 Message-ID: Subject: [SPAM] Please Help me to Investment in your country To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="0000000000005c54c705d038b2fb" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Nov 2021 14:27:02 -0600 (CST) for IP:'209.85.210.171' DOMAIN:'mail-pf1-f171.google.com' HELO:'mail-pf1-f171.google.com' FROM:'miss.maureen0@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 07 Nov 2021 14:27:02 -0600 (CST) X-Spam-Prev-Subject: Please Help me to Investment in your country Status: R X-Status: X-Keywords: X-UID: 345 Content-Length: 2169 --0000000000005c54c705d038b2fb Content-Type: text/plain; charset="UTF-8" Greetings to you from the city of Muscat Oman I am pleased to use this medium to open a mutual communication with you and to ask for your permission and acceptance to partner with you to invest in your country. My name is Aisha Gaddafi and presently living in Oman,i am a Widow and single Mother with three Children, the only biological Daughter of late Libyan President (Late Colonel Muammar Gaddafi) and presently i am under political asylum protection by the Omani Government. I have funds worth $27.500.000.00 US Dollars "Twenty Seven Million Five Hundred Thousand United State Dollars" which I want to entrust to you for investment project assistance in your country. If you are willing to handle this project on my behalf I shall appreciate your urgent response to provide you more details to proceed further.Reply me through this E-mail mgaddafi506@gmail.com Best Regards Mrs Aisha Gaddafi --0000000000005c54c705d038b2fb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Greetings to you from the city of Muscat Oman

I am = pleased to use this medium to open a mutual communication with you and to a= sk for your permission and acceptance to partner with you to invest in your= country.

My name is Aisha =C2=A0Gaddafi and presently living in Oma= n,i am a Widow and single Mother with three Children, the only biological D= aughter of late Libyan President (Late Colonel Muammar Gaddafi) and present= ly i am under political asylum protection by the Omani Government.

I= have funds worth $27.500.000.00 US Dollars "Twenty Seven Million Five= Hundred Thousand United State Dollars" which I want to entrust to you= for investment project assistance in your country.

If you are willi= ng to handle this project on my behalf I shall appreciate your urgent respo= nse to provide you more details to proceed further.Reply me through this E-= mail mgaddafi506@gmail.com
= Best Regards
Mrs Aisha Gaddafi
--0000000000005c54c705d038b2fb-- From souleymanewarme17@gmail.com Mon Nov 8 03:52:47 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.7 required=5.0 tests=ADVANCE_FEE_3_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_HK_NAME_FM_MR_MRS, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9999] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9999] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.66 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [souleymanewarme17[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.66 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [sophiajesse41[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [souleymanewarme17[at]gmail.com] * 0.7 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases * 2.7 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-lf1-f66.google.com (mail-lf1-f66.google.com [209.85.167.66]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1A89qc7M020867 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 8 Nov 2021 03:52:47 -0600 Received: by mail-lf1-f66.google.com with SMTP id b40so5380838lfv.10 for ; Mon, 08 Nov 2021 01:52:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=btppJHOMAHBKnncnOSbPZ5QFJVfzMQqeZusIBug0Bj0=; b=iTwfkxSXWWvOHlxdMYMAfknmE9klWLGEjY/HslLqB1wnDn7qI1RNrZSnbxYefMCj3Z l89gjruw0270FWuBoM0K2WndsZDCPCBHiznUWdY060sLw8s6IRy8lClxS2ocV6LDiKrp 3GHneTR31Pv/+5plw5IGtcwCSPrSe4a4PkuitI53xPlVvvGxdSagxRVMZsLvtDhegYPL aomByEXfPRrFB6hEWCQ+hA38c38bawpwTgh+HIQuel2gDvFss2V9lVHLGAk4b6vUU+8B vflrlREHEvpqpiGU7CHUEhu0CegSwCK8R0Ij24mCAT05erz8/nAXf8XvwtTvH5Y7j4FG tdXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=btppJHOMAHBKnncnOSbPZ5QFJVfzMQqeZusIBug0Bj0=; b=xVqlxdr6/kiqOz0ZNNCWW6MlFd6mCPzgy2K1SfuMzIMnM6pSMJof9apLgkquBuYtQa sV9U+ed6wkwunUyjahXsFl3LvFHBE5otMZa7p7bHwjZeS/OhWfGo29MVcmKSAefo808+ 9Prxg0NENa2Fx7MI2InMAIDdqFq1Q5XHuNKyy172avKI2es93ioQJsM8vlI08vuRGKPs BQfc8SEO30OW2omufdfMwxF8EJ7KCxK/mSyLqKZPBZG0DPxxfV7+Ib62ZwVJ7eOprLH/ Jhq6Xw9T8xKbasStuEwkkF1Vlde9mGL+VzPOuuZ1vPgRR4MU5eJiYruxqzYK5qrUC5x3 7bGw== X-Gm-Message-State: AOAM533VVVEpGly63df0FtcFLwwGY5+I4W0ZCmOjwOivPu4MuHsDbNYS thsx+MS2WZAUJAN1M1/KKCjcoegXi8n8GaBJezY= X-Google-Smtp-Source: ABdhPJxH5aEE+tRWq3fYW3k1ma9QcHCM4s8eNNG32M/afA42+EqFPGxN7rb4e9I5DsScPpA3DIRlGj+DrdtbZBnSHNI= X-Received: by 2002:a19:e049:: with SMTP id g9mr19600055lfj.687.1636365154401; Mon, 08 Nov 2021 01:52:34 -0800 (PST) MIME-Version: 1.0 Reply-To: sophiajesse41@gmail.com From: "Mrs. Sophia Jessey" Date: Mon, 8 Nov 2021 01:52:21 -0800 Message-ID: Subject: [SPAM] Dear Beloved, To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="000000000000c0431305d043f3a0" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 08 Nov 2021 03:52:47 -0600 (CST) for IP:'209.85.167.66' DOMAIN:'mail-lf1-f66.google.com' HELO:'mail-lf1-f66.google.com' FROM:'souleymanewarme17@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 08 Nov 2021 03:52:47 -0600 (CST) X-Spam-Prev-Subject: Dear Beloved, Status: R X-Status: X-Keywords: X-UID: 346 Content-Length: 4147 --000000000000c0431305d043f3a0 Content-Type: text/plain; charset="UTF-8" -- STRICTLY FOR CHARITY DISPENSATION Hello Dear, Please I am writing this mail to you with great sorrow in my heart, My Name is Mrs. Sophia Jessey. I married to Mr. Nicolas Paul who worked with the Belgium High Commission here. He later retired and operated his business in Burkina Faso for many years before he died in the year 2017. Since we got married we had no child. He died after a brief illness that lasted for only five days. When my late husband was alive he deposited the sum of US$3.2m Three Million Two hundred Thousand Dollars)and some quantity of Raw Gold in Ouagadougou the capital city of Burkina Faso before he died, we jointly projected to make willful donation to orphanage and charity homes since we have none person to inherit the left over. Recently, my family Doctor told me that he cannot guarantee so much of my health condition after some diagnoses. That the cancer has overgrown. This sickness has lasted long in me until now that it has grown to this height. The shock resulted to partial stroke that affected part of my hands. Having known my condition I decided to search for whom to give out this money to take care of the less-privileged people, though I and my husband had it in plan before his death. You will utilize this money the way I am going to instruct you. I want you to take the Gold for your self while the money for charity, homeless and motherless orphanage dispensation. I grew up as an Orphan and I don't have anybody as my family. Am doing this so that God will forgive my sins and accept my soul because the sicknesses have suffered me so much. As soon as I receive your willing reply I will make every necessary arrangement to push the money to you for the execution of charity dispensation. Hoping to receive your reply. Be of good courage and strong. From Mrs. Sophia Jessey --000000000000c0431305d043f3a0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


--
STRICTLY FOR CH= ARITY DISPENSATION

Hello Dear,
Please I am writing this mail to y= ou with great sorrow in my heart, My Name is Mrs. Sophia Jessey. I married = to Mr. Nicolas Paul who worked with the Belgium High Commission here. He la= ter retired and operated his business in Burkina Faso for many years before= he died in the year 2017. Since we got married we had no child.

He = died after a brief illness that lasted for only five days. When my late hus= band was alive he deposited the sum of US$3.2m Three Million Two hundred Th= ousand Dollars)and some quantity of Raw Gold in Ouagadougou the capital cit= y of Burkina Faso before he died, we jointly projected to make willful dona= tion to orphanage and charity homes since we have none person to inherit th= e left over.

Recently, my family Doctor told me that he cannot guara= ntee so much of my health condition after some diagnoses. That the cancer h= as overgrown.
This sickness has lasted long in me until now that it has = grown to this height. The shock resulted to partial stroke that affected pa= rt of my hands. Having known my condition I decided to search for whom to g= ive out this money to take care of the less-privileged people, though I and= my husband had it in plan before his death. You will utilize this money th= e way I am going to instruct you.

I want you to take the Gold for yo= ur self while the money for charity, homeless and motherless orphanage disp= ensation. I grew up as an Orphan and I don't have anybody as my family.= Am doing this so that God will forgive my sins and accept my soul because = the sicknesses have suffered me so much.
As soon as I receive your willi= ng reply I will make every necessary arrangement to push the money to you f= or the execution of charity dispensation.

Hoping to receive your rep= ly. Be of good courage and strong.

From
Mrs. Sophia Jessey
<= /div> --000000000000c0431305d043f3a0-- From jhardin@impsec.org Wed Nov 10 16:29:09 2021 +0800 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 31310 invoked by uid 99); 10 Nov 2021 09:19:09 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Nov 2021 09:19:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 71D47BFB72 for ; Wed, 10 Nov 2021 09:19:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 5.84 X-Spam-Level: ***** X-Spam-Status: No, score=5.84 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, HK_NAME_MR_MRS=0.999, LOTS_OF_MONEY=0.001, MONEY_FREEMAIL_REPTO=2.59, MONEY_FROM_41=1.999, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L3=0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id FeG1UcyU9PFz for ; Wed, 10 Nov 2021 09:19:07 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=82.78.17.178; helo=mail.ibiol.ro; envelope-from=minodora.stanescu@ibiol.ro; receiver= Received: from mail.ibiol.ro (mail.ibiol.ro [82.78.17.178]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 50AC0BD636 for ; Wed, 10 Nov 2021 09:19:07 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.ibiol.ro (Postfix) with ESMTP id 95F1511BCCFB; Wed, 10 Nov 2021 10:29:29 +0200 (EET) Received: from mail.ibiol.ro ([127.0.0.1]) by localhost (mail.ibiol.ro [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id FtEN8_psRuki; Wed, 10 Nov 2021 10:29:29 +0200 (EET) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.ibiol.ro (Postfix) with ESMTP id BD92F11B943A; Wed, 10 Nov 2021 10:29:24 +0200 (EET) X-Virus-Scanned: amavisd-new at ibiol.ro Received: from mail.ibiol.ro ([127.0.0.1]) by localhost (mail.ibiol.ro [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id FmOWHiIG07NU; Wed, 10 Nov 2021 10:29:24 +0200 (EET) Received: from MACBOOK7275.localdomain (unknown [41.147.1.19]) by mail.ibiol.ro (Postfix) with ESMTPSA id 884D911B0B1F; Wed, 10 Nov 2021 10:29:15 +0200 (EET) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: Dringende Informationen To: Recipients From: "Mr. Haskel" Date: Wed, 10 Nov 2021 16:29:09 +0800 Reply-To: jonathanhaskel377@gmail.com Message-Id: <20211110082915.884D911B0B1F@mail.ibiol.ro> Status: X-Status: X-Keywords: X-UID: 347 Gr=FC=DFe von Jonathan Haskel, ich f=FChle mich geehrt, a vorteilhafter Vor= schlag an Sie; Ich m=F6chte Sie dringend um Hilfe bitten, um die Summe von = 7,9 Millionen Dollar plus (6 kg) Goldbarren zu erhalten. Ich w=FCrde mich = =FCber Ihre sofortige Antwort freuen, damit ich Ihnen mehr Details mitteile= n und diese Transaktion so schnell wie m=F6glich ohne Risiko abschlie=DFen = kann. Herzlich Jonathan Haskel From apmail-jhardin-owner@apache.org Wed Nov 10 07:00:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1AAF02t3026712 for ; Wed, 10 Nov 2021 07:00:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_99,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US US IN ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 10 Nov 2021 07:00:02 -0800 (PST) Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AAExrL9027647 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 10 Nov 2021 08:59:59 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 212053EB0E for ; Wed, 10 Nov 2021 14:59:53 +0000 (UTC) Received: (qmail 39089 invoked by uid 500); 10 Nov 2021 14:59:53 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 39086 invoked by uid 99); 10 Nov 2021 14:59:53 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Nov 2021 14:59:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 642B31FF4D1 for ; Wed, 10 Nov 2021 14:59:52 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id Ys2Cimne5eZR for ; Wed, 10 Nov 2021 14:59:51 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.214.178; helo=mail-pl1-f178.google.com; envelope-from=drabodiahmed6@gmail.com; receiver= Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 9D206BD7A6 for ; Wed, 10 Nov 2021 14:59:51 +0000 (UTC) Received: by mail-pl1-f178.google.com with SMTP id b11so3167382pld.12 for ; Wed, 10 Nov 2021 06:59:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=WCYNC5aMijJuV6nFkpy+j7k1NxfK0AwT9r3lJUXFeNs=; b=exoKHvXX7hbfWzUI6b2W7UklI5aqxEznvTngkWnFbiICmilLGKa0ATXSA4ZaMaj4/k JUtt/wPhtmrRzxkhu3h1EF4Wpo5ih1x788dnlm1mYfcHHUD+JLNtPKbYq6kDD/vohnqs gGT/XrUJff9IuIiVBUOejxe7CYTSygZ6wvl5X/FlWO9mJNrJZw+SE6BCOHpuAHxYitXH ngBEKt2viO3hHSQ+wpInsXD4zhKatxOUJsNTxGecl/43n0WFh9VUqu6TCDZIt0v2d+WX 9in8quFlfhIdfFrtONWRN3/ECjfBPNPrV0yYf4pjxpfTtZGVWRQvjqRsDo4C4kkag1H2 Y0jg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=WCYNC5aMijJuV6nFkpy+j7k1NxfK0AwT9r3lJUXFeNs=; b=FspdFRB0Wd80YKX3kdvqyD3XG/4mMdkl/3qz1Z7NJcLSnNvBTDVvKim55gsStZgFbd U9Nhbljwp9PkBmiPQf84uiqyJAGUs8ifR3oGsm/6bC41olpzEtp+nI4t73JxLKXi8fUp BzyNLJJtPhqx+WIJdGPrCc/mN6JXJywnujCbBx2nhP9EJuEMittGNY6LxdlwvaAQvOWF X6ziBDLIeiuScXxKSuIQr/2QWRJ43cFuM2PQa9eCHE1bFnVYz7gmL6+h0V6ocTeZmTJI NUXjHhnSud8WfMGTMv7ezo5eaBZEw6BdI5rQddRe2ZuAlhNCrGxow97fC9aLqeEs/fzW 7ZfA== X-Gm-Message-State: AOAM532xSmDar7attvN3RvdpE+OxrVjcYSV1/zAKrrtwlocOG4mIKq89 1zgKqdk+pvu+yXM8vf8EsNkmSJVaJsJ2JFlc6f0= X-Google-Smtp-Source: ABdhPJz3QIWbNJrvTvfENrLqQ7Mqh9UyCLMHGu9iE0OOYViBfaKuhFrhg4Qy/W8jK2UZt6GWxjM4sj32I3U8cQxkaI8= X-Received: by 2002:a17:902:6905:b0:142:9e19:702e with SMTP id j5-20020a170902690500b001429e19702emr16978355plk.34.1636556385217; Wed, 10 Nov 2021 06:59:45 -0800 (PST) MIME-Version: 1.0 Reply-To: adrabidiahmed@gmail.com From: Dr abboud ahmed Date: Wed, 10 Nov 2021 14:58:38 +0000 Message-ID: Subject: Greetings, To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="000000000000fef15705d0707922" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 10 Nov 2021 08:59:59 -0600 (CST) for IP:'3.227.148.255' DOMAIN:'mxout1-ec2-va.apache.org' HELO:'mxout1-ec2-va.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 10 Nov 2021 08:59:59 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 348 Content-Length: 1881 --000000000000fef15705d0707922 Content-Type: text/plain; charset="UTF-8" Greetings, I have a Mutual/Beneficial Business Project that would be beneficial to us. Please note that the deal requires high level of maturity, honesty and secrecy. This will involve moving some money from my office, on trust to your hands or bank account. Also note that i will do everything to make sure that the money is moved as a purely legitimate fund, so you will not be exposed to any risk. I request for your full co-operation. I will give you details and procedure when I receive your reply, to commence this transaction, I require you to immediately indicate your interest by a return reply. I will be waiting for your response in a timely manner. Contact Email: adrabidiahmed@gmail.com Best Regard, Dr abboud ahmed --000000000000fef15705d0707922 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Greetings,

I have a Mutual/Ben= eficial Business Project that would be
beneficial to us.

Please = note that the deal requires high level of maturity, honesty and
secrecy.= This will involve moving some money from my office, on trust
to your ha= nds or bank account. Also note that i will do everything to
make sure th= at the money is moved as a purely legitimate fund, so you
will not be ex= posed to any risk.

I request for your full co-operation. I will give= you details and
procedure when I receive your reply, to commence this t= ransaction, I
require you to immediately indicate your interest by a ret= urn reply. I
will be waiting for your response in a timely manner.
Contact=C2=A0 Email: adrabidia= hmed@gmail.com
Best Regard,
Dr abboud ahmed

--000000000000fef15705d0707922-- From milaleo28920@gmail.com Fri Nov 12 14:30:17 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************ X-Spam-Status: Yes, score=12.2 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FORGED_GMAIL_RCVD,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, HTML_MESSAGE,LOTS_OF_MONEY,MILLION_HUNDRED,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_MONEY_PERCENT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) * [209.85.210.53 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [milaleo28920[at]gmail.com] * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.210.53 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [milaleo28920[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.6 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1ACKUCcF036221 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 12 Nov 2021 14:30:17 -0600 Received: by mail-ot1-f53.google.com with SMTP id u18-20020a9d7212000000b00560cb1dc10bso15556346otj.11 for ; Fri, 12 Nov 2021 12:30:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:cc; bh=V8TJubQLg8gqyUBPzlqWfZeenLTMEeQclV/dmU0BfNU=; b=nNm6japuQ1uTgn2EIWWlnmUzD7vtO1w6UmYaDltLOa2gYggn7SelmGIVrSImjrJ+xo 87af6ZNpvM1NoHl987R7mDV4Kh2jA52kqMGBu4V2zG1sjbfi5JQeTEFMd6ZnfyGB1YQ+ HQ1f4h4+RgK0O68e9vnaLzSYCXusqFlybIMZJ8ujWla2qbqJBcv/gkHL28nyCdulqss9 GL1fP/QkTB0tlaW5Pvh7tWts/ExLALPZ/BhjamsbpqlvonCsKIdkbHTEOzTKrkFTVlTl PhpnAg7UU/812W1a3Df4MWaCLTduQxag7A1SD23BkCUURCFKwqortU9+uvvrUBBuZ3Rz qXWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:cc; bh=V8TJubQLg8gqyUBPzlqWfZeenLTMEeQclV/dmU0BfNU=; b=Yo4GxYuqCuV2H/aOwukkmq1pWFyHT/Amx6Jp7Swtdon+zK7n6LrtAJyCLRhK7JklRT O63bzhDEoxE8bNQ2WASvKQ7WAVKWrws7WNEqobEm9X+tC/xitqaMphdId7lhMS3Ov0MY xV84/KnHo952WMfOuNiYf0Huo/ZOF9XSOiYMb0CiOmBUwTaf4pu2inakREjnTq2ovFd4 eV5pqDRF0z2cq6bv/K4kYybnmJ0wAFzAyJ5W1gD7TybQXiznasHrPr3PG0R9maXL6wq5 LLt1YDgP0TyWRMWS2RyUkn3jktz8727Ns2gB3zDSFkILR+cWgnuylxoA+SQVAjKiKgQ3 2eww== X-Gm-Message-State: AOAM531q/T+n29pc2emAKyPf/j+aLhTPKCOOrQ3BqK3XbuA770sbW7lk zWRxUTEIR54Leduua/ihP9IikqvM1iKdVrJGro8= X-Received: by 2002:a9d:4b19:: with SMTP id q25mt10647841otf.186.1636749011550; Fri, 12 Nov 2021 12:30:11 -0800 (PST) MIME-Version: 1.0 From: Mila Leo Date: Sat, 13 Nov 2021 04:29:09 +0800 Message-ID: Subject: [SPAM] Hello Dear! Cc: sbrehm@eda.gov, rtm@csail.mit.ed, rlewis@dccouncil.us, kram@parl.gc.ca, communications@msdf.org, mgeist@uottawa.ca, plannedgiving@michaeljfox.org, subscriptions@producer.com, barrett@parl.gc.ca, chong@parl.gc.ca, info@mloebachlaw.com, president@asu.edu, savage@wabcradio.com, rpcentre@cash4u.com, danielle_petruccelli@toyota.ca, media@toyota.ca, toyota_feedback@toyota.ca, bowling@ualberta.ca, melissapraemonitus@gmail.com, mdelect@mcmaster.ca, letters@macleans.ca, residence@utoronto.ca, info@trendfollowing.com, michaelthames1@mac.com, parish@saintmichael.ca, thomas@octagon.com, bherz@mcpmagic.com, westendfamilycareclinic@gmail.com, michael@michaelechols.com, info@michaelfoods.com, michael@inzelbuchlaw.com, mike@michaelhingson.com, support@michaelhingson.com, speaker@michaelhingson.com, smith@mcgill.ca, berger@ncleg.gov, davis@ncleg.gov, blue@ncleg.gov, cathedral@stmichaelscathedral.com, michael@michael-waldron.com, admin@smfoundation.org.au, jadew@smfoundation.org.au, gianaris@nysenate.gov, info@michaeljohnsonperformance.com, erin@hewpr.com, burgess@opencongress.org, farenthold@opencongress.org, hausser@ucl.ac.uk, balot@utoronto.ca, hq-emergingworlds@mail.nas, info@michaelcinco.com, stylepublicrelations@gmail.com, info@knightayton.co.uk, patrick@pewliterary.com, admin@aranmichaelmanagement.com, mcohen@mcgrc.com, michaeltravis@gmail.com, lardner@avant.org.au, info@michaelcarrollandco.com, library@nd.edu.au, cullen@nd.edu.au, kelleher@nd.edu.au, fraternaltraining@kofc.org, michael@michaeldaehn.com, info@michaelcaines.com, lympstonemanor@saucecommunications.com, suzie@michaelfeinstein.com, webeditor@ucop.edu, roti@illinois.gov, mike@malodyadvisors.com, admin@mfal.net, office@stmichaelscs.org, office-ayls@stmichaelscs.org, absence-ayls@stmichaelscs.org, jhardin@impsec.org, 1644@compuserve.com, 532238@compuserve.com, criscuolom@unitedtalent.com, mawas@manulifesecurities.ca, cooper@parl.gc.ca, referrals@sullivanattorneys.com, info@smndow.cat, info@unikamed.com, info@sorkinstudio.com, admission@smcvt.edu, peters@yale.edu, waldorf@michaelmount.co.za, smcprimary@smc.sa.ed, smc@smc.sa.ed, m2msaleschina@huawei.com, europe@huawei.com, m2msalesusa@huawei.com, m2m_europe@huawei.com, info@michaelcostaracing.com.au, info@tcdsb.org, laupacis@unityhealth.to, rydelnik@messianicjourneys.org, info@messianicjourneys.org, info@michael-freeman-law.com, law@mplytlelaw.com Content-Type: multipart/alternative; boundary="0000000000006cdbef05d09d53e3" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Nov 2021 14:30:17 -0600 (CST) for IP:'209.85.210.53' DOMAIN:'mail-ot1-f53.google.com' HELO:'mail-ot1-f53.google.com' FROM:'milaleo28920@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Nov 2021 14:30:17 -0600 (CST) X-Spam-Prev-Subject: Hello Dear! Status: R X-Status: X-Keywords: X-UID: 349 Content-Length: 4385 --0000000000006cdbef05d09d53e3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable My name is Mr. Michael Leon, I am a newly promoted Branch Manager of a Bank here in England UK, I feel not quite safe discussing this Business with you through this Internet method, why because this transaction is very important business and must be treated Confidential. Though using this medium of the Internet has been greatly abused, I still choose to reach you through it because it still remains the fastest medium of communication, I got your information during my search through the Internet. It may interest you to hear that I am a man of PEACE and don't want problems, I only hope we can assist each other. If you don't want this business offer kindly forget it, as I will not contact you again. I have packaged a financial transaction that will benefit both of us, as the Branch Manager of the Bank, it is my duty to send in a Financial Report to my head office in the capital city London at the end of each year. In the course of the end of last year's report, I discovered that my branch in which I am the Manager made an excess profit of Seven Million five Hundred Thousand Pounds [=C2=A3 7,500,000.00] which my head office are not aware of= and will never be aware of. I have since placed this fund in a SUNDRY ACCOUNT. As an officer of the bank, I cannot be directly linked to this money, so this informed my contacting you for us to work together so that you can assist me and receive this fund into your bank account in your country for us to SHARE. I am offering you 45% of the total fund, while you keep 55% for me in your bank account till I join you in your country for the sharing/investment of my own share of the funds, or better still we can go into a joint partnership venture, I will appreciate it very much. I immensely request your optimum honesty and cooperation and Let me know your mind on this, and please do treat this information as Top secret as I can=E2=80=99t afford to lose my job with the Bank. For more details kindly contact me at my email Michael Leon --0000000000006cdbef05d09d53e3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My name is Mr. Michael Leon, I am a newly promoted Branch = Manager of a Bank here in England UK, I feel not quite safe discussing this= Business with you through this Internet method, why because this transacti= on is very important business and must be treated Confidential. Though usin= g this medium of the Internet has been greatly abused, I still choose to re= ach you through it because it still remains the fastest medium of communica= tion, I got your information during my search through the Internet.

= It may interest you to hear that I am a man of PEACE and don't want pro= blems, I only hope we can assist each other. If you don't want this bus= iness offer kindly forget it, as I will not contact you again. I have packa= ged a financial transaction that will benefit both of us, as the Branch Man= ager of the Bank, it is my duty to send in a Financial Report to my head of= fice in the capital city London at the end of each year. In the course of t= he end of last year's report, I discovered that my branch in which I am= the Manager made an excess profit of Seven Million five Hundred Thousand P= ounds [=C2=A3 7,500,000.00] which my head office are not aware of and will = never be aware of. I have since placed this fund in a SUNDRY ACCOUNT.
As an officer of the bank, I cannot be directly linked to this money, so = this informed my contacting you for us to work together so that you can ass= ist me and receive this fund into your bank account in your country for us = to SHARE. I am offering you 45% of the total fund, while you keep 55% for m= e in your bank account till I join you in your country for the sharing/inve= stment of my own share of the funds, or better still we can go into a joint= partnership venture, I will appreciate it very much.

I immensely re= quest your optimum honesty and cooperation and Let me know your mind on thi= s, and please do treat this information as Top secret as I can=E2=80=99t af= ford to lose my job with the Bank.
For more details kindly contact me at= my email
Michael Leon
--0000000000006cdbef05d09d53e3-- From cathy.chemshun@gmail.com Fri Nov 12 22:10:15 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.2 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_80,DATE_IN_FUTURE_06_12,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FILL_THIS_FORM,FREEMAIL_FROM,FREEMAIL_REPLYTO, HTML_MESSAGE,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9012] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [cathy.chemshun[at]gmail.com] * 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) * [209.85.216.53 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.216.53 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: * date * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FILL_THIS_FORM Fill in a form with personal information * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: US Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AD4A6jb032815 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 12 Nov 2021 22:10:15 -0600 Received: by mail-pj1-f53.google.com with SMTP id iq11so8320683pjb.3 for ; Fri, 12 Nov 2021 20:10:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=YMSVxTSk27gFR+BCK4pQJMRmXijvz8oZT/WYIumhIe4=; b=hfBfB9Gw8wjmwZ0l54PhnE9yv5LVo2P7O0eZmxWYk1PgStpanoLqbBiggEA+ZxpuOI n2jmK5oBLv+1niF9zdZ/WxABEUD7HWtPtg7hIcXezYGYJzo8hoCdS/MEXGvihqmPf47m KdjjUQ/OFqqrWEUpHremiOaOcFc9wD6bfwa0DIFDTGUNDBKhqpUpmOBmhD5IU2sUFAIt FkDttpmPI61XvabxkvudU4jjuhoxKPTVvgQxe6ljE0TSpZ1/K/9JdQ63Oi0fTdpj9enA NBszA04f/0wGRQjXPScAeTxPcZ9tt52vPF4nvGtkR12PzxzqRd3G54d4kEAlPtefcRKu GVcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=YMSVxTSk27gFR+BCK4pQJMRmXijvz8oZT/WYIumhIe4=; b=p036hTWF77o1GTA73qYozmqQHRVmLQeVI4BGXiM7v3H0kRJ1dp6MWX2b4P+ibPfbfJ QgQJMVLxHwz31QOx8DaGqj1oiT0v1enfSgbSCbWvo54b7ceL9S5i0Wq5sLG2Bin4e1Zr 50kKVLJziQ5QWf+OvNHC0Rz9216RuQJdFAuutHG/EQ3nskGw1/dmcoTxg1TTlEylLFl6 VNbhXO8Bj4ZuNWpv7QcSt6K3KApXofHLNsUdw7ZvKfwb3If4YLYfviXv7RtY/zujJjIT 0+jaQOnbujguHF+ETEt04a9trLtYSuRO/d34o6jK0s2QWbXJAyFoJLmVkReZVDgOM07X CNRQ== X-Gm-Message-State: AOAM531nZ6BlNcSbUAqUd+D62iPuZsgPBIXI9X5y0yxyXf1bA+Qal3cr ZRqDGqvuk+Ad1mdRu0869GBdNGOJddcK49gi4YI= X-Google-Smtp-Source: ABdhPJxcHGXhCq3b12z8gODxqyAOhs7yr6/TmlAwjz/0ulfiBJmm0KKaufpJQ3U6MrDyTCHvAvw1ncnpDB5IiWThxg4= X-Received: by 2002:a17:903:41c1:b0:141:f28f:729e with SMTP id u1-20020a17090341c100b00141f28f729emr13853792ple.34.1636776604009; Fri, 12 Nov 2021 20:10:04 -0800 (PST) MIME-Version: 1.0 Reply-To: barclays.kenya.bank@gmail.com From: Bank Management Date: Sat, 13 Nov 2021 05:09:37 -0800 Message-ID: Subject: [SPAM] Your Last Option. To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="0000000000000f06b305d0a3c030" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Nov 2021 22:10:15 -0600 (CST) for IP:'209.85.216.53' DOMAIN:'mail-pj1-f53.google.com' HELO:'mail-pj1-f53.google.com' FROM:'cathy.chemshun@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 12 Nov 2021 22:10:15 -0600 (CST) X-Spam-Prev-Subject: Your Last Option. Status: R X-Status: X-Keywords: X-UID: 350 Content-Length: 3131 --0000000000000f06b305d0a3c030 Content-Type: text/plain; charset="UTF-8" Hello, If you don't want to get the fund documents in your name for our Bank to transfer the fund by bank to bank though or online banking the only option we have now is we can open WESTERN UNION online banking for you and credit athlete two Million Dollars but the maximum amount you will be able to be transferred every week is $250,000.00 as reflected in our transfer system daily until the funds is completely transferred. This special arrangement is being used to avoid all scrupulous demands by both the states and federal authorities that have previously delayed your payment till date; we shall need your maximum co-operation to ensure that strictness and confidence is maintained to avoid any further delays. Your first bag two Million Dollars will be credited. We believed that with this $2.Million Dollars all the problems regarding this fund will be solved. This is why we need to create western union online banking for you. Website: www.wu-global.com First Name:......................... Surname:......................... Date of Birth:......................... Your email address:......................... Any Password that you want to use to credit:......................... street address:......................... your phone number:......................... City:......................... Postcode:......................... Thanks Bank Management. --0000000000000f06b305d0a3c030 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

If you don't want to get the fund docume= nts in your name for our Bank to transfer the fund by bank to bank though o= r online banking the only option we have now is we can open WESTERN UNION o= nline banking for you and credit athlete two Million Dollars but the maximu= m amount you will be able to be transferred every week is $250,000.00 as re= flected in our transfer system daily until the funds is completely transfer= red. This special arrangement is being used to avoid all scrupulous demands= by both the states and federal authorities that have previously delayed yo= ur payment till date; we shall need your maximum co-operation to ensure tha= t strictness and confidence is maintained to avoid any further delays. Your= first bag two Million Dollars will be credited.

We believed that wi= th this $2.Million Dollars all the problems regarding this fund will be sol= ved.

This is why we need to create western union online banking for = you. Website: www.wu-global.com
First Name:.........................
Surname:......................= ...
Date of Birth:.........................
Your email address:......= ...................
Any Password that you want to use to credit:........= .................
street address:.........................
your phone= number:.........................
City:.........................
Post= code:.........................

Thanks
Bank Management.
--0000000000000f06b305d0a3c030-- From jhardin@impsec.org Sat Nov 13 21:01:54 2021 +0300 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 91751 invoked by uid 99); 14 Nov 2021 15:50:43 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 14 Nov 2021 15:50:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 546A3BFD31 for ; Sun, 14 Nov 2021 15:50:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 1.535 X-Spam-Level: * X-Spam-Status: No, score=1.535 tagged_above=-999 required=6.31 tests=[FREEMAIL_REPLYTO_END_DIGIT=0.25, RCVD_IN_VALIDITY_RPBL=1.284, SPF_NONE=0.001] autolearn=disabled Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id vN69hb0tV8Nu for ; Sun, 14 Nov 2021 15:50:41 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=162.217.146.250; helo=mail.pos-demo.site; envelope-from=info@horsesstation.net; receiver= Received: from mail.pos-demo.site (mail.pos-demo.site [162.217.146.250]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 74AED7E99F for ; Sun, 14 Nov 2021 15:50:41 +0000 (UTC) Received: from DESKTOP-KKC61N3.zuku.co.ke ([102.140.247.42]) by home with MailEnable ESMTPA; Sat, 13 Nov 2021 22:02:33 +0400 Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: RE To: Recipients From: "Sgt Irene" Date: Sat, 13 Nov 2021 21:01:54 +0300 Reply-To: sgtireneb2@gmail.com Message-ID: <70B389015C094BEB96090598AC440FFF.MAI@home> Status: X-Status: X-Keywords: X-UID: 351 I wish to notify you about my blessed deal in your Favor from Camp Casey, S= outh Korea promoting peace around the Korean Peninsula. Will give you furth= er information once i hear from you. Thank you for your time and God bless = Sgt. I From sontra.danang@toaan.gov.vn Mon Nov 15 00:50:56 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************************** X-Spam-Status: Yes, score=27.2 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_99,BAYES_999,DEAR_WINNER,FILL_THIS_FORM,FILL_THIS_FORM_LONG, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HK_LOTTO,HK_WIN,HTML_MESSAGE,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, RCVD_IN_PSBL,RELAY_COUNTRY_VN,SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.5 RELAY_COUNTRY_VN Relayed via Vietnam * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [222.255.0.41 listed in psbl.surriel.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [pbph202lay2[at]gmail.com] * 3.1 DEAR_WINNER BODY: Spam with generic salutation of "dear winner" * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.0 HK_WIN No description available. * 1.0 HK_LOTTO No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money X-Spam-Relay-Country: VN ** ** ** GB Received: from smtp.toaan.gov.vn (smtp.toaan.gov.vn [222.255.0.41]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AF6opcs014579 for ; Mon, 15 Nov 2021 00:50:55 -0600 X-AuditID: 0a011333-1dfb0700000021f3-c8-6191fe6b37ce Received: from mail.toaan.gov.vn (TATC-EX01-NEW.toaan.gov.vn [10.1.17.53]) by smtp.toaan.gov.vn (Symantec Messaging Gateway) with SMTP id 15.16.08691.B6EF1916; Mon, 15 Nov 2021 13:30:03 +0700 (+07) To: undisclosed-recipients:; Received: from TATC-EX01.toaan.gov.vn (10.1.17.52) by TATC-EX01-NEW.toaan.gov.vn (10.1.17.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Mon, 15 Nov 2021 02:54:18 +0700 Received: from TATC-EX01.toaan.gov.vn ([fe80::20de:bd7:dec2:46e2]) by TATC-EX01.toaan.gov.vn ([fe80::20de:bd7:dec2:46e2%5]) with mapi id 15.01.2308.008; Mon, 15 Nov 2021 02:55:04 +0700 From: "sontra.danang" Subject: [SPAM] UNITED KINGDOM NATIONAL LOTTO PROGRAM. Thread-Topic: UNITED KINGDOM NATIONAL LOTTO PROGRAM. Thread-Index: AdfZhm6OvPEoM08pQNCxldVELomrSQAAABQgAAAAJvAAAAAksAAAACOgAAAAKAAAAAAk8AAAACcgAAAAJRAAAAAq0AAAACiQAAAAJ8AAAAAqUAAAAClAAAAAKtAAAAApwAAAADPgAAAAKkAAAAAsYAAAACyQAAAAKlAAAAArQAAAACqQAAAAKvAAAAAqEA== Date: Sun, 14 Nov 2021 19:55:03 +0000 Message-ID: Reply-To: "pbph202lay2@gmail.com" Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [217.138.202.62] Content-Type: multipart/alternative; boundary="_000_aec61ceddf4e41e8809aeeef1f32b2c6toaangovvn_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA02Ta0xTZxjH855zek7twiwX9R0aF9kQIwPrAPcsyrZkHzyLkciWxW3ZgIKd GAgzrXJZ4lIUHLTAQAWlDQqkFix3BByXQi13RmFyvwjB0cK4FJywcBVWqEv49svzvzzP++Hl knZG2pF7KeyKSBwmDHWieRQP2Xq5hWykCAXD5XtAm9LPgLy6lAHDb0kkpLV9BQ1/PmHg4YCa hMz+WQrkN8soeGj+g4IGWRkDyb3rBJiqxmhIaq22qAWNDFT3FZMw9thEw2TVfRKe1k0hqC0f 5cDk7RgG8hMLaBgu6qMhewLgTvcKAm26igLjppyE3thVBm52TCNYM/0Ac81xHNBoDoLurpKA tOFXBGgajQjUtSxUxFfSMLeQRIC5roMA/dNGDjz+x7K4OaWChpd/FTHQXSKzlKXlcKBlWk+B NnudAmnfh1A4qyJAubpIQf+wZbtRl0HDsuoRCfO130DespICjT6dgK5ey1syyrsYqBpgQaGz h+wboyR0xM4wkKPppKGqKIaEdsM6+dkow96d2+CweRnBbE7MJsHGTjZR7IJsmGILitUUm6kr I9nX0SqKld6Ip1m5MpVgk+N7aVZR30Ox09XzNNuaep1iV3TPSTZuSUadU3C+4526IAq9FC4S H/skgBecr/v+stol0rQ4TkqRwUmGdnEx3xM35v3LkSEe147fjHBPiYHcEhz4B3CGcvyNYEa4 0xS9LdjxaxBOXae3mOYL8JDWTGyxvYVVU0WUDHEtYS9cOue8lXXgdyDc+yJ2O0vxnbEqM2E7 a8M/iZNyG990foxHs9o5W4z4e/FSW/52J8nfh4eMDwjrpXysqukkrbwHT41vcKzshH8t72Gs /kD8oiQGWfttcWu6kUpG9oodVYodNsUOm3XujgdS79BWdsXqrBnSym743oae2jnPRIwG8STh YjdR5MUIwfFStP0R7D1+R6aEeXc9IrhIjzCXdHKwCUhLEdrZXBBG/SwS/+QvvhoqkujRfi7l tM9GJzoWYMe/KLwiChGJLovE/6sEd5ejlEjxWh0Q9PvFBkYVCnxcTnr7pXpOHQgeeBY4mO5/ PVkbdq2j5fVit4dtccJo3e707vNDiQ98gj6I+5TaqOCeWGmQzssP3luTvDVZf37C9e8of0kI HaGM526+fXS5MuPJWtQqfma/m/ejb/Av72JB89XVir3Xxs58aXDPnXP09s2xb2vifov9i1/l Kh95HD6Sfej+kSa/EfNhodxz0LnAda1lVjjhfsLN59bn9bfaFw49PxddlJx9+yNBf3NQ0GLh 2ZUvJociBfidfuNI1qB3oHpCehrJu9oT96eN9AQn+dYk+JpLfMTJLu8rHb5eKmqdDnkZcCrc tnIm4k641i73rKeh8L3TTpQkWHj8KCmWCP8D4qyznXcEAAA= X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 15 Nov 2021 00:50:56 -0600 (CST) for IP:'222.255.0.41' DOMAIN:'smtp.toaan.gov.vn' HELO:'smtp.toaan.gov.vn' FROM:'sontra.danang@toaan.gov.vn' RCPT:'' X-Greylist: Delayed for 00:15:04 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 15 Nov 2021 00:50:56 -0600 (CST) X-Spam-Prev-Subject: UNITED KINGDOM NATIONAL LOTTO PROGRAM. Status: R X-Status: X-Keywords: X-UID: 352 Content-Length: 4897 --_000_aec61ceddf4e41e8809aeeef1f32b2c6toaangovvn_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear Lucky Winner, We are pleased to inform you of the result of the just concluded annual fin= al draws of UNITED KINGDOM NATIONAL LOTTO PROGRAM. After this automated com= puter ballot, your e-mail address emerged as one of Four winners in the cat= egory \\"A\\" You are therefore been approve to claim the sum= of =A32,000,000.00 (Two Million British Pounds Sterling) with the informat= ion below: REF No: UK/PB2021LAY2 SERIAL No: 56475600547777 BATCH No: 074/77/ZY369/BRT To file for your claim, Contact the processing Consultant: Contact Person: Peter Wong Email: peter0wong@naver.com Do fill out the claims form to Mr. Peter Wong, in other to process the clai= ms of your prize without delay. PAYMENT PROCESSING FORM (1)FULL NAME: (2)FULL ADDRESS: (3)NATIONALITY: (4)DATE OF BIRTH: (5)OCCUPATION: (6)TELEPHONE NUMBER: (7)SEX: Sincerely, Online Co-coordinator NATIONAL LOTTERY. --_000_aec61ceddf4e41e8809aeeef1f32b2c6toaangovvn_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Dear Lucky Winner,

 

We are pleased to inform you of the result of the ju= st concluded annual final draws of UNITED KINGDOM NATIONAL LOTTO PROGRAM. A= fter this automated computer ballot, your e-mail address emerged as one of = Four winners in the category \\"A\\" You are therefore been appro= ve to claim the sum of =A32,000,000.00 (Two Million British Pounds Sterling= ) with the information below:

 

REF No: UK/PB2021LAY2

SERIAL No: 56475600547777

BATCH No: 074/77/ZY369/BRT

 

To file for your claim, Contact the processing Consu= ltant:

 

Contact Person: Peter Wong

Email: peter= 0wong@naver.com

 

Do fill out the claims form to Mr. Peter Wong, in ot= her to process the claims of your prize without delay.

 

PAYMENT PROCESSING FORM

 

(1)FULL NAME:

(2)FULL ADDRESS:

(3)NATIONALITY:

(4)DATE OF BIRTH:

(5)OCCUPATION:

(6)TELEPHONE NUMBER:

(7)SEX:

 

Sincerely,

Online Co-coordinator

NATIONAL LOTTERY.

--_000_aec61ceddf4e41e8809aeeef1f32b2c6toaangovvn_-- From mrssonia.kadi@gmail.com Thu Nov 18 17:53:12 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.4 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_80,DATE_IN_PAST_12_24,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FILL_THIS_FORM,FORM_FRAUD_5,FREEMAIL_FROM,HTML_MESSAGE, LOTS_OF_MONEY,MONEY_FRAUD_5,NA_DOLLARS,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL,SPF_HELO_NONE,SPF_PASS,T_FILL_THIS_FORM_LOAN, T_HK_NAME_FM_MR_MRS,T_MONEY_PERCENT,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9407] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [209.85.208.67 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrmichael.bishop00[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.67 listed in wl.mailspike.net] * 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: * date * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.5 NA_DOLLARS BODY: Talks about a million North American dollars * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.0 FILL_THIS_FORM Fill in a form with personal information * 0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s) * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases * 1.2 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AINr6TK003174 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 18 Nov 2021 17:53:12 -0600 Received: by mail-ed1-f67.google.com with SMTP id x6so22887798edr.5 for ; Thu, 18 Nov 2021 15:53:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=SUK2k+sRJqGmw0DyBtcM30r+u0vnPs+BuiYLP94f3hA=; b=ElbZS9dyE0Sx1mqx/OXSmX+z0E19WAEu+2iPG0zD6BSgyzWIghaaPVzPp7X08wUqI/ B5kK8dSKETrUeqA3g3Vz2uwVc4EBnn3toO79UTDX7MpqP/BNlERzy8fnKwfktgP4+khY MVeuab7e5fRpiwA+AjGJH1bNvb9YzERUxmS9chHJ1NBwJqxMKPoyrq6kUEBBPtIyOfYL 9wD2Dj7nAPdNgeCwXkkFH2ybcgMGaO4D+VC3PZ+Dsi4r2FzyOdhjG+AKD+UWA20WSirK 3HRoxV69eM5S1uV+lEAlM9dx/JdFTCptArb6nKLlGlExjqB8CxKDP1wm6t6BYjGwcTBl Birw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SUK2k+sRJqGmw0DyBtcM30r+u0vnPs+BuiYLP94f3hA=; b=zwh1qECA77rkL484jpqBLU3PpRemS5eHk4XwGtdTa+qfITOC44SF4jT3QUoQxQrzUd sO4tuZzmOLhqQAtozBJKChHgTABAhlYYNllk951QWw+16/rXT2Vm883M4Gq/zqAolLY0 /DRM2aL9fvdPk7gs3Mr1y7be7dDWGkr6K4CZKMRfjQ7DdbB/0MCiO/Wv9vThef4viTJU SwsFp9PKzPqpIDh81v3Kc5xZhyYerkjOVL287mkjJwFdqCdgRIUr7lcDsbg9HJwl/Oro rfWaXNKz5uoobz+RzqEweqFbzbh67iQx3gw9PtrIfPSjT2sNc7xcz6toLHj6B8Lhv03U 2MAA== X-Gm-Message-State: AOAM532SJFIX1dRI5kya9wh2POA0STP75pnBq4CtwGZUs6clHeyedc7I BUQXx9IJTp2h+fnUTTScPJG+u76HigmnTN9L/PI= X-Google-Smtp-Source: ABdhPJyoYxjgFqYo7I3ZImw8+5b93mj/Bh5fiSwp+Tl5b3UrfLW5gOc27v8PQScppG8/wHu1yqU2YrTKGeHQ7sEghQ0= X-Received: by 2002:a17:906:788:: with SMTP id l8mr1812250ejc.548.1637279583852; Thu, 18 Nov 2021 15:53:03 -0800 (PST) MIME-Version: 1.0 From: "Mr. Michael Bishop" Date: Wed, 17 Nov 2021 22:52:39 -0800 Message-ID: Subject: [SPAM] Hello Friend To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="000000000000fe5cb805d118db67" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Nov 2021 17:53:12 -0600 (CST) for IP:'209.85.208.67' DOMAIN:'mail-ed1-f67.google.com' HELO:'mail-ed1-f67.google.com' FROM:'mrssonia.kadi@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 18 Nov 2021 17:53:12 -0600 (CST) X-Spam-Prev-Subject: Hello Friend Status: R X-Status: X-Keywords: X-UID: 353 Content-Length: 2733 --000000000000fe5cb805d118db67 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello Friend, I am Mr.Michael Bishop. and I work with UNITED BANK For AFRICA. Please Can you use ATM Visa card to withdraw money at ATM cash machine in your country? I want to transfer money to you from my country; it=E2=80=99s part of money= taken by some old politician that was forced out of power.I will change the account details to yours, and apply for a visa card with your details in our bank, they will send the visa card to you and you will be withdrawing money with it and always send my own percentage of the money, and the money we are talking about is $11.5Million us dollars. Whatever amount you withdraw daily, you will send 50% to me and you will take 50%, the visa card and the bank account will be on your name, you can contact me with your private email I.D (mrmichael.bishop00@gmail.co= m ) I will be waiting for your information as soon as possible. Your name.......................... Age........................... Sex........................... Country....................... Occupation.................... Phone number........................ Best Regards. From Mr.Michael Bishop --000000000000fe5cb805d118db67 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=C2=A0Hello Friend, I am Mr.Michael Bishop. and I work wit= h UNITED BANK For AFRICA. Please Can you use ATM Visa card to withdraw mone= y at ATM cash machine in your country?
=C2=A0
I want to transfer mone= y to you from my country; it=E2=80=99s part of money taken by some old poli= tician that was forced out of power.I will change the account details to yo= urs, and apply for a visa card with your details in our bank,
=C2=A0
= they will send the visa card to you and you will be withdrawing money with = it and always send my own percentage of the money,

and the money we= are talking about is $11.5Million us dollars. Whatever amount you withdraw= daily, you will send 50% to me and you will take 50%, the visa card and th= e bank account will be on your name,
you can contact me with your priva= te email I.D (mrmichael.bis= hop00@gmail.com)
=C2=A0
I will be waiting for your information as= soon as possible.

Your name..........................

Age..= .........................

Sex...........................

Co= untry.......................

Occupation....................

= Phone number........................

=C2=A0Best Regards.

From=

Mr.Michael Bishop
--000000000000fe5cb805d118db67-- From expoimpo2000@gmail.com Sat Nov 20 18:25:01 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************* X-Spam-Status: Yes, score=13.4 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_80,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FRAUD_8, MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS,SUBJ_ALL_CAPS,T_HK_NAME_FM_MR_MRS, T_MONEY_PERCENT,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8262] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.67 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.67 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [expoimpo2000[at]gmail.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [yousefzongo5722[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [expoimpo2000[at]gmail.com] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AL0Os65033267 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 20 Nov 2021 18:25:00 -0600 Received: by mail-lf1-f67.google.com with SMTP id bi37so61774367lfb.5 for ; Sat, 20 Nov 2021 16:24:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=MdPOSP4E0dm3Pe3Hdqt216qxaOvAQQUTEhIkI5PQL/M=; b=SIYMIW/OC8V9/VpG40CqEvtrYOzF6/uFhwhVOki/M6/j15C2zYpdfTfgowBLcM/ElC udTFQhEvU3PRf1ufFaazI770XPjRMsqMBBo4usSjxxed8hymS/k3ZeDxbBDSegjBW0JB T2pxge/dpZ9vo8XSMPMcIOOc3LrOhUbokMM3KHq9BHmBqWAZ13eeiOVHBZ58xEj2c0D9 i4vs6YCR1uIoBgrkxoRj0KF+QbdBE0VT06L6XvdMZcha4QLGsMpMrrKZhB+ITU3oeKvU ByfHRuNkZ/a4s3UVhoAzcb33qWEjJQc1f6sJ7s0cBOuG46JnPg8veLNrAUxDHqx98UZs g6tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=MdPOSP4E0dm3Pe3Hdqt216qxaOvAQQUTEhIkI5PQL/M=; b=zxNMa8KrnoJPVzBo9cJgIZtV5RFHrJt2J8YTGchxOwt17sfQ4EICRMYm/i40FYF5CR hKHIvwyeW1XuFe//UFMytF0ztuRZDzenUv4XDzF6BueLR13BjjVZZcraeDa5+UPN7yLN J/jyhR/tJcB1wmzDktxZrb0FchWa6gKFpqD0390X3jdiFKthx1fXp3xBrFBhy927IOMq 8pxGOpNZ8yc6H7VVefvf4zGzd4fPq0ncOCfhzUoTZKhenwgn0fq8K4YmcylLIjbVMS4S PnDCsi6SaW4VoZuqCpOKQT0mFHuiO2V6HDHd7Yc1tngAeZreaA9LJm1bCMYYipOdf9js 366g== X-Gm-Message-State: AOAM531UYd/4NjXkcfYcihyrn3UYs4eYzC+ubqRhYUGZFNscQO48uzOx btMDtDttAZBDLmTaAis3jXHcEOEtZtE7XMJGLuc= X-Google-Smtp-Source: ABdhPJysVh+gMLJhvstS+l2GPNkFViu0zq9FGHjT2kS6/vJHFsI/7CCtFrC0ChkJo5N4CNNRBoQq0+19KX1DSNhLCmM= X-Received: by 2002:a2e:a7c6:: with SMTP id x6mr38098986ljp.328.1637454290063; Sat, 20 Nov 2021 16:24:50 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ac2:5ec6:0:0:0:0:0 with HTTP; Sat, 20 Nov 2021 16:24:49 -0800 (PST) Reply-To: yousefzongo5722@gmail.com From: Mr yousef zongo Date: Sat, 20 Nov 2021 16:24:49 -0800 Message-ID: Subject: [SPAM] THE AMOUNT IS 27.5 MILLIOMS USD To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Nov 2021 18:25:01 -0600 (CST) for IP:'209.85.167.67' DOMAIN:'mail-lf1-f67.google.com' HELO:'mail-lf1-f67.google.com' FROM:'expoimpo2000@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 20 Nov 2021 18:25:01 -0600 (CST) X-Spam-Prev-Subject: THE AMOUNT IS 27.5 MILLIOMS USD Status: R X-Status: X-Keywords: X-UID: 354 I am Mr yousef zongo, Hi Friend I work in United Bank for Africa (BOA) here in BURKINA FASO .I wants to transfer an abandoned sum of 27.5 millions USD to you through ATM VISA CARD .50% will be for you. No risk involved. The (BOA) bank was being used by many African Politicians to divert funds (the Politicians looted over 5billion United States dollars) to their foreign accounts and they did Not bother to know how much was transferred because the funds belonged to the 'State' that is why I also decided to put apart the sum of $27.5million Dollars which is still in our bank under my custody for a long period now! I have to give you all the required guidelines so that you do not make any mistake. If you are capable to handle the transaction Contact me for more details. Kindly reply me back to my alternative email address ( yousefzongo5722@gmail.com ) Mr yousef zongo From jhardin@impsec.org Tue Nov 23 11:46:26 2021 +0200 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 91892 invoked by uid 99); 23 Nov 2021 09:45:49 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Nov 2021 09:45:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 1C762BFD48 for ; Tue, 23 Nov 2021 09:45:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.23 X-Spam-Level: *** X-Spam-Status: No, score=3.23 tagged_above=-999 required=6.31 tests=[DEAR_SOMETHING=1.731, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLY=1, HTML_MESSAGE=0.2, SPF_PASS=-0.001, SUBJ_ALL_CAPS=0.5] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id yKKPn4ZK1tEJ for ; Tue, 23 Nov 2021 09:45:47 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::534; helo=mail-ed1-x534.google.com; envelope-from=omegagoodwill@gmail.com; receiver= Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 6E10A7EB00 for ; Tue, 23 Nov 2021 09:45:47 +0000 (UTC) Received: by mail-ed1-x534.google.com with SMTP id o20so45023324eds.10 for ; Tue, 23 Nov 2021 01:45:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=uMtgAiV5OVFpWn53QmOomgjW1jc5lFdQTe4aZ18o0LE=; b=Di2Nc8tZ3TioXy8NYyvmV3CTSwtq5+gGXiePmgNcBwMe6oSsUOmfZqp5zhWkrP9XDZ XfJuke7C1G50SRqKkltF0NpFGv+A2IAsZY064at5IR7hQ0H6ViKDWKo8zjRxV1ARPMiL p9qysXEcdF7XRhYnr7hz1BTJzCUByPPm1r9F9zaZU5nUMVJ6PcQdhcQWIJyibQGIZJge XPqscstBGcItVq5GGa7Po42+TJtkNq5MHU04pULEFqbnwqg44WLHNsYvouTTNFK6SUZV zT1oeb5pKMxzWny5gzYy26D9no1RY17mXOO3ZfX/QNE6yO/gfhKdLcZO9SsDzL10y9aZ iO4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=uMtgAiV5OVFpWn53QmOomgjW1jc5lFdQTe4aZ18o0LE=; b=e8I0PuDXqeWklE8RABGbdaqu7jrXHhkPqzwxOFdISgm53/WhcIIhoo7bCSwlGdprS+ igqx/9E67xJsMkGMRnSA4Byjs7g5GvWehDAlnIEjLOLGqX6YLzBA1AcRupV1jtxIAVl2 o6upPyczZ+c/loSC7UMDAlOAR2TcbF1EihIjoT83W/JeVlJxfZ8pIZdpGfv+21a++SBk 8aaqmvBB5OTgsdhZDRFDprfXzP2gywqtTGYwnvgfkEZN0Som3mXrLaRxuR28EGnEPRd+ B7EhJh9LZTBHPaWpQg4p8M87SUgrWZ8ZIvL8As5Wxw3cdWXW9oGbzfOS8U2hJOQdWDOs iMag== X-Gm-Message-State: AOAM5309iRSU2dH8AyB1BQBfgeF8THxi3zkkvUGfsw15mW7gK3WXKhrf j8VR9PZNRWEZACII/TeIK+UZ0ubvQCkS5sLSFV8= X-Google-Smtp-Source: ABdhPJwnYLEV4tPkhMNcuBOJ4x3XDRRcNiyqQ8v7AExSuprOBwzNe06TaKJiyQnqTF8uVYgN7Qlk59OmxYFMDCQ0u88= X-Received: by 2002:a17:906:9b92:: with SMTP id dd18mr5972099ejc.290.1637660745621; Tue, 23 Nov 2021 01:45:45 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Goodwill Omega Date: Tue, 23 Nov 2021 11:46:26 +0200 Message-ID: Subject: RE=INVESTMENT PROJECT To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/mixed; boundary="000000000000019e2805d1719bc6" Status: X-Status: X-Keywords: X-UID: 355 Content-Length: 47008 --000000000000019e2805d1719bc6 Content-Type: multipart/alternative; boundary="000000000000019e2605d1719bc4" --000000000000019e2605d1719bc4 Content-Type: text/plain; charset="UTF-8" Dear Sir, Kindly read attached Investment Opportunity and get back to me if you are interested. Regards, Gerald Owen. Email: gerald.owen50@outlook.com --000000000000019e2605d1719bc4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
=C2=A0
Dear Sir,
Kindly read attached Investment Opportunity and get b= ack to me if you are interested.
Regards,
Gerald Owen.
Email: =C2= =A0gerald.ow= en50@outlook.com
--000000000000019e2605d1719bc4-- --000000000000019e2805d1719bc6 X-Content-Security: [ga] original Content-Type was application/rtf; Content-Type: APPLICATION/DEFANGED; name="Investment Project.46809DEFANGED-rtf" Content-Disposition: attachment; filename="Investment Project.46809DEFANGED-rtf" Content-ID: X-Attachment-Id: f_kmcy3zd40 Content-Transfer-Encoding: base64 e1xydGYxXGFkZWZsYW5nMTAyNVxhbnNpXGFuc2ljcGcxMjUyXHVjMVxhZGVmZjBcZGVmZjBcc3Rz aGZkYmNoMzE1MDVcc3RzaGZsb2NoMzE1MDZcc3RzaGZoaWNoMzE1MDZcc3RzaGZiaTBcZGVmbGFu ZzEwMzNcZGVmbGFuZ2ZlMTAzM1x0aGVtZWxhbmcxMDMzXHRoZW1lbGFuZ2ZlMFx0aGVtZWxhbmdj czB7XGZvbnR0Ymx7XGYwXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAw MjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fXtcZjM0XGZiaWRpIFxmcm9tYW5c ZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMjA0MDUwMzA1MDQwNjAzMDIwNH1DYW1icmlhIE1h dGg7fQ0Ke1xmMzdcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMGYw NTAyMDIwMjA0MDMwMjA0fUNhbGlicmk7fXtcZmxvbWFqb3JcZjMxNTAwXGZiaWRpIFxmcm9tYW5c ZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMjAyMDYwMzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcg Um9tYW47fQ0Ke1xmZGJtYWpvclxmMzE1MDFcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7 XCpccGFub3NlIDAyMDIwNjAzMDUwNDA1MDIwMzA0fVRpbWVzIE5ldyBSb21hbjt9e1xmaGltYWpv clxmMzE1MDJcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDQwNTAz MDUwNDA2MDMwMjA0fUNhbWJyaWE7fQ0Ke1xmYmltYWpvclxmMzE1MDNcZmJpZGkgXGZyb21hblxm Y2hhcnNldDBcZnBycTJ7XCpccGFub3NlIDAyMDIwNjAzMDUwNDA1MDIwMzA0fVRpbWVzIE5ldyBS b21hbjt9e1xmbG9taW5vclxmMzE1MDRcZmJpZGkgXGZyb21hblxmY2hhcnNldDBcZnBycTJ7XCpc cGFub3NlIDAyMDIwNjAzMDUwNDA1MDIwMzA0fVRpbWVzIE5ldyBSb21hbjt9DQp7XGZkYm1pbm9y XGYzMTUwNVxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwMjA2MDMw NTA0MDUwMjAzMDR9VGltZXMgTmV3IFJvbWFuO317XGZoaW1pbm9yXGYzMTUwNlxmYmlkaSBcZnN3 aXNzXGZjaGFyc2V0MFxmcHJxMntcKlxwYW5vc2UgMDIwZjA1MDIwMjAyMDQwMzAyMDR9Q2FsaWJy aTt9DQp7XGZiaW1pbm9yXGYzMTUwN1xmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MFxmcHJxMntcKlxw YW5vc2UgMDIwMjA2MDMwNTA0MDUwMjAzMDR9VGltZXMgTmV3IFJvbWFuO317XGYzMDBcZmJpZGkg XGZyb21hblxmY2hhcnNldDIzOFxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gQ0U7fXtcZjMwMVxmYmlk aSBcZnJvbWFuXGZjaGFyc2V0MjA0XGZwcnEyIFRpbWVzIE5ldyBSb21hbiBDeXI7fQ0Ke1xmMzAz XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxNjFcZnBycTIgVGltZXMgTmV3IFJvbWFuIEdyZWVrO317 XGYzMDRcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2MlxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gVHVy O317XGYzMDVcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3N1xmcHJxMiBUaW1lcyBOZXcgUm9tYW4g KEhlYnJldyk7fXtcZjMwNlxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTc4XGZwcnEyIFRpbWVzIE5l dyBSb21hbiAoQXJhYmljKTt9DQp7XGYzMDdcZmJpZGkgXGZyb21hblxmY2hhcnNldDE4NlxmcHJx MiBUaW1lcyBOZXcgUm9tYW4gQmFsdGljO317XGYzMDhcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2 M1xmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKFZpZXRuYW1lc2UpO317XGY2NDBcZmJpZGkgXGZyb21h blxmY2hhcnNldDIzOFxmcHJxMiBDYW1icmlhIE1hdGggQ0U7fXtcZjY0MVxmYmlkaSBcZnJvbWFu XGZjaGFyc2V0MjA0XGZwcnEyIENhbWJyaWEgTWF0aCBDeXI7fQ0Ke1xmNjQzXGZiaWRpIFxmcm9t YW5cZmNoYXJzZXQxNjFcZnBycTIgQ2FtYnJpYSBNYXRoIEdyZWVrO317XGY2NDRcZmJpZGkgXGZy b21hblxmY2hhcnNldDE2MlxmcHJxMiBDYW1icmlhIE1hdGggVHVyO317XGY2NDdcZmJpZGkgXGZy b21hblxmY2hhcnNldDE4NlxmcHJxMiBDYW1icmlhIE1hdGggQmFsdGljO317XGY2NDhcZmJpZGkg XGZyb21hblxmY2hhcnNldDE2M1xmcHJxMiBDYW1icmlhIE1hdGggKFZpZXRuYW1lc2UpO30NCntc ZjY3MFxmYmlkaSBcZnN3aXNzXGZjaGFyc2V0MjM4XGZwcnEyIENhbGlicmkgQ0U7fXtcZjY3MVxm YmlkaSBcZnN3aXNzXGZjaGFyc2V0MjA0XGZwcnEyIENhbGlicmkgQ3lyO317XGY2NzNcZmJpZGkg XGZzd2lzc1xmY2hhcnNldDE2MVxmcHJxMiBDYWxpYnJpIEdyZWVrO317XGY2NzRcZmJpZGkgXGZz d2lzc1xmY2hhcnNldDE2MlxmcHJxMiBDYWxpYnJpIFR1cjt9DQp7XGY2NzdcZmJpZGkgXGZzd2lz c1xmY2hhcnNldDE4NlxmcHJxMiBDYWxpYnJpIEJhbHRpYzt9e1xmNjc4XGZiaWRpIFxmc3dpc3Nc ZmNoYXJzZXQxNjNcZnBycTIgQ2FsaWJyaSAoVmlldG5hbWVzZSk7fXtcZmxvbWFqb3JcZjMxNTA4 XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMzhcZnBycTIgVGltZXMgTmV3IFJvbWFuIENFO30NCntc ZmxvbWFqb3JcZjMxNTA5XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMDRcZnBycTIgVGltZXMgTmV3 IFJvbWFuIEN5cjt9e1xmbG9tYWpvclxmMzE1MTFcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2MVxm cHJxMiBUaW1lcyBOZXcgUm9tYW4gR3JlZWs7fXtcZmxvbWFqb3JcZjMxNTEyXGZiaWRpIFxmcm9t YW5cZmNoYXJzZXQxNjJcZnBycTIgVGltZXMgTmV3IFJvbWFuIFR1cjt9DQp7XGZsb21ham9yXGYz MTUxM1xmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTc3XGZwcnEyIFRpbWVzIE5ldyBSb21hbiAoSGVi cmV3KTt9e1xmbG9tYWpvclxmMzE1MTRcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3OFxmcHJxMiBU aW1lcyBOZXcgUm9tYW4gKEFyYWJpYyk7fXtcZmxvbWFqb3JcZjMxNTE1XGZiaWRpIFxmcm9tYW5c ZmNoYXJzZXQxODZcZnBycTIgVGltZXMgTmV3IFJvbWFuIEJhbHRpYzt9DQp7XGZsb21ham9yXGYz MTUxNlxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTYzXGZwcnEyIFRpbWVzIE5ldyBSb21hbiAoVmll dG5hbWVzZSk7fXtcZmRibWFqb3JcZjMxNTE4XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMzhcZnBy cTIgVGltZXMgTmV3IFJvbWFuIENFO317XGZkYm1ham9yXGYzMTUxOVxmYmlkaSBcZnJvbWFuXGZj aGFyc2V0MjA0XGZwcnEyIFRpbWVzIE5ldyBSb21hbiBDeXI7fQ0Ke1xmZGJtYWpvclxmMzE1MjFc ZmJpZGkgXGZyb21hblxmY2hhcnNldDE2MVxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gR3JlZWs7fXtc ZmRibWFqb3JcZjMxNTIyXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxNjJcZnBycTIgVGltZXMgTmV3 IFJvbWFuIFR1cjt9e1xmZGJtYWpvclxmMzE1MjNcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3N1xm cHJxMiBUaW1lcyBOZXcgUm9tYW4gKEhlYnJldyk7fQ0Ke1xmZGJtYWpvclxmMzE1MjRcZmJpZGkg XGZyb21hblxmY2hhcnNldDE3OFxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKEFyYWJpYyk7fXtcZmRi bWFqb3JcZjMxNTI1XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxODZcZnBycTIgVGltZXMgTmV3IFJv bWFuIEJhbHRpYzt9e1xmZGJtYWpvclxmMzE1MjZcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2M1xm cHJxMiBUaW1lcyBOZXcgUm9tYW4gKFZpZXRuYW1lc2UpO30NCntcZmhpbWFqb3JcZjMxNTI4XGZi aWRpIFxmcm9tYW5cZmNoYXJzZXQyMzhcZnBycTIgQ2FtYnJpYSBDRTt9e1xmaGltYWpvclxmMzE1 MjlcZmJpZGkgXGZyb21hblxmY2hhcnNldDIwNFxmcHJxMiBDYW1icmlhIEN5cjt9e1xmaGltYWpv clxmMzE1MzFcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2MVxmcHJxMiBDYW1icmlhIEdyZWVrO317 XGZoaW1ham9yXGYzMTUzMlxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTYyXGZwcnEyIENhbWJyaWEg VHVyO30NCntcZmhpbWFqb3JcZjMxNTM1XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxODZcZnBycTIg Q2FtYnJpYSBCYWx0aWM7fXtcZmhpbWFqb3JcZjMxNTM2XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQx NjNcZnBycTIgQ2FtYnJpYSAoVmlldG5hbWVzZSk7fXtcZmJpbWFqb3JcZjMxNTM4XGZiaWRpIFxm cm9tYW5cZmNoYXJzZXQyMzhcZnBycTIgVGltZXMgTmV3IFJvbWFuIENFO30NCntcZmJpbWFqb3Jc ZjMxNTM5XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMDRcZnBycTIgVGltZXMgTmV3IFJvbWFuIEN5 cjt9e1xmYmltYWpvclxmMzE1NDFcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2MVxmcHJxMiBUaW1l cyBOZXcgUm9tYW4gR3JlZWs7fXtcZmJpbWFqb3JcZjMxNTQyXGZiaWRpIFxmcm9tYW5cZmNoYXJz ZXQxNjJcZnBycTIgVGltZXMgTmV3IFJvbWFuIFR1cjt9DQp7XGZiaW1ham9yXGYzMTU0M1xmYmlk aSBcZnJvbWFuXGZjaGFyc2V0MTc3XGZwcnEyIFRpbWVzIE5ldyBSb21hbiAoSGVicmV3KTt9e1xm YmltYWpvclxmMzE1NDRcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3OFxmcHJxMiBUaW1lcyBOZXcg Um9tYW4gKEFyYWJpYyk7fXtcZmJpbWFqb3JcZjMxNTQ1XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQx ODZcZnBycTIgVGltZXMgTmV3IFJvbWFuIEJhbHRpYzt9DQp7XGZiaW1ham9yXGYzMTU0NlxmYmlk aSBcZnJvbWFuXGZjaGFyc2V0MTYzXGZwcnEyIFRpbWVzIE5ldyBSb21hbiAoVmlldG5hbWVzZSk7 fXtcZmxvbWlub3JcZjMxNTQ4XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMzhcZnBycTIgVGltZXMg TmV3IFJvbWFuIENFO317XGZsb21pbm9yXGYzMTU0OVxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MjA0 XGZwcnEyIFRpbWVzIE5ldyBSb21hbiBDeXI7fQ0Ke1xmbG9taW5vclxmMzE1NTFcZmJpZGkgXGZy b21hblxmY2hhcnNldDE2MVxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gR3JlZWs7fXtcZmxvbWlub3Jc ZjMxNTUyXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxNjJcZnBycTIgVGltZXMgTmV3IFJvbWFuIFR1 cjt9e1xmbG9taW5vclxmMzE1NTNcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3N1xmcHJxMiBUaW1l cyBOZXcgUm9tYW4gKEhlYnJldyk7fQ0Ke1xmbG9taW5vclxmMzE1NTRcZmJpZGkgXGZyb21hblxm Y2hhcnNldDE3OFxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKEFyYWJpYyk7fXtcZmxvbWlub3JcZjMx NTU1XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxODZcZnBycTIgVGltZXMgTmV3IFJvbWFuIEJhbHRp Yzt9e1xmbG9taW5vclxmMzE1NTZcZmJpZGkgXGZyb21hblxmY2hhcnNldDE2M1xmcHJxMiBUaW1l cyBOZXcgUm9tYW4gKFZpZXRuYW1lc2UpO30NCntcZmRibWlub3JcZjMxNTU4XGZiaWRpIFxmcm9t YW5cZmNoYXJzZXQyMzhcZnBycTIgVGltZXMgTmV3IFJvbWFuIENFO317XGZkYm1pbm9yXGYzMTU1 OVxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MjA0XGZwcnEyIFRpbWVzIE5ldyBSb21hbiBDeXI7fXtc ZmRibWlub3JcZjMxNTYxXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxNjFcZnBycTIgVGltZXMgTmV3 IFJvbWFuIEdyZWVrO30NCntcZmRibWlub3JcZjMxNTYyXGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQx NjJcZnBycTIgVGltZXMgTmV3IFJvbWFuIFR1cjt9e1xmZGJtaW5vclxmMzE1NjNcZmJpZGkgXGZy b21hblxmY2hhcnNldDE3N1xmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKEhlYnJldyk7fXtcZmRibWlu b3JcZjMxNTY0XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxNzhcZnBycTIgVGltZXMgTmV3IFJvbWFu IChBcmFiaWMpO30NCntcZmRibWlub3JcZjMxNTY1XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQxODZc ZnBycTIgVGltZXMgTmV3IFJvbWFuIEJhbHRpYzt9e1xmZGJtaW5vclxmMzE1NjZcZmJpZGkgXGZy b21hblxmY2hhcnNldDE2M1xmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKFZpZXRuYW1lc2UpO317XGZo aW1pbm9yXGYzMTU2OFxmYmlkaSBcZnN3aXNzXGZjaGFyc2V0MjM4XGZwcnEyIENhbGlicmkgQ0U7 fQ0Ke1xmaGltaW5vclxmMzE1NjlcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDIwNFxmcHJxMiBDYWxp YnJpIEN5cjt9e1xmaGltaW5vclxmMzE1NzFcZmJpZGkgXGZzd2lzc1xmY2hhcnNldDE2MVxmcHJx MiBDYWxpYnJpIEdyZWVrO317XGZoaW1pbm9yXGYzMTU3MlxmYmlkaSBcZnN3aXNzXGZjaGFyc2V0 MTYyXGZwcnEyIENhbGlicmkgVHVyO30NCntcZmhpbWlub3JcZjMxNTc1XGZiaWRpIFxmc3dpc3Nc ZmNoYXJzZXQxODZcZnBycTIgQ2FsaWJyaSBCYWx0aWM7fXtcZmhpbWlub3JcZjMxNTc2XGZiaWRp IFxmc3dpc3NcZmNoYXJzZXQxNjNcZnBycTIgQ2FsaWJyaSAoVmlldG5hbWVzZSk7fXtcZmJpbWlu b3JcZjMxNTc4XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMzhcZnBycTIgVGltZXMgTmV3IFJvbWFu IENFO30NCntcZmJpbWlub3JcZjMxNTc5XGZiaWRpIFxmcm9tYW5cZmNoYXJzZXQyMDRcZnBycTIg VGltZXMgTmV3IFJvbWFuIEN5cjt9e1xmYmltaW5vclxmMzE1ODFcZmJpZGkgXGZyb21hblxmY2hh cnNldDE2MVxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gR3JlZWs7fXtcZmJpbWlub3JcZjMxNTgyXGZi aWRpIFxmcm9tYW5cZmNoYXJzZXQxNjJcZnBycTIgVGltZXMgTmV3IFJvbWFuIFR1cjt9DQp7XGZi aW1pbm9yXGYzMTU4M1xmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTc3XGZwcnEyIFRpbWVzIE5ldyBS b21hbiAoSGVicmV3KTt9e1xmYmltaW5vclxmMzE1ODRcZmJpZGkgXGZyb21hblxmY2hhcnNldDE3 OFxmcHJxMiBUaW1lcyBOZXcgUm9tYW4gKEFyYWJpYyk7fXtcZmJpbWlub3JcZjMxNTg1XGZiaWRp IFxmcm9tYW5cZmNoYXJzZXQxODZcZnBycTIgVGltZXMgTmV3IFJvbWFuIEJhbHRpYzt9DQp7XGZi aW1pbm9yXGYzMTU4NlxmYmlkaSBcZnJvbWFuXGZjaGFyc2V0MTYzXGZwcnEyIFRpbWVzIE5ldyBS b21hbiAoVmlldG5hbWVzZSk7fX17XGNvbG9ydGJsO1xyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxn cmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjI1NVxibHVlMjU1O1xyZWQwXGdyZWVuMjU1XGJsdWUw O1xyZWQyNTVcZ3JlZW4wXGJsdWUyNTU7XHJlZDI1NVxncmVlbjBcYmx1ZTA7XHJlZDI1NVxncmVl bjI1NVxibHVlMDsNClxyZWQyNTVcZ3JlZW4yNTVcYmx1ZTI1NTtccmVkMFxncmVlbjBcYmx1ZTEy ODtccmVkMFxncmVlbjEyOFxibHVlMTI4O1xyZWQwXGdyZWVuMTI4XGJsdWUwO1xyZWQxMjhcZ3Jl ZW4wXGJsdWUxMjg7XHJlZDEyOFxncmVlbjBcYmx1ZTA7XHJlZDEyOFxncmVlbjEyOFxibHVlMDtc cmVkMTI4XGdyZWVuMTI4XGJsdWUxMjg7XHJlZDE5MlxncmVlbjE5MlxibHVlMTkyO317XCpcZGVm Y2hwIA0KXGZzMjJcbG9jaFxhZjMxNTA2XGhpY2hcYWYzMTUwNlxkYmNoXGFmMzE1MDUgfXtcKlxk ZWZwYXAgXHFsIFxsaTBccmkwXHNhMjAwXHNsMjc2XHNsbXVsdDFcd2lkY3RscGFyXHdyYXBkZWZh dWx0XGFzcGFscGhhXGFzcG51bVxmYWF1dG9cYWRqdXN0cmlnaHRccmluMFxsaW4wXGl0YXAwIH1c bm9xZnByb21vdGUge1xzdHlsZXNoZWV0e1xxbCBcbGkwXHJpMFxzYTIwMFxzbDI3NlxzbG11bHQx DQpcd2lkY3RscGFyXHdyYXBkZWZhdWx0XGFzcGFscGhhXGFzcG51bVxmYWF1dG9cYWRqdXN0cmln aHRccmluMFxsaW4wXGl0YXAwIFxydGxjaFxmY3MxIFxhZjBcYWZzMjJcYWxhbmcxMDI1IFxsdHJj aFxmY3MwIFxmczIyXGxhbmcxMDMzXGxhbmdmZTEwMzNcbG9jaFxmMzE1MDZcaGljaFxhZjMxNTA2 XGRiY2hcYWYzMTUwNVxjZ3JpZFxsYW5nbnAxMDMzXGxhbmdmZW5wMTAzMyBcc25leHQwIFxzcWZv cm1hdCBcc3ByaW9yaXR5MCBOb3JtYWw7fXtcKg0KXGNzMTAgXGFkZGl0aXZlIFxzc2VtaWhpZGRl biBcc3VuaGlkZXVzZWQgXHNwcmlvcml0eTEgRGVmYXVsdCBQYXJhZ3JhcGggRm9udDt9e1wqDQpc dHMxMVx0c3Jvd2RcdHJmdHNXaWR0aEIzXHRycGFkZGwxMDhcdHJwYWRkcjEwOFx0cnBhZGRmbDNc dHJwYWRkZnQzXHRycGFkZGZiM1x0cnBhZGRmcjNcdHJjYnBhdDFcdHJjZnBhdDFcdGJsaW5kMFx0 YmxpbmR0eXBlM1x0c3ZlcnRhbHRcdHNicmRydFx0c2JyZHJsXHRzYnJkcmJcdHNicmRyclx0c2Jy ZHJkZ2xcdHNicmRyZGdyXHRzYnJkcmhcdHNicmRydiBccWwgXGxpMFxyaTBcc2EyMDBcc2wyNzZc c2xtdWx0MQ0KXHdpZGN0bHBhclx3cmFwZGVmYXVsdFxhc3BhbHBoYVxhc3BudW1cZmFhdXRvXGFk anVzdHJpZ2h0XHJpbjBcbGluMFxpdGFwMCBccnRsY2hcZmNzMSBcYWYwXGFmczIyXGFsYW5nMTAy NSBcbHRyY2hcZmNzMCBcZnMyMlxsYW5nMTAzM1xsYW5nZmUxMDMzXGxvY2hcZjMxNTA2XGhpY2hc YWYzMTUwNlxkYmNoXGFmMzE1MDVcY2dyaWRcbGFuZ25wMTAzM1xsYW5nZmVucDEwMzMgXHNuZXh0 MTEgXHNzZW1paGlkZGVuIFxzdW5oaWRldXNlZCANCk5vcm1hbCBUYWJsZTt9fXtcKlxyc2lkdGJs IFxyc2lkNDc4ODE3NVxyc2lkMTQ0NDQzNThccnNpZDE1NDA1NDkwfXtcbW1hdGhQclxtbWF0aEZv bnQzNFxtYnJrQmluMFxtYnJrQmluU3ViMFxtc21hbGxGcmFjMFxtZGlzcERlZjFcbWxNYXJnaW4w XG1yTWFyZ2luMFxtZGVmSmMxXG13cmFwSW5kZW50MTQ0MFxtaW50TGltMFxtbmFyeUxpbTF9e1xp bmZve1xvcGVyYXRvciA3fXtcY3JlYXRpbVx5cjIwMjBcbW81XGR5NFxocjEwXG1pbjMzfQ0Ke1xy ZXZ0aW1ceXIyMDIxXG1vM1xkeTE3XGhyNVxtaW40OX17XHZlcnNpb24zfXtcZWRtaW5zNX17XG5v ZnBhZ2VzMX17XG5vZndvcmRzMTYwfXtcbm9mY2hhcnM5MTR9e1xub2ZjaGFyc3dzMTA3Mn17XHZl cm40OTI0N319e1wqXHhtbG5zdGJsIHtceG1sbnMxIGh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5j b20vb2ZmaWNlL3dvcmQvMjAwMy93b3JkbWx9fQ0KXHBhcGVydzEyMjQwXHBhcGVyaDE1ODQwXG1h cmdsMTQ0MFxtYXJncjE0NDBcbWFyZ3QxNDQwXG1hcmdiMTQ0MFxndXR0ZXIwXGx0cnNlY3QgDQpc d2lkb3djdHJsXGZ0bmJqXGFlbmRkb2NcdHJhY2ttb3ZlczBcdHJhY2tmb3JtYXR0aW5nMVxkb25v dGVtYmVkc3lzZm9udDBccmVseW9udm1sMFxkb25vdGVtYmVkbGluZ2RhdGExXGdyZmRvY2V2ZW50 czBcdmFsaWRhdGV4bWwwXHNob3dwbGFjZWhvbGR0ZXh0MFxpZ25vcmVtaXhlZGNvbnRlbnQwXHNh dmVpbnZhbGlkeG1sMFxzaG93eG1sZXJyb3JzMFxob3J6ZG9jXGRnaHNwYWNlMTIwXGRndnNwYWNl MTIwXGRnaG9yaWdpbjE3MDENClxkZ3ZvcmlnaW4xOTg0XGRnaHNob3cwXGRndnNob3czXGpjb21w cmVzc1x2aWV3a2luZDFcdmlld3NjYWxlMTIwXHJzaWRyb290NDc4ODE3NSBcZmV0MHtcKlx3Z3Jm Zm10ZmlsdGVyIDI0NTB9XGlsZm9tYWNhdGNsbnVwMFxsdHJwYXIgXHNlY3RkIFxsdHJzZWN0XGxp bmV4MFxzZWN0ZGVmYXVsdGNsXHNmdG5iaiB7XCpccG5zZWNsdmwxXHBudWNybVxwbnN0YXJ0MVxw bmluZGVudDcyMFxwbmhhbmcge1xwbnR4dGEgLn19e1wqXHBuc2VjbHZsMg0KXHBudWNsdHJccG5z dGFydDFccG5pbmRlbnQ3MjBccG5oYW5nIHtccG50eHRhIC59fXtcKlxwbnNlY2x2bDNccG5kZWNc cG5zdGFydDFccG5pbmRlbnQ3MjBccG5oYW5nIHtccG50eHRhIC59fXtcKlxwbnNlY2x2bDRccG5s Y2x0clxwbnN0YXJ0MVxwbmluZGVudDcyMFxwbmhhbmcge1xwbnR4dGEgKX19e1wqXHBuc2VjbHZs NVxwbmRlY1xwbnN0YXJ0MVxwbmluZGVudDcyMFxwbmhhbmcge1xwbnR4dGIgKH17XHBudHh0YSAp fX17XCpccG5zZWNsdmw2DQpccG5sY2x0clxwbnN0YXJ0MVxwbmluZGVudDcyMFxwbmhhbmcge1xw bnR4dGIgKH17XHBudHh0YSApfX17XCpccG5zZWNsdmw3XHBubGNybVxwbnN0YXJ0MVxwbmluZGVu dDcyMFxwbmhhbmcge1xwbnR4dGIgKH17XHBudHh0YSApfX17XCpccG5zZWNsdmw4XHBubGNsdHJc cG5zdGFydDFccG5pbmRlbnQ3MjBccG5oYW5nIHtccG50eHRiICh9e1xwbnR4dGEgKX19e1wqXHBu c2VjbHZsOVxwbmxjcm1ccG5zdGFydDFccG5pbmRlbnQ3MjBccG5oYW5nIA0Ke1xwbnR4dGIgKH17 XHBudHh0YSApfX1ccGFyZFxwbGFpbiBcbHRycGFyXHFsIFxsaTBccmkwXG5vd2lkY3RscGFyXHdy YXBkZWZhdWx0XGZhYXV0b1xyaW4wXGxpbjBcaXRhcDAgXHJ0bGNoXGZjczEgXGFmMFxhZnMyMlxh bGFuZzEwMjUgXGx0cmNoXGZjczAgXGZzMjJcbGFuZzEwMzNcbGFuZ2ZlMTAzM1xsb2NoXGFmMzE1 MDZcaGljaFxhZjMxNTA2XGRiY2hcYWYzMTUwNVxjZ3JpZFxsYW5nbnAxMDMzXGxhbmdmZW5wMTAz MyB7XHJ0bGNoXGZjczEgDQpcYWYwXGFmczIwIFxsdHJjaFxmY3MwIFxmMFxmczIwXGNmMVxsYW5n OVxsYW5nZmUxMDMzXGxhbmducDlcaW5zcnNpZDE1NDA1NDkwXGNoYXJyc2lkMTQ0NDQzNTggXGhp Y2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIEZ1bmQgSW52ZXN0bWVudCBQcm9qZWN0LiANClxw YXIgXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIEZyb219e1xydGxjaFxmY3MxIFxhZjBc YWZzMjAgXGx0cmNoXGZjczAgXGYwXGZzMjBcY2YxXGxhbmc5XGxhbmdmZTEwMzNcbGFuZ25wOVxp bnNyc2lkMTQ0NDQzNTggXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIDp9e1xydGxjaFxm Y3MxIFxhZjBcYWZzMjAgXGx0cmNoXGZjczAgDQpcZjBcZnMyMFxjZjFcbGFuZzlcbGFuZ2ZlMTAz M1xsYW5nbnA5XGluc3JzaWQxNTQwNTQ5MFxjaGFycnNpZDE0NDQ0MzU4IFxoaWNoXGFmMFxkYmNo XGFmMzE1MDVcbG9jaFxmMCAgTXIuIEdlcmFsZCBPd2VuLiANClxwYXIgfXtccnRsY2hcZmNzMSBc YWYwXGFmczIwIFxsdHJjaFxmY3MwIFxmMFxmczIwXGNmMVxsYW5nOVxsYW5nZmUxMDMzXGxhbmdu cDlcaW5zcnNpZDE0NDQ0MzU4XGNoYXJyc2lkMTQ0NDQzNTggDQpccGFyIH17XHJ0bGNoXGZjczEg XGFmMFxhZnMyMCBcbHRyY2hcZmNzMCBcZjBcZnMyMFxjZjFcbGFuZzlcbGFuZ2ZlMTAzM1xsYW5n bnA5XGluc3JzaWQxNTQwNTQ5MFxjaGFycnNpZDE0NDQ0MzU4IFxoaWNoXGFmMFxkYmNoXGFmMzE1 MDVcbG9jaFxmMCBEZWFyIFNpciwgDQpccGFyIA0KXHBhciBcaGljaFxhZjBcZGJjaFxhZjMxNTA1 XGxvY2hcZjAgSSBnb3QgeW91ciBlbWFpbCBjb250YWN0IHRocm91Z2ggd29ybGQgb24gbGluZS4g U28gSSBkZWNpZGVkIHRvIHNlbmQgeW91IHRoaXMgZW1haWwgdG8gZmluZCBvdXQgYWJvdXQgaW52 ZXN0bWVudCBwcm9jZWR1cmVzIGluIHlvdXIgQ291bnRyeS4gDQpccGFyIA0KXHBhciBcaGljaFxh ZjBcZGJjaFxhZjMxNTA1XGxvY2hcZjAgSG93ZXZlciwgaGF2ZSB5b3UgYW55IGJ1c2luZXNzIHBs YW4gdGhhdCBuZWVkcyBmdW5kaW5nfXtccnRsY2hcZmNzMSBcYWYwXGFmczIwIFxsdHJjaFxmY3Mw IFxmMFxmczIwXGNmMVxsYW5nOVxsYW5nZmUxMDMzXGxhbmducDlcaW5zcnNpZDE0NDQ0MzU4XGNo YXJyc2lkMTQ0NDQzNTggXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwID99e1xydGxjaFxm Y3MxIFxhZjBcYWZzMjAgDQpcbHRyY2hcZmNzMCBcZjBcZnMyMFxjZjFcbGFuZzlcbGFuZ2ZlMTAz M1xsYW5nbnA5XGluc3JzaWQxNDQ0NDM1OCAufXtccnRsY2hcZmNzMSBcYWYwXGFmczIwIFxsdHJj aFxmY3MwIFxmMFxmczIwXGNmMVxsYW5nOVxsYW5nZmUxMDMzXGxhbmducDlcaW5zcnNpZDE1NDA1 NDkwXGNoYXJyc2lkMTQ0NDQzNTggXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIA0KIEkg YW0gYWN0aW5nIG9uIGJlaGFsZiBvZiB3ZWFsdGh5IExpYnlhbiBmYW1pbHkgd2hvIGFyZSBjXGhp Y2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIGF1dGlvdXMgb2Ygbm90IGV4cG9zaW5nIHRoZWly IGZpbmFuY2VzIGR1ZSB0byB0aGVpciBwb2xpdGljYWwgYWZmaWxpYXRpb24uIA0KXHBhciANClxw YXIgXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIEZvciB0aGUgc2FmZXR5IG9mIHRoZWly IGZ1bmRzLCB0aGUgSW52ZXN0b3JzIGFyZSBjYXBhYmxlIGFuZCB3aWxsaW5nIHRvIGludmVzdCBo dWdlIHN1bSBvZiBtb25leSBpbiBhbnkgYnVzaW5lc3MgYWJyb2FkIGluIGJvdGggc2hvcnQgYW5k IGxvbmcgdGVybSBwcm9qZWN0cy4gDQpccGFyIA0KXHBhciBcaGljaFxhZjBcZGJjaFxhZjMxNTA1 XGxvY2hcZjAgVGhlIGZ1bmRzIGFyZSBhdmFpbFxoaWNoXGFmMFxkYmNoXGFmMzE1MDVcbG9jaFxm MCANCmFibGUgaW4gY2FzaCBhbmQgd2lsbCBiZSByZWxlYXNlZCBzaW1wbHkgdXBvbiBwcm9vZiBv ZiBmZWFzaWJpbGl0eSBvZiB0aGUgYnVzaW5lc3MgYW5kIGRlbW9uc3RyYXRpb24gb2YgbWFuYWdl cmlhbCBza2lsbHMgYnkgdGhlIHByb2plY3QgbWFuYWdlci4gUGxlYXNlIG5vdGUsIHRoZXJlIGFy ZSBvdGhlciBwb3RlbnRpYWwgYnVzaW5lc3Mgb3Bwb3J0dW5pdGllcyBjb21pbmcgdXAuIFRoZSBl YXJsaWVyIHdlIHJlY2VpdmUgeW91ciBwcm9wb3NhbA0KXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxs b2NoXGYwICBcaGljaFxhZjBcZGJjaFxhZjMxNTA1XGxvY2hcZjAgdGhlIGJldHRlciB5b3VyIGNo YW5jZSB0byBwYXJ0bmVyIHdpdGggdXMuIA0KXHBhciANClxwYXIgXGhpY2hcYWYwXGRiY2hcYWYz MTUwNVxsb2NoXGYwIFBsZWFzZSBjb250YWN0IG1lIGF0IHRoZSBlbWFpbCBhY2NvdW50IGJlbG93 OiANClxwYXIgDQpccGFyIFxoaWNoXGFmMFxkYmNoXGFmMzE1MDVcbG9jaFxmMCBFbWFpbDpcaGlj aFxhZjBcZGJjaFxhZjMxNTA1XGxvY2hcZjAgIH17XHJ0bGNoXGZjczEgXGFmMzdcYWZzMjAgXGx0 cmNoXGZjczAgXGYzN1xmczIwXGNmMlxsYW5nOVxsYW5nZmUxMDMzXGxhbmducDlcaW5zcnNpZDE1 NDA1NDkwXGNoYXJyc2lkMTQ0NDQzNTggXGhpY2hcYWYzN1xkYmNoXGFmMzE1MDVcbG9jaFxmMzcg Z2VyYWxkLm93ZW41MEBvdXRsb29rLmNvbSANClxwYXIgfXtccnRsY2hcZmNzMSBcYWYwXGFmczIw IFxsdHJjaFxmY3MwIFxmMFxmczIwXGNmMVxsYW5nOVxsYW5nZmUxMDMzXGxhbmducDlcaW5zcnNp ZDE1NDA1NDkwXGNoYXJyc2lkMTQ0NDQzNTggDQpccGFyIFxoaWNoXGFmMFxkYmNoXGFmMzE1MDVc bG9jaFxmMCBJIGxvb2sgZm9yd2FyZCB0b3dhcmRzIHJlY2VpdmluZyB5b3VyIHByb3Bvc2FsL2Zl YXNpYmlsaXR5LiANClxwYXIgDQpccGFyIFxoaWNoXGFmMFxkYmNoXGFmMzE1MDVcbG9jaFxmMCBS ZWdhcmRzLCANClxwYXIgXGhpY2hcYWYwXGRiY2hcYWYzMTUwNVxsb2NoXGYwIE1yLiBHZXJhbGQg T3dlbi4gDQpccGFyIH17XHJ0bGNoXGZjczEgXGFmMFxhZnMyMCBcbHRyY2hcZmNzMCBcZjBcZnMy MFxjZjFcbGFuZzlcbGFuZ2ZlMTAzM1xsYW5nbnA5XGluc3JzaWQxNDQ0NDM1OFxjaGFycnNpZDE0 NDQ0MzU4IFxoaWNoXGFmMFxkYmNoXGFmMzE1MDVcbG9jaFxmMCBDb25zdWx0YW50IHRvfXtccnRs Y2hcZmNzMSBcYWYwXGFmczIwIFxsdHJjaFxmY3MwIA0KXGYwXGZzMjBcY2YxXGxhbmc5XGxhbmdm ZTEwMzNcbGFuZ25wOVxpbnNyc2lkMTU0MDU0OTBcY2hhcnJzaWQxNDQ0NDM1OCBcaGljaFxhZjBc ZGJjaFxhZjMxNTA1XGxvY2hcZjAgIEludmVzdG9yLiANClxwYXIgfXtcKlx0aGVtZWRhdGEgNTA0 YjAzMDQxNDAwMDYwMDA4MDAwMDAwMjEwMGU5ZGUwZmJmZmYwMDAwMDAxYzAyMDAwMDEzMDAwMDAw NWI0MzZmNmU3NDY1NmU3NDVmNTQ3OTcwNjU3MzVkMmU3ODZkNmNhYzkxY2I0ZWMzMzAxMDQ1Zjc0 OGZjODNlNTJkNGENCjljYjI0MDA4MjVlOTgyYzc4ZWM3YTI3Y2MwYzg5OTI0MTZjOWQ4YjJhNzU1 ZmJmNzRjZDI1NDQyYTgyMDE2NmMyY2Q5MzNmNzllM2JlMzcyYmQxZjA3YjVjMzk4OWNhNzRhYWZm MjQyMmIyNGViMWI0NzVkYTVkZjM3NGZkOWFkDQo1Njg5ODExYTE4M2M2MWE1MGY5OGY0YmFiZWJj MjgzNzg3ODA0OTg5OWE1MmE1N2JlNjcwNjc0Y2IyM2Q4ZTkwNzIxZjkwYTRkMmZhMzgwMmNiMzU3 NjI2ODBmZDgwMGVjZDc1NTFkYzE4ZWI4OTkxMzhlM2M5NDNkN2U1MDNiNg0KYjAxZDU4M2RlZWU1 Zjk5ODI0ZTI5MGI0YmEzZjM2NGVhYzRhNDMwODgzYjNjMDkyZDRlY2E4Zjk0NmM5MTY0MjJlY2Fi OTI3ZjUyZWE0MmI4OWExY2Q1OWMyNTRmOTE5YjBlODVlNjUzNWQxMzVhOGRlMjBmMjBiOGMxMmMz YjANCjBjODk1ZmNmNjcyMDE5MmRlNmJmM2I5ZTg5ZWNkYmQ2NTk2Y2JjZGQ4ZWIyOGU3YzM2NWVj YzRlYzFmZjE0NjBmNTNmZTgxM2QzY2M3ZjViN2YwMjAwMDBmZmZmMDMwMDUwNGIwMzA0MTQwMDA2 MDAwODAwMDAwMDIxMDBhNWQ2DQphN2U3YzAwMDAwMDAzNjAxMDAwMDBiMDAwMDAwNWY3MjY1NmM3 MzJmMmU3MjY1NmM3Mzg0OGZjZjZhYzMzMDBjODdlZjg1YmQ4M2QxN2Q1MWQyYzMxODI1NzYyZmE1 OTA0MzJmYTM3ZDAwZTEyODdmNjgyMjFiZGIxYmViZGI0Zg0KYzcwNjBhYmIwODg0YTRlZmY3YTkz ZGZlYWU4YmY5ZTE5NGU3MjAxNjlhYWEwNmMzZTI0MzNmY2I2OGUxNzYzZGJmN2Y4MmM5ODVhNGE3 MjUwODViNzg3MDg2YTM3YmRiYjU1ZmJjNTBkMWEzM2NjZDMxMWJhNTQ4YjYzMDk1MTINCjBmODhk OTRmYmM1MmFlNDI2NGQxYzkxMGQyNGE0NWRiMzQ2MjI0N2ZhNzkxNzE1ZmQ3MWY5ODllMTllMDM2 NGNkM2Y1MTY1MmQ3Mzc2MGFlOGZhOGM5ZmZiM2MzMzBjYzllNGZjMTdmYWYyY2U1NDUwNDZlMzc5 NDRjNjllNDYyDQphMWE4MmZlMzUzYmQ5MGE4NjVhYWQ0MWVkMGI1YjhmOWQ2ZmQwMTAwMDBmZmZm MDMwMDUwNGIwMzA0MTQwMDA2MDAwODAwMDAwMDIxMDA2Yjc5OTYxNjgzMDAwMDAwOGEwMDAwMDAx YzAwMDAwMDc0Njg2NTZkNjUyZjc0Njg2NQ0KNmQ2NTJmNzQ2ODY1NmQ2NTRkNjE2ZTYxNjc2NTcy MmU3ODZkNmMwY2NjNGQwYWMzMjAxMDQwZTE3ZGExNzc5MGQ5Mzc2M2JiMjg0NTYyYjJjYmFlYmJm NjAwNDM5YzFhNDFjN2EwZDI5ZmRiZDdlNWUzODMzN2NlZGYxNGQ1OWINCjRiMGQ1OTJjOWMwNzBk OGE2NWNkMmU4OGI3ZjA3YzJjYTcxYmE4ZGE0ODFjYzUyYzZjZTFjNzE1ZTZlOTc4MThjOWI0OGQx M2RmNDljODczNTE3ZDIzZDU5MDg1YWRiNWRkMjBkNmI1MmJkNTIxZWYyY2RkNWViOTI0NmEzZDhi DQo0NzU3ZThkM2Y3MjllMjQ1ZWIyYjI2MGEwMjM4ZmQwMTAwMDBmZmZmMDMwMDUwNGIwMzA0MTQw MDA2MDAwODAwMDAwMDIxMDAzMGRkNDMyOWE4MDYwMDAwYTQxYjAwMDAxNjAwMDAwMDc0Njg2NTZk NjUyZjc0Njg2NTZkNjUyZg0KNzQ2ODY1NmQ2NTMxMmU3ODZkNmNlYzU5NGY2ZmRiMzYxNGJmMGZk ODc3MjA3NDZmNjMyNzc2MWEwNzc1OGFkOGIxOWIyZDRkMWJjNDZlODcxZTY5ODk5NmQ4NTBhMjQw ZDI0OTdkMWJkYWUzODAwMWMzYmE2MTg3MTVkODZkODcNCjYxNWI4MTE2ZDhhNWZiMzRkOTNhNmMx ZGQwYWZiMDQ3NTI5MmM1NTg1ZTkyMzZkODhhYWQzZTI0MTJmOWUzZmJmZjFlMWZhOWFiZDdlZWM3 MGMxZDEyMjEyOTRmZGE1ZWZkNzJjZDQzMjRmMTc5NDA5M2IwZWRkZDFlZjYyZmFkDQo3OTQ4MmE5 YzA0OThmMTg0YjRiZDI5OTFkZWI1OGRmN2RmYmI4YWQ3NTU0NDYyODI2MDdkMjJkNzcxZGI4Yjk0 NGFkNzk3OTZhNDBmYzM1ODVlZTYyOTQ5NjA2ZWNjNDU4YzE1YmM4YTcwMjkxMGY4MDhlOGM2NmM2 OWI5NTY1Yg0KNWQ4YTMxNGQzYzk0ZTAxOGM4ZGUxYThmYTk0ZmQwNTA5M2Y0MzY3MmUyM2QwNmFm ODk5MjdhYzA2NzYyYTA0OTEzNjc4NWMxMDYwNzc1OGQ5MDUzZDk2NTAyMWQ2MmQ2ZjY4MDRmYzA4 Zjg2ZTRiZWYyMTBjMzUyYzE0NGRiYWINCjk5OWZiN2I0NzE3NTA5YWY2NzhiOTg1YWIwYjZiNGFl NmY3ZWQ5YmE2YzQxNzBiMDZjNzg4YTcwNTQzMGFkZjcxYmFkMmI1YjA1N2QwMzYwNmExZWQ3ZWJm NWJhYmQ3YTQxY2YwMGIwZWY4M2E2NTY5NjMyY2Q0NjdmYWRkZWM5DQo2OTk2NDBmNjcxOWU3NmI3 ZDZhYzM1NWM3Yzg5ZmVjYTljY2NhZDRlYTdkMzZjNjViMjU4YTIwNjY0MWYxYjczZjhiNWRhNmE2 MzczZDljMTFiOTBjNTM3ZTdmMDhkY2U2NmI3YmJlYWUwMGRjOGUyNTdlN2YwZmQyYmFkZDU4Ng0K OGIzN2EwODhkMWU0NjAwZWFkMWRkYWVmNjdkNDBiYzg5OGIzZWQ0YWY4MWFjMGQ3NmExOTdjODY4 MjY4MjhhMjRiYjMxOGYzNDQyZDhhYjUxOGRmZTNhMjBmMDAwZDY0NThkMTA0YTk2OTRhYzZkODg3 MjhlZWUyNzgyNDI4ZDYNCjBjZjAzYWMxYTUxOTNiZTRjYmI5MjFjZDBiNDk1ZmQwNTRiNWJkMGY1 MzBjMTkzMWEzZjdlYWY5ZjdhZjllM2Y0NWM3MGY5ZTFkM2ZmOGU5ZjhlMWMzZTMwNzNmNWE0MmNl YWE2ZDljODRlNTU1MmZiZmZkZWNjZmM3MWZhMzNmDQo5ZTdlZjNmMmQxMTdkNTc4NTljNmZmZmFj MzI3YmZmY2ZjNzkzNTEwZDI2NzI2Y2U4YjJmOWZmY2Y2ZWNjOThiYWYzZWZkZmRiYjQ3MTVmMDRk ODE0NzY1Zjg5MGM2NDRhMjliZTQwOGVkZjMxODE0MzM1NjcxMjUyNzIzNzFiZQ0KMTVjMzA4ZDNm MjhhY2QyNDk0MzhjMTlhNGIwNWZkOWU4YTFjZjRjZDI5NjY5OTc3MWMzOTNhYzRiNWUwMWQwMWU1 YTMwYTc4N2Q3MmNmMTE3ODEwODk4OWEyMTU5Yzc3YTJkODAxZWU3MmNlM2E1YzU0NWE2MTQ3ZjMy YTk5NzkNCjM4NDljMjZhZTY2MjUyYzZlZDYzN2M1OGM1YmI4YjEzYzdiZmJkNDkwYTc1MzMwZjRi NDdmMTZlNDQxYzMxZjcxODRlMTQwZTQ5NDIxNGQyNzNmYzgwOTAwYWVkZWU1MmVhZDg3NTk3ZmE4 MjRiM2U1NmU4MmU0NTFkNGMyYjRkDQozMmE0MjMyNzlhNjY4YmI2NjkwYzdlOTk1NmU5MGNmZTc2 NmNiMzdiMDc3NTM4YWJkMjdhOGIxY2JhNDhjODBhY2MyYTg0MWYxMmU2OThmMTNhOWUyODFjNTc5 MTFjZTI5ODk1MGQ3ZTAzYWJhODRhYzhjMTU0Zjg2NTVjNGYyYQ0KZjA3NDQ4MTg0N2JkODA0ODU5 YjVlNjk2MDA3ZDRiNGVkZmMxNTBiMTJhZGRiZWNiYTZiMThiMTQ4YTFlNTRkMWJjODEzOTJmMjNi N2Y4NDEzN2MyNzE1YTg1MWRkMDI0MmE2MzNmOTAwNzEwYTIxOGVkNzE1NTA1ZGZlNTZlODYNCmU4 NzdmMDAzNGUxNmJhZmIwZTI1OGViYjRmYWYwNmI3NjllODg4MzQwYjEwM2QzMzExMTViZWJjNGVi ODEzYmY4MzI5MWI2MzYyNGEwZDE0NzVhNzU2YzczNGY5YmJjMmNkMjg1NDZlY2JlMWUyMGEzNzk0 Y2ExNzVmM2ZhZTkwDQpmYjZkMmRkOTliYjA3YjU1ZTVjY2Y2ODk0MmJkMDg3N2IyM2M3N2I5MDhl OGRiNWY5ZGI3ZjAyNGQ5MjM5MDEwZjM1YmQ0YmJlMmZjYWUzODdiZmZmOWUyYmMyODlmMmZiZTI0 Y2ZhYTMwMTQ2OGRkOGJkODQ2ZGJiNGRkZjFjMg0KYWU3YjRjMTkxYmE4MjkyMzM3YTQ2OWJjMjVl YzNkNDExZjA2ZjUzYTczZTIyNGM1MjkyYzhkZTA1MTY3MzIzMDcwNzBhMWMwNjYwZDEyNWM3ZDQ0 NTUzNDg4NzAwYTRkN2JkZGQzNDQ0Mjk5OTEwZTI1NGFiOTg0YzNhMjE5YWUNCmE0YWRmMWQwZjgy YjdiZDQ2Y2VhNDM4OGFkMWMxMmFiNWQxZWQ4ZTExNTNkOWM5ZjM1MGEzMjQ2YWFkMDFjNjg3MzQ2 MmI5YWMwNTk5OWFkNWNjOTg4ODI2ZWFmYzNhY2FlODUzYTMzYjdiYTExY2QxNDQ1ODc1YmExYjIz NmIxDQozOTk0ODNjOTBiZDU2MGIwYjAyNjM0MzUwODVhMjFiMGYyMmE5Y2Y5MzU2YjM4ZWM2MDQ2 MDI2ZDc3ZWJhM2RjMmRjNjBiMTdlOTIyMTllMTgwNjQzZWQyN2FjZmZiYTg2ZTljOTRjN2NhOWMy MjVhMGYxYjBjZmFlMDc4OGFkNQ0KNGFkYzVhOWFlYzFiNzAzYjhiOTNjYWVjMWEwYmQ4ZTVkZTdi MTMyZmU1MTEzY2YzMTI1MDNiOTk4ZTJjMjkyNzI3NGJkMDUxZGI2YjM1OTc5YjFlZjI3MWRhZjZj NjcwNGU4NmM3MzgwNWFmNGJkZDQ3NjIxNmMyNjU5M2FmODQNCjBkZmI1MzkzZDk2NGY5Y2M5YmFk NWMzMTM3MDllYTcwZjU2MWVkM2VhN2IwNTMwNzUyMjFkNTE2OTY5MTBkMGQzMzk1ODUwMDRiMzQy NzJiZmY3MjEzY2M3YTUxMGE1NDU0YTNiMzQ5YjFiMjA2YzFmMGFmNDkwMTc2NzQ1ZDRiDQpjNjYz ZTJhYmIyYjM0YjIzZGE3NmY2MzUyYmE1N2NhMjg4MTg0NGMxMTExYWIxODlkOGM3ZTA3ZTFkYWFh MDRmNDAyNTVjNzc5ODhhYTA1ZmUwNmU0ZTViZGI0Y2I5YzUzOTRiYmFmMjhkOThjMWQ5NzFjY2Qy MDg2N2U1NTZhNw0KNjg5ZWM5MTY2ZTBhNTIyMTgzNzkyYjg5MDdiYTU1Y2E2ZTk0M2JiZjJhMjZl NTJmNDg5NTcyMThmZmNmNTRkMWZiMDlkYzNlYWMwNGRhMDMzZTVjMGQwYjhjNzRhNmI0M2QyZTU0 YzRhMTBhYTUxMWY1ZmIwMjFhMDc1MzNiMjANCjVhZTA3ZTE3YTYyMWE4ZTA4MmRhZmMxN2U0NTBm ZmI3Mzk2NzY5OThiNDg2NDNhNGRhYTcyMTEyMTRmNjIzMTUwOTQyZjZhMDJjOTllODNiODU1ODNk ZGJiYjJjNDk5NjExMzIxMTU1MTI1N2E2NTZlYzExMzkyNDZjYTg2YmUwDQphYWRlZGIzZDE0NDFh ODliNmE5Mjk1MDE4MzNiMTk3ZmVlN2I5NjQxYTM1MDM3MzllNTdjNzMyYTU5YjFmN2RhMWNmOGE3 M2IxZjliY2NhMDk0NWI4NzRkNDM5M2RiYmYxMGIxNjgwZjY2YmJhYTVkNmY5NmU3N2I2ZjU5MTEz ZA0KMzE2YmIzMWE3OTU2MDBiM2QyNTZkMGNhZDJmZTM1NDUzOGU3NTY2YjJiZDY5Y2M2Y2JjZDVj MzhmMGUyYmNjNjMwNTgzNDQ0MjlkYzIxMjFmZDA3ZjYzZjJhN2M2NmJmNzZlODBkNzVjOGY3YTFi NjIyZjg3OGExODk0MWQ4NDANCjU0NWZiMjhkMDdkMjA1ZDIwZThlYTA3MWIyODMzNjk4MzQyOTZi ZGFhYzc1ZDI1NmNiMzdlYjBiZWU3NDBiYmUyNzhjYWQyNTNiOGJiZmNmNjllY2EyMzk3M2Q5Mzli OTc4OTFjNmNlMmNlY2Q4ZGE4ZTJkMzQzNTc4ZjY2NDhhDQpjMmQwMzgzZmM4MThjNzk4Y2Y2NGU1 MmY1OTdjNzQwZjFjYmQwNWRmMGMyNjRjNDkxMzRjZjA5ZDRhNjBlOGExMDcyNjBmMjBmOTJkNDdi Mzc0ZTMyZjAwMDAwMGZmZmYwMzAwNTA0YjAzMDQxNDAwMDYwMDA4MDAwMDAwMjEwMA0KMGRkMTkw OWZiNjAwMDAwMDFiMDEwMDAwMjcwMDAwMDA3NDY4NjU2ZDY1MmY3NDY4NjU2ZDY1MmY1ZjcyNjU2 YzczMmY3NDY4NjU2ZDY1NGQ2MTZlNjE2NzY1NzIyZTc4NmQ2YzJlNzI2NTZjNzM4NDhmNGQwYWMy MzAxNDg0ZjcNCjgyNzcwODZmNmZkM2JhMTA5MTI2ZGQ4OGQwYWRkNDAzODRlNDM1MGQzNjNmMjQ1 MWVjZWQwZGFlMmMwODJlODc2MWJlOTk2OWJiOTc5ZGM5MTM2MzMyZGUzMTY4YWExYTA4M2FlOTk1 NzE5YWMxNmRiOGVjOGU0MDUyMTY0ZTg5DQpkOTNiNjRiMDYwODI4ZTZmMzdlZDE1Njc5MTRiMjg0 ZDI2MjQ1MjI4MmUzMTk4NzIwZTI3NGE5MzljZDA4YTU0Zjk4MGFlMzhhMzhmNTZlNDIyYTNhNjQx YzhiYmQwNDhmNzc1N2RhMGYxOWIwMTdjYzUyNGJkNjIxMDdiZDUwMA0KMTk5NjUwOWFmZmIzZmQz ODFhODk2NzJmMWYxNjVkZmU1MTQxNzNkOTg1MDUyOGEyYzZjY2UwMjM5YmFhNGMwNGNhNWJiYWJh YzRkZjAwMDAwMGZmZmYwMzAwNTA0YjAxMDIyZDAwMTQwMDA2MDAwODAwMDAwMDIxMDBlOWRlMGYN CmJmZmYwMDAwMDAxYzAyMDAwMDEzMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDVi NDM2ZjZlNzQ2NTZlNzQ1ZjU0Nzk3MDY1NzM1ZDJlNzg2ZDZjNTA0YjAxMDIyZDAwMTQwMDA2MDAw ODAwMDAwMDIxMDBhNWQ2DQphN2U3YzAwMDAwMDAzNjAxMDAwMDBiMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAzMDAxMDAwMDVmNzI2NTZjNzMyZjJlNzI2NTZjNzM1MDRiMDEwMjJkMDAxNDAwMDYw MDA4MDAwMDAwMjEwMDZiNzk5NjE2ODMwMDAwMDA4YQ0KMDAwMDAwMWMwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDE5MDIwMDAwNzQ2ODY1NmQ2NTJmNzQ2ODY1NmQ2NTJmNzQ2ODY1NmQ2NTRkNjE2 ZTYxNjc2NTcyMmU3ODZkNmM1MDRiMDEwMjJkMDAxNDAwMDYwMDA4MDAwMDAwMjENCjAwMzBkZDQz MjlhODA2MDAwMGE0MWIwMDAwMTYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMGQ2MDIwMDAwNzQ2 ODY1NmQ2NTJmNzQ2ODY1NmQ2NTJmNzQ2ODY1NmQ2NTMxMmU3ODZkNmM1MDRiMDEwMjJkMDAxNDAw MDYwMDA4DQowMDAwMDAyMTAwMGRkMTkwOWZiNjAwMDAwMDFiMDEwMDAwMjcwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMGIyMDkwMDAwNzQ2ODY1NmQ2NTJmNzQ2ODY1NmQ2NTJmNWY3MjY1NmM3MzJm NzQ2ODY1NmQ2NTRkNjE2ZTYxNjc2NTcyMmU3ODZkNmMyZTcyNjU2YzczNTA0YjA1MDYwMDAwMDAw MDA1MDAwNTAwNWQwMTAwMDBhZDBhMDAwMDAwMDB9DQp7XCpcY29sb3JzY2hlbWVtYXBwaW5nIDNj M2Y3ODZkNmMyMDc2NjU3MjczNjk2ZjZlM2QyMjMxMmUzMDIyMjA2NTZlNjM2ZjY0Njk2ZTY3M2Qy MjU1NTQ0NjJkMzgyMjIwNzM3NDYxNmU2NDYxNmM2ZjZlNjUzZDIyNzk2NTczMjIzZjNlMGQwYTNj NjEzYTYzNmM3MjRkDQo2MTcwMjA3ODZkNmM2ZTczM2E2MTNkMjI2ODc0NzQ3MDNhMmYyZjczNjM2 ODY1NmQ2MTczMmU2ZjcwNjU2ZTc4NmQ2YzY2NmY3MjZkNjE3NDczMmU2ZjcyNjcyZjY0NzI2MTc3 Njk2ZTY3NmQ2YzJmMzIzMDMwMzYyZjZkNjE2OQ0KNmUyMjIwNjI2NzMxM2QyMjZjNzQzMTIyMjA3 NDc4MzEzZDIyNjQ2YjMxMjIyMDYyNjczMjNkMjI2Yzc0MzIyMjIwNzQ3ODMyM2QyMjY0NmIzMjIy MjA2MTYzNjM2NTZlNzQzMTNkMjI2MTYzNjM2NTZlNzQzMTIyMjA2MTYzNjMNCjY1NmU3NDMyM2Qy MjYxNjM2MzY1NmU3NDMyMjIyMDYxNjM2MzY1NmU3NDMzM2QyMjYxNjM2MzY1NmU3NDMzMjIyMDYx NjM2MzY1NmU3NDM0M2QyMjYxNjM2MzY1NmU3NDM0MjIyMDYxNjM2MzY1NmU3NDM1M2QyMjYxNjM2 MzY1NmU3NDM1MjIyMDYxNjM2MzY1NmU3NDM2M2QyMjYxNjM2MzY1NmU3NDM2MjIyMDY4NmM2OTZl NmIzZDIyNjg2YzY5NmU2YjIyMjA2NjZmNmM0ODZjNjk2ZTZiM2QyMjY2NmY2YzQ4NmM2OTZlNmIy MjJmM2V9DQp7XCpcbGF0ZW50c3R5bGVzXGxzZHN0aW1heDI2N1xsc2Rsb2NrZWRkZWYwXGxzZHNl bWloaWRkZW5kZWYxXGxzZHVuaGlkZXVzZWRkZWYxXGxzZHFmb3JtYXRkZWYwXGxzZHByaW9yaXR5 ZGVmOTl7XGxzZGxvY2tlZGV4Y2VwdCBcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxs c2RxZm9ybWF0MSBcbHNkcHJpb3JpdHkwIFxsc2Rsb2NrZWQwIE5vcm1hbDsNClxsc2RzZW1paGlk ZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTkgXGxzZGxvY2tl ZDAgaGVhZGluZyAxO1xsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHk5IFxsc2Rsb2NrZWQwIGhlYWRp bmcgMjtcbHNkcWZvcm1hdDEgXGxzZHByaW9yaXR5OSBcbHNkbG9ja2VkMCBoZWFkaW5nIDM7XGxz ZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTkgXGxzZGxvY2tlZDAgaGVhZGluZyA0Ow0KXGxzZHFmb3Jt YXQxIFxsc2Rwcmlvcml0eTkgXGxzZGxvY2tlZDAgaGVhZGluZyA1O1xsc2RxZm9ybWF0MSBcbHNk cHJpb3JpdHk5IFxsc2Rsb2NrZWQwIGhlYWRpbmcgNjtcbHNkcWZvcm1hdDEgXGxzZHByaW9yaXR5 OSBcbHNkbG9ja2VkMCBoZWFkaW5nIDc7XGxzZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTkgXGxzZGxv Y2tlZDAgaGVhZGluZyA4O1xsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHk5IFxsc2Rsb2NrZWQwIGhl YWRpbmcgOTsNClxsc2Rwcmlvcml0eTM5IFxsc2Rsb2NrZWQwIHRvYyAxO1xsc2Rwcmlvcml0eTM5 IFxsc2Rsb2NrZWQwIHRvYyAyO1xsc2Rwcmlvcml0eTM5IFxsc2Rsb2NrZWQwIHRvYyAzO1xsc2Rw cmlvcml0eTM5IFxsc2Rsb2NrZWQwIHRvYyA0O1xsc2Rwcmlvcml0eTM5IFxsc2Rsb2NrZWQwIHRv YyA1O1xsc2Rwcmlvcml0eTM5IFxsc2Rsb2NrZWQwIHRvYyA2O1xsc2Rwcmlvcml0eTM5IFxsc2Rs b2NrZWQwIHRvYyA3Ow0KXGxzZHByaW9yaXR5MzkgXGxzZGxvY2tlZDAgdG9jIDg7XGxzZHByaW9y aXR5MzkgXGxzZGxvY2tlZDAgdG9jIDk7XGxzZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTM1IFxsc2Rs b2NrZWQwIGNhcHRpb247XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcWZvcm1h dDEgXGxzZHByaW9yaXR5MTAgXGxzZGxvY2tlZDAgVGl0bGU7XGxzZHByaW9yaXR5MSBcbHNkbG9j a2VkMCBEZWZhdWx0IFBhcmFncmFwaCBGb250Ow0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1 c2VkMCBcbHNkcWZvcm1hdDEgXGxzZHByaW9yaXR5MTEgXGxzZGxvY2tlZDAgU3VidGl0bGU7XGxz ZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcWZvcm1hdDEgXGxzZHByaW9yaXR5MjIg XGxzZGxvY2tlZDAgU3Ryb25nO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHFm b3JtYXQxIFxsc2Rwcmlvcml0eTIwIFxsc2Rsb2NrZWQwIEVtcGhhc2lzOw0KXGxzZHNlbWloaWRk ZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk1OSBcbHNkbG9ja2VkMCBUYWJsZSBHcmlk O1xsc2R1bmhpZGV1c2VkMCBcbHNkbG9ja2VkMCBQbGFjZWhvbGRlciBUZXh0O1xsc2RzZW1paGlk ZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTEgXGxzZGxvY2tl ZDAgTm8gU3BhY2luZzsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9y aXR5NjAgXGxzZGxvY2tlZDAgTGlnaHQgU2hhZGluZztcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlk ZXVzZWQwIFxsc2Rwcmlvcml0eTYxIFxsc2Rsb2NrZWQwIExpZ2h0IExpc3Q7XGxzZHNlbWloaWRk ZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2MiBcbHNkbG9ja2VkMCBMaWdodCBHcmlk Ow0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2MyBcbHNkbG9j a2VkMCBNZWRpdW0gU2hhZGluZyAxO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxz ZHByaW9yaXR5NjQgXGxzZGxvY2tlZDAgTWVkaXVtIFNoYWRpbmcgMjtcbHNkc2VtaWhpZGRlbjAg XGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY1IFxsc2Rsb2NrZWQwIE1lZGl1bSBMaXN0IDE7 DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY2IFxsc2Rsb2Nr ZWQwIE1lZGl1bSBMaXN0IDI7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJp b3JpdHk2NyBcbHNkbG9ja2VkMCBNZWRpdW0gR3JpZCAxO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5o aWRldXNlZDAgXGxzZHByaW9yaXR5NjggXGxzZGxvY2tlZDAgTWVkaXVtIEdyaWQgMjsNClxsc2Rz ZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjkgXGxzZGxvY2tlZDAgTWVk aXVtIEdyaWQgMztcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTcw IFxsc2Rsb2NrZWQwIERhcmsgTGlzdDtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxs c2Rwcmlvcml0eTcxIFxsc2Rsb2NrZWQwIENvbG9yZnVsIFNoYWRpbmc7DQpcbHNkc2VtaWhpZGRl bjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTcyIFxsc2Rsb2NrZWQwIENvbG9yZnVsIExp c3Q7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MyBcbHNkbG9j a2VkMCBDb2xvcmZ1bCBHcmlkO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHBy aW9yaXR5NjAgXGxzZGxvY2tlZDAgTGlnaHQgU2hhZGluZyBBY2NlbnQgMTsNClxsc2RzZW1paGlk ZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjEgXGxzZGxvY2tlZDAgTGlnaHQgTGlz dCBBY2NlbnQgMTtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYy IFxsc2Rsb2NrZWQwIExpZ2h0IEdyaWQgQWNjZW50IDE7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhp ZGV1c2VkMCBcbHNkcHJpb3JpdHk2MyBcbHNkbG9ja2VkMCBNZWRpdW0gU2hhZGluZyAxIEFjY2Vu dCAxOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NCBcbHNk bG9ja2VkMCBNZWRpdW0gU2hhZGluZyAyIEFjY2VudCAxO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5o aWRldXNlZDAgXGxzZHByaW9yaXR5NjUgXGxzZGxvY2tlZDAgTWVkaXVtIExpc3QgMSBBY2NlbnQg MTtcbHNkdW5oaWRldXNlZDAgXGxzZGxvY2tlZDAgUmV2aXNpb247DQpcbHNkc2VtaWhpZGRlbjAg XGxzZHVuaGlkZXVzZWQwIFxsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHkzNCBcbHNkbG9ja2VkMCBM aXN0IFBhcmFncmFwaDtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2RxZm9ybWF0 MSBcbHNkcHJpb3JpdHkyOSBcbHNkbG9ja2VkMCBRdW90ZTtcbHNkc2VtaWhpZGRlbjAgXGxzZHVu aGlkZXVzZWQwIFxsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHkzMCBcbHNkbG9ja2VkMCBJbnRlbnNl IFF1b3RlOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NiBc bHNkbG9ja2VkMCBNZWRpdW0gTGlzdCAyIEFjY2VudCAxO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5o aWRldXNlZDAgXGxzZHByaW9yaXR5NjcgXGxzZGxvY2tlZDAgTWVkaXVtIEdyaWQgMSBBY2NlbnQg MTtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY4IFxsc2Rsb2Nr ZWQwIE1lZGl1bSBHcmlkIDIgQWNjZW50IDE7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVz ZWQwIFxsc2Rwcmlvcml0eTY5IFxsc2Rsb2NrZWQwIE1lZGl1bSBHcmlkIDMgQWNjZW50IDE7XGxz ZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MCBcbHNkbG9ja2VkMCBE YXJrIExpc3QgQWNjZW50IDE7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJp b3JpdHk3MSBcbHNkbG9ja2VkMCBDb2xvcmZ1bCBTaGFkaW5nIEFjY2VudCAxOw0KXGxzZHNlbWlo aWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MiBcbHNkbG9ja2VkMCBDb2xvcmZ1 bCBMaXN0IEFjY2VudCAxO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9y aXR5NzMgXGxzZGxvY2tlZDAgQ29sb3JmdWwgR3JpZCBBY2NlbnQgMTtcbHNkc2VtaWhpZGRlbjAg XGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYwIFxsc2Rsb2NrZWQwIExpZ2h0IFNoYWRpbmcg QWNjZW50IDI7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYx IFxsc2Rsb2NrZWQwIExpZ2h0IExpc3QgQWNjZW50IDI7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhp ZGV1c2VkMCBcbHNkcHJpb3JpdHk2MiBcbHNkbG9ja2VkMCBMaWdodCBHcmlkIEFjY2VudCAyO1xs c2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjMgXGxzZGxvY2tlZDAg TWVkaXVtIFNoYWRpbmcgMSBBY2NlbnQgMjsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNl ZDAgXGxzZHByaW9yaXR5NjQgXGxzZGxvY2tlZDAgTWVkaXVtIFNoYWRpbmcgMiBBY2NlbnQgMjtc bHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY1IFxsc2Rsb2NrZWQw IE1lZGl1bSBMaXN0IDEgQWNjZW50IDI7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBc bHNkcHJpb3JpdHk2NiBcbHNkbG9ja2VkMCBNZWRpdW0gTGlzdCAyIEFjY2VudCAyOw0KXGxzZHNl bWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NyBcbHNkbG9ja2VkMCBNZWRp dW0gR3JpZCAxIEFjY2VudCAyO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHBy aW9yaXR5NjggXGxzZGxvY2tlZDAgTWVkaXVtIEdyaWQgMiBBY2NlbnQgMjtcbHNkc2VtaWhpZGRl bjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY5IFxsc2Rsb2NrZWQwIE1lZGl1bSBHcmlk IDMgQWNjZW50IDI7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0 eTcwIFxsc2Rsb2NrZWQwIERhcmsgTGlzdCBBY2NlbnQgMjtcbHNkc2VtaWhpZGRlbjAgXGxzZHVu aGlkZXVzZWQwIFxsc2Rwcmlvcml0eTcxIFxsc2Rsb2NrZWQwIENvbG9yZnVsIFNoYWRpbmcgQWNj ZW50IDI7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MiBcbHNk bG9ja2VkMCBDb2xvcmZ1bCBMaXN0IEFjY2VudCAyOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhp ZGV1c2VkMCBcbHNkcHJpb3JpdHk3MyBcbHNkbG9ja2VkMCBDb2xvcmZ1bCBHcmlkIEFjY2VudCAy O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjAgXGxzZGxvY2tl ZDAgTGlnaHQgU2hhZGluZyBBY2NlbnQgMztcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQw IFxsc2Rwcmlvcml0eTYxIFxsc2Rsb2NrZWQwIExpZ2h0IExpc3QgQWNjZW50IDM7DQpcbHNkc2Vt aWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYyIFxsc2Rsb2NrZWQwIExpZ2h0 IEdyaWQgQWNjZW50IDM7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3Jp dHk2MyBcbHNkbG9ja2VkMCBNZWRpdW0gU2hhZGluZyAxIEFjY2VudCAzO1xsc2RzZW1paGlkZGVu MCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjQgXGxzZGxvY2tlZDAgTWVkaXVtIFNoYWRp bmcgMiBBY2NlbnQgMzsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9y aXR5NjUgXGxzZGxvY2tlZDAgTWVkaXVtIExpc3QgMSBBY2NlbnQgMztcbHNkc2VtaWhpZGRlbjAg XGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY2IFxsc2Rsb2NrZWQwIE1lZGl1bSBMaXN0IDIg QWNjZW50IDM7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NyBc bHNkbG9ja2VkMCBNZWRpdW0gR3JpZCAxIEFjY2VudCAzOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1 bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2OCBcbHNkbG9ja2VkMCBNZWRpdW0gR3JpZCAyIEFjY2Vu dCAzO1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjkgXGxzZGxv Y2tlZDAgTWVkaXVtIEdyaWQgMyBBY2NlbnQgMztcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVz ZWQwIFxsc2Rwcmlvcml0eTcwIFxsc2Rsb2NrZWQwIERhcmsgTGlzdCBBY2NlbnQgMzsNClxsc2Rz ZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzEgXGxzZGxvY2tlZDAgQ29s b3JmdWwgU2hhZGluZyBBY2NlbnQgMztcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxs c2Rwcmlvcml0eTcyIFxsc2Rsb2NrZWQwIENvbG9yZnVsIExpc3QgQWNjZW50IDM7XGxzZHNlbWlo aWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MyBcbHNkbG9ja2VkMCBDb2xvcmZ1 bCBHcmlkIEFjY2VudCAzOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJp b3JpdHk2MCBcbHNkbG9ja2VkMCBMaWdodCBTaGFkaW5nIEFjY2VudCA0O1xsc2RzZW1paGlkZGVu MCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjEgXGxzZGxvY2tlZDAgTGlnaHQgTGlzdCBB Y2NlbnQgNDtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYyIFxs c2Rsb2NrZWQwIExpZ2h0IEdyaWQgQWNjZW50IDQ7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlk ZXVzZWQwIFxsc2Rwcmlvcml0eTYzIFxsc2Rsb2NrZWQwIE1lZGl1bSBTaGFkaW5nIDEgQWNjZW50 IDQ7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NCBcbHNkbG9j a2VkMCBNZWRpdW0gU2hhZGluZyAyIEFjY2VudCA0O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRl dXNlZDAgXGxzZHByaW9yaXR5NjUgXGxzZGxvY2tlZDAgTWVkaXVtIExpc3QgMSBBY2NlbnQgNDsN Clxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjYgXGxzZGxvY2tl ZDAgTWVkaXVtIExpc3QgMiBBY2NlbnQgNDtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQw IFxsc2Rwcmlvcml0eTY3IFxsc2Rsb2NrZWQwIE1lZGl1bSBHcmlkIDEgQWNjZW50IDQ7XGxzZHNl bWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2OCBcbHNkbG9ja2VkMCBNZWRp dW0gR3JpZCAyIEFjY2VudCA0Ow0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNk cHJpb3JpdHk2OSBcbHNkbG9ja2VkMCBNZWRpdW0gR3JpZCAzIEFjY2VudCA0O1xsc2RzZW1paGlk ZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzAgXGxzZGxvY2tlZDAgRGFyayBMaXN0 IEFjY2VudCA0O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzEg XGxzZGxvY2tlZDAgQ29sb3JmdWwgU2hhZGluZyBBY2NlbnQgNDsNClxsc2RzZW1paGlkZGVuMCBc bHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzIgXGxzZGxvY2tlZDAgQ29sb3JmdWwgTGlzdCBB Y2NlbnQgNDtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTczIFxs c2Rsb2NrZWQwIENvbG9yZnVsIEdyaWQgQWNjZW50IDQ7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhp ZGV1c2VkMCBcbHNkcHJpb3JpdHk2MCBcbHNkbG9ja2VkMCBMaWdodCBTaGFkaW5nIEFjY2VudCA1 Ow0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2MSBcbHNkbG9j a2VkMCBMaWdodCBMaXN0IEFjY2VudCA1O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAg XGxzZHByaW9yaXR5NjIgXGxzZGxvY2tlZDAgTGlnaHQgR3JpZCBBY2NlbnQgNTtcbHNkc2VtaWhp ZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYzIFxsc2Rsb2NrZWQwIE1lZGl1bSBT aGFkaW5nIDEgQWNjZW50IDU7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rw cmlvcml0eTY0IFxsc2Rsb2NrZWQwIE1lZGl1bSBTaGFkaW5nIDIgQWNjZW50IDU7XGxzZHNlbWlo aWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2NSBcbHNkbG9ja2VkMCBNZWRpdW0g TGlzdCAxIEFjY2VudCA1O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9y aXR5NjYgXGxzZGxvY2tlZDAgTWVkaXVtIExpc3QgMiBBY2NlbnQgNTsNClxsc2RzZW1paGlkZGVu MCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjcgXGxzZGxvY2tlZDAgTWVkaXVtIEdyaWQg MSBBY2NlbnQgNTtcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY4 IFxsc2Rsb2NrZWQwIE1lZGl1bSBHcmlkIDIgQWNjZW50IDU7XGxzZHNlbWloaWRkZW4wIFxsc2R1 bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2OSBcbHNkbG9ja2VkMCBNZWRpdW0gR3JpZCAzIEFjY2Vu dCA1Ow0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk3MCBcbHNk bG9ja2VkMCBEYXJrIExpc3QgQWNjZW50IDU7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2Vk MCBcbHNkcHJpb3JpdHk3MSBcbHNkbG9ja2VkMCBDb2xvcmZ1bCBTaGFkaW5nIEFjY2VudCA1O1xs c2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzIgXGxzZGxvY2tlZDAg Q29sb3JmdWwgTGlzdCBBY2NlbnQgNTsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAg XGxzZHByaW9yaXR5NzMgXGxzZGxvY2tlZDAgQ29sb3JmdWwgR3JpZCBBY2NlbnQgNTtcbHNkc2Vt aWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTYwIFxsc2Rsb2NrZWQwIExpZ2h0 IFNoYWRpbmcgQWNjZW50IDY7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJp b3JpdHk2MSBcbHNkbG9ja2VkMCBMaWdodCBMaXN0IEFjY2VudCA2Ow0KXGxzZHNlbWloaWRkZW4w IFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3JpdHk2MiBcbHNkbG9ja2VkMCBMaWdodCBHcmlkIEFj Y2VudCA2O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjMgXGxz ZGxvY2tlZDAgTWVkaXVtIFNoYWRpbmcgMSBBY2NlbnQgNjtcbHNkc2VtaWhpZGRlbjAgXGxzZHVu aGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY0IFxsc2Rsb2NrZWQwIE1lZGl1bSBTaGFkaW5nIDIgQWNj ZW50IDY7DQpcbHNkc2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY1IFxs c2Rsb2NrZWQwIE1lZGl1bSBMaXN0IDEgQWNjZW50IDY7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhp ZGV1c2VkMCBcbHNkcHJpb3JpdHk2NiBcbHNkbG9ja2VkMCBNZWRpdW0gTGlzdCAyIEFjY2VudCA2 O1xsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NjcgXGxzZGxvY2tl ZDAgTWVkaXVtIEdyaWQgMSBBY2NlbnQgNjsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNl ZDAgXGxzZHByaW9yaXR5NjggXGxzZGxvY2tlZDAgTWVkaXVtIEdyaWQgMiBBY2NlbnQgNjtcbHNk c2VtaWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTY5IFxsc2Rsb2NrZWQwIE1l ZGl1bSBHcmlkIDMgQWNjZW50IDY7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNk cHJpb3JpdHk3MCBcbHNkbG9ja2VkMCBEYXJrIExpc3QgQWNjZW50IDY7DQpcbHNkc2VtaWhpZGRl bjAgXGxzZHVuaGlkZXVzZWQwIFxsc2Rwcmlvcml0eTcxIFxsc2Rsb2NrZWQwIENvbG9yZnVsIFNo YWRpbmcgQWNjZW50IDY7XGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcHJpb3Jp dHk3MiBcbHNkbG9ja2VkMCBDb2xvcmZ1bCBMaXN0IEFjY2VudCA2O1xsc2RzZW1paGlkZGVuMCBc bHNkdW5oaWRldXNlZDAgXGxzZHByaW9yaXR5NzMgXGxzZGxvY2tlZDAgQ29sb3JmdWwgR3JpZCBB Y2NlbnQgNjsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNlZDAgXGxzZHFmb3JtYXQxIFxs c2Rwcmlvcml0eTE5IFxsc2Rsb2NrZWQwIFN1YnRsZSBFbXBoYXNpcztcbHNkc2VtaWhpZGRlbjAg XGxzZHVuaGlkZXVzZWQwIFxsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHkyMSBcbHNkbG9ja2VkMCBJ bnRlbnNlIEVtcGhhc2lzOw0KXGxzZHNlbWloaWRkZW4wIFxsc2R1bmhpZGV1c2VkMCBcbHNkcWZv cm1hdDEgXGxzZHByaW9yaXR5MzEgXGxzZGxvY2tlZDAgU3VidGxlIFJlZmVyZW5jZTtcbHNkc2Vt aWhpZGRlbjAgXGxzZHVuaGlkZXVzZWQwIFxsc2RxZm9ybWF0MSBcbHNkcHJpb3JpdHkzMiBcbHNk bG9ja2VkMCBJbnRlbnNlIFJlZmVyZW5jZTsNClxsc2RzZW1paGlkZGVuMCBcbHNkdW5oaWRldXNl ZDAgXGxzZHFmb3JtYXQxIFxsc2Rwcmlvcml0eTMzIFxsc2Rsb2NrZWQwIEJvb2sgVGl0bGU7XGxz ZHByaW9yaXR5MzcgXGxzZGxvY2tlZDAgQmlibGlvZ3JhcGh5O1xsc2RxZm9ybWF0MSBcbHNkcHJp b3JpdHkzOSBcbHNkbG9ja2VkMCBUT0MgSGVhZGluZzt9fXtcKlxkYXRhc3RvcmUgMDEwNTAwMDAw MjAwMDAwMDE4MDAwMDAwDQo0ZDczNzg2ZDZjMzIyZTUzNDE1ODU4NGQ0YzUyNjU2MTY0NjU3MjJl MzYyZTMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwNjAwMDANCmQwY2YxMWUwYTFiMTFhZTEwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDNlMDAwMzAwZmVmZjA5MDAwNjAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMTAwMDAwMDAxMDAwMDAwMDAwMDAwMDAwMDEwMDAwMGZlZmZmZmZmMDAwMDAwMDBm ZWZmZmZmZjAwMDAwMDAwMDAwMDAwMDBmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm Zg0KZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmDQpmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmYNCmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZg0KZmZmZmZmZmZmZmZmZmZmZmZkZmZmZmZmZmVmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmDQpmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmYNCmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZg0KZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmZmDQpmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZjUyMDA2ZjAwNmYw MDc0MDAyMDAwNDUwMDZlMDA3NDAwNzIwMDc5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMTYwMDA1MDBmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmYwYzZhZDk4ODkyZjFkNDExYTY1ZjAw NDA5NjMyNTFlNTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMGMwMDINCmJlN2RlMDFhZDcwMWZlZmZm ZmZmMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBmZmZmZmZmZmZmZmZmZmZm ZmZmZmZmZmYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMA0KMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDBmZmZmZmZmZmZmZmZmZmZmZmZmZmZmZmYwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwDQowMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBmZmZmZmZmZmZmZmZm ZmZmZmZmZmZmZmYwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDANCjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMDUw MDAwMDAwMDAwMDB9fQ== --000000000000019e2805d1719bc6-- From postmaster@eralomanab.com Wed Nov 24 00:33:37 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.6 required=5.0 tests=BAYES_99,BAYES_999, FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, HEADER_FROM_DIFFERENT_DOMAINS,HK_NAME_MR_MRS,LCL_VIA_ZA, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL, RELAY_COUNTRY_ZA,SPF_HELO_NONE,SPF_NONE autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [209.85.128.103 listed in bl.score.senderscore.com] * 2.0 RELAY_COUNTRY_ZA Relayed via South Africa * 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * mail domains are different * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.128.103 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.128.103 listed in list.dnswl.org] * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [aminamedjahed95[at]gmail.com] * 0.2 HK_NAME_MR_MRS No description available. * 3.0 LCL_VIA_ZA Via relay in South African + high Bayes * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From X-Spam-Relay-Country: US ZA Received: from mail-wm1-f103.google.com (mail-wm1-f103.google.com [209.85.128.103]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AO6XP1w006025 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 24 Nov 2021 00:33:37 -0600 Received: by mail-wm1-f103.google.com with SMTP id p3-20020a05600c1d8300b003334fab53afso4348698wms.3 for ; Tue, 23 Nov 2021 22:33:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:mime-version :content-transfer-encoding:content-description:subject:to:from:date :reply-to; bh=i3IIiXjUxsZiTPkitoqvEUdEkU9zj0kJ1pwCxLoVpq0=; b=46Rh///QDzSu9hFnoFJoNU7CGwK3MacYENwMbICNce1owXnWHJ7CC+Ei+jjWQaIOst KbLEyG45fafDmQU9g5BsXFwBNda86/tL4S3o+n37mWu+Vt3vAMlKShSkq2h49/ueMn1B ZX72fEeziPAjeaRVLb3V86l1SYP6/Z4iZcpV8WkAK5CB7KrfJ2XzKh1vYPNAM3sKcFPq onA/o1G+QRfIbf+vTW3lOJ319qdf68wF4pu5evQYLJ/VZkmO78kg0DHuKqLrBxT6mP2e YyddlwdFByFVGATjdNxzyMkRQd5PO5l23SP7mgg3n1E//kec96bk6EW1TznL0G4s6F9q j5Xw== X-Gm-Message-State: AOAM532s/JA1JaymmVBW1Pdm0Dy8SGzSZ/IimW2FbjaGEG7y5GD+GxcJ /uyBg4B8n1mRItXogr46ZgLeWIn+i7+uP3UVrtB1SVqX10r7mw== X-Google-Smtp-Source: ABdhPJzFmBeZaA35LtlFO39I/M0/FEZIGEOWcxEa6m946aqJ9Xa2MiGX4xVCzwCtwJ9/NwB80MaNHx5sRkRC X-Received: by 2002:a7b:c756:: with SMTP id w22mr12401306wmk.34.1637735603054; Tue, 23 Nov 2021 22:33:23 -0800 (PST) Received: from [192.168.0.102] ([164.160.92.189]) by smtp-relay.gmail.com with ESMTPS id b5sm740753wru.62.2021.11.23.22.33.15 (version=TLS1 cipher=AES128-SHA bits=128/128); Tue, 23 Nov 2021 22:33:23 -0800 (PST) X-Relaying-Domain: eralomanab.com Message-ID: <619ddcb3.1c69fb81.87d2d.2785SMTPIN_ADDED_MISSING@mx.google.com> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re:Your Proposal To: Recipients From: "Mrs Amina Medjahed" Date: Tue, 23 Nov 2021 22:33:06 -0800 Reply-To: aminamedjahed95@gmail.com X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Nov 2021 00:33:37 -0600 (CST) for IP:'209.85.128.103' DOMAIN:'mail-wm1-f103.google.com' HELO:'mail-wm1-f103.google.com' FROM:'postmaster@eralomanab.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Nov 2021 00:33:37 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1AO6XP1w006025 X-Spam-Prev-Subject: Re:Your Proposal Status: R X-Status: X-Keywords: X-UID: 356 Good day please i have a business proposal that wil benefit both of us respond if interested thanks and God bless. From awards@igem.org Wed Nov 24 13:44:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.6 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_80,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_USER,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MAY_BE_FORGED, MIME_HTML_ONLY,MISSING_HEADERS,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_H2,RCVD_IN_MSPIKE_ZBI,RCVD_IN_PSBL, RCVD_IN_SBL,REPLYTO_WITHOUT_TO_CC,SPF_HELO_NONE,SPF_SOFTFAIL, TO_NO_BRKTS_FROM_MSSP,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9080] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL * [156.96.56.26 listed in zen.spamhaus.org] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [93.103.221.121 listed in psbl.surriel.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [93.103.221.121 listed in wl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 RCVD_IN_MSPIKE_ZBI No description available. * 0.0 FROM_MISSPACED From: missing whitespace * 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.7 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 1.0 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-Spam-Relay-Country: SI ** ** US Received: from posta.toppharma.si (posta.toppharma.si [93.103.221.121] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1AOJipK4043239 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 24 Nov 2021 13:44:59 -0600 Message-Id: <202111241944.1AOJipK4043239@ga.impsec.org> Received: from localhost (localhost [127.0.0.1]) by posta.toppharma.si (Postfix) with ESMTP id 58DCBE82FF0B; Tue, 23 Nov 2021 21:41:16 +0100 (CET) X-Virus-Scanned: amavisd-new at toppharma.si Received: from posta.toppharma.si ([127.0.0.1]) by localhost (posta.toppharma.si [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zdTiHqDfb1m; Tue, 23 Nov 2021 21:41:16 +0100 (CET) Received: from User (unknown [156.96.56.26]) by posta.toppharma.si (Postfix) with ESMTPA id D897CE82FDFB; Tue, 23 Nov 2021 21:40:53 +0100 (CET) Reply-To: From: "IMF" Subject: [SPAM] Exclusive Grant Date: Tue, 23 Nov 2021 12:40:31 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Nov 2021 13:44:59 -0600 (CST) for IP:'93.103.221.121' DOMAIN:'[93.103.221.121]' HELO:'posta.toppharma.si' FROM:'awards@igem.org' RCPT:'' X-Greylist: Delayed for 13:45:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 24 Nov 2021 13:44:59 -0600 (CST) X-Spam-Prev-Subject: Exclusive Grant Status: R X-Status: X-Keywords: X-UID: 357 Content-Length: 2747
INTERNATIONAL MONETARY FUND (IMF)
700 19th Street, N.W.
Washington, D.C. 20431,
U.S.A
Date: 23/11/2021
 
IMF OFFICIAL EMPOWERMENT GRANT AND DONATION PROGRAMME 2021
 
Hello Grant Recipient,
 
REFERENCE NUMBER: IMF/WDC/1109/0320
 
We have selected you to receive a Grant Cash Donation of $1,550,000.00 USD.
FOR MORE INFORMATION: Kindly Reply via email and Send your Reference Number (IMF/WDC/1109/0320) for Confirmation via Whats App Message to I.M.F Public Relations Center: +1 619 485 6806
 
Thanks for your Understanding.
 
Yours in Service,
KRISTALINA GEORGIEVA
(MANAGING DIRECTOR)
INTERNATIONAL MONETARY FUND
 From sales@srujan.co.in Tue Nov 30 10:25:10 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.5 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, AXB_XMAILER_MIMEOLE_OL_024C2,BAYES_99,BAYES_999,DEAR_FRIEND, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FORGED_SPF_HELO,FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HTML_MESSAGE,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,MIME_HTML_ONLY, MISSING_HEADERS,MONEY_FORM_SHORT,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MSGID_FROM_MTA_HEADER,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L4, RCVD_IN_SBL_CSS,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM_LOOSE, SPAM_BOOSTER_04,SPAM_BOOSTER_05,SPF_HELO_PASS,SPF_NONE, TO_NO_BRKTS_FROM_MSSP,T_FILL_THIS_FORM_SHORT,XFER_LOTSA_MONEY,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.1 NSL_RCVD_HELO_USER Received from HELO User * 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS * [103.114.104.117 listed in zen.spamhaus.org] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4) * [188.166.96.109 listed in bl.mailspike.net] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [fspero82[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known advance fee fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.0 FORGED_SPF_HELO No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 2.0 MONEY_FROM_MISSP Lots of money and misspaced From * 0.0 FROM_MISSPACED From: missing whitespace * 1.3 FROM_MISSP_REPLYTO From misspaced, has Reply-To * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.4 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.2 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 0.0 XPRIO Has X-Priority header * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: NL XX Received: from punesourcing.com (ns1.sankalpana.com [188.166.96.109]) by ga.impsec.org (8.14.7/8.14.7) with SMTP id 1AUGP6eL029319 for ; Tue, 30 Nov 2021 10:25:09 -0600 Message-Id: <202111301625.1AUGP6eL029319@ga.impsec.org> Received: (qmail 93954 invoked from network); 30 Nov 2021 07:23:45 -0000 Received: from unknown (HELO User) (sales@srujan.co.in@103.114.104.117) by punesourcing.com with SMTP; 30 Nov 2021 07:23:45 -0000 Reply-To: From: "INFO" Subject: [SPAM] INFO Date: Mon, 29 Nov 2021 23:23:46 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 30 Nov 2021 10:25:10 -0600 (CST) for IP:'188.166.96.109' DOMAIN:'ns1.sankalpana.com' HELO:'punesourcing.com' FROM:'sales@srujan.co.in' RCPT:'' X-Greylist: Delayed for 05:46:56 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 30 Nov 2021 10:25:10 -0600 (CST) X-Spam-Prev-Subject: INFO Status: R X-Status: X-Keywords: X-UID: 358 Content-Length: 1285
Dear friend,
It might be a surprise to you reading from me again as I had written an earlier email to you but without a response. Presently, I'm in the hospital where I am undergoing treatment for Esophageal Cancer. I am Mrs. Felicia sp?ro, widow to late Maurientes sp?ro, former deputy defense attach? to Benin consulate in the Czech Republic. My husband was killed by those who were envious of his position in the same office.
But before his death, he vowed to use his wealth for the orphanages and elderly persons who are less privileged.He deposited the sum of {NINE HUNDRED THOUSAND DOLLARS} here in the bank.  I have decided to donate this money to an individual, who will utilize it to fulfill the last request of my late husband, which is why I contacted you. Reply with your full names, phone number, address, and occupation so that I will give you more details.
Yours Sincerely,
Mrs. Felicia sp?ro
 From deedeepaul212@gmail.com Tue Nov 30 20:08:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.4 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_99,DEAR_BENEFICIARY,DKIM_ADSP_CUSTOM_MED,DKIM_INVALID, DKIM_SIGNED,FILL_THIS_FORM,FILL_THIS_FORM_LOAN,FORM_FRAUD_5, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, LOTS_OF_MONEY,MONEY_FORM,MONEY_FRAUD_5,MONEY_FREEMAIL_REPTO, NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9941] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.128.45 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.128.45 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [deedeepaul212[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [deedeepaul212[at]gmail.com] * 1.2 DEAR_BENEFICIARY BODY: Dear Beneficiary: * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.9 FILL_THIS_FORM_LOAN Answer loan question(s) * 0.0 MONEY_FORM Lots of money if you fill out a form * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 3.0 MONEY_FRAUD_5 Lots of money and many fraud phrases * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: US Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B128omm023659 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 30 Nov 2021 20:08:58 -0600 Received: by mail-wm1-f45.google.com with SMTP id 77-20020a1c0450000000b0033123de3425so21058496wme.0 for ; Tue, 30 Nov 2021 18:08:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=vgb6TZHvoGxnX26gd0nj/22imX42P2FsOFK6fPhi6oM=; b=APnFBwlhoCnrrYkx+I1wpmpUbQMDmYqVjD4YROi5yz2Z8kU+23lQt+XsfTWF6w8jG/ 0Uuj9HVHPpiZDOMi75W3bdQjyy04Kh7EQHjd6OPbUMpDMP8FzqQtMzfiZHc3TPH/8lce 6VHcbY0ge9amiLGr9AOYA2flsscWfWR/TR5Pv7p3+HLcwm+5nckoy8V3bCoOebsgSHBY ofqO1R1SIF2fGJ4i3YM1IGXTSd7bXFTbqqDNOWZkucS0+Vf9mKbFeFngEoPeKwBgqYr8 Zx4JJaqtGSl03hJeAcqqXfjKgMMGV73vmjEfQRqy3/bcAWRTJt25Q/bWEW5hzYiEiwl0 H9dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:content-transfer-encoding; bh=vgb6TZHvoGxnX26gd0nj/22imX42P2FsOFK6fPhi6oM=; b=wzHFD5vjpUuceFrDCAcyVmjhBE8FXSkZ5ofIMCOC5BVij/h/zBrEOUiGN6M+3SLbck lKKF26uDkqBCRKc64ag1yxDpYzqZ/exqW4mP2AK1VPnTt1IFevXG09o5hWIyOC8xTaxg 5kYpPuadrwtiyRfrnW5HAf4Z+W7Z4bnOWXsYbAAOLc7W3VqfWAM+h0X1JA2dzaP90jN8 FUeYWIbsCq6Uywethua6rB/e7NRXDzra9kZYHu8WwoIBxyDu7SvsaNOzO/uSysKmzGdD tfwso0vDRXhz97JKCrqkVN5dBhFSoHmJHt8QJlZ1Lu7/ncOijHosGuEA9rJb6zqKk0ye 3AJw== X-Gm-Message-State: AOAM532FfZXbXeA7UMqob7U8tpk1h5ZVaK9z1nsYHvEAE8lk9AVFWTpU tBlQj1r6zjG4mH0TW/r8MoYcOTkb8a35jD7elRY= X-Google-Smtp-Source: ABdhPJy/SHzxoEF6lFbPo13yGPwEzcJw3hPxzC5zGlRsy3RG+B2o5JYSStVnW2iKWiSoqu9mZM1KV5x7wIjvDnzWXo4= X-Received: by 2002:a05:600c:3b8f:: with SMTP id n15mr3206162wms.180.1638324528254; Tue, 30 Nov 2021 18:08:48 -0800 (PST) MIME-Version: 1.0 Received: by 2002:adf:a111:0:0:0:0:0 with HTTP; Tue, 30 Nov 2021 18:08:47 -0800 (PST) Reply-To: deedee-paul@yandex.com From: Deedee Paul Date: Wed, 1 Dec 2021 02:08:47 +0000 Message-ID: Subject: [SPAM] Attention: Beneficiary, To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 30 Nov 2021 20:08:59 -0600 (CST) for IP:'209.85.128.45' DOMAIN:'mail-wm1-f45.google.com' HELO:'mail-wm1-f45.google.com' FROM:'deedeepaul212@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 30 Nov 2021 20:08:59 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1B128omm023659 X-Spam-Prev-Subject: Attention: Beneficiary, Status: R X-Status: X-Keywords: X-UID: 359 Content-Length: 2343 Attention: Beneficiary, This is to officially inform you that we have been having a meeting for the past Months now which has already ended with Mr.Antonio Guterres Secretary-General of United Nations, Mr. David R.Malpass the World Bank President and, Dr. Kristalina Georgieva (IMF) Director-General, in the meeting we dealt with Scam victim’s problems and all the people that were affected the most by this Coronavirus pandemic. If you are not a Scam victim then know that your name appeared among those people the (UN) wants to empower because of this Coronavirus pandemic, the United Nations have mapped out a huge amount of money to empower those that need help in their businesses and to those that want to start a business. The United Nations have been having a secret meeting for some time now which they also invited the top richest men in the world to assist them in raising funds because this pandemic that has been terrorizing all over the world, Coronavirus pandemic, has also brought the world to its knees. We are doing everything possible to composite the people that are affected the most. The United Nations have agreed to compensate you with the sum of ($750,000.00) Seven hundred and fifty thousand United States Dollars this also includes international businesses that failed due to Government problems etc. We have arranged your payment through WORLD ATM MASTERCARD which is the latest instruction from the World Bank Group. For the collection of your WORLD ATM MASTERCARD contact our representative Rev. DAVID WOOD and forward the following details to Rev. David Wood, and do send him your contact address where you want your MASTERCARD to be sent to you, Here is his e-mail address: (davidwood2019@yandex.com) He is a Canadian but Presently in Turkey Where he Sign as (UN) representative Agent. 1. Full Name:......... 2. Country:........ 3. Delivery Address:.......... 4. Telephone:..............& Occupation....... 5. Your Age...... /Sex.......... Contact Reverend Father David Wood with below or above email address forward all your details to him. Email :( davidwood2019@yandex.com) or you send your details to me. I will be the one to send your details to him. Thanks. Tel: 1 513 452 4395. Mr.Antonio Guterres Director-General of the United Nations Office. CC: Dr. Kristalina Georgieva World Bank Group. From allenm6120@gmail.com Thu Dec 2 05:41:53 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.9 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY, MIME_QP_LONG_LINE,MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPAM_BOOSTER_05,SPF_HELO_NONE, SPF_PASS,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.221.43 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [allenm6120[at]gmail.com] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.221.43 listed in list.dnswl.org] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [rraya9989[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [allenm6120[at]gmail.com] * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 * chars * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 XFER_LOTSA_MONEY Transfer a lot of money * 3.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: US BF Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B2Bfnuo022847 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 2 Dec 2021 05:41:53 -0600 Received: by mail-wr1-f43.google.com with SMTP id u1so58979877wru.13 for ; Thu, 02 Dec 2021 03:41:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:reply-to:message-id:subject:mime-version :content-transfer-encoding; bh=rpgIUlJN4Cldnt/pnjHn+BNKpEuscTlk4XnD9WTXLi8=; b=AgPmDWP0ZccjAu7MuagOQsZkxMjAElpNmH5YabBu0xti48/NbVSdiEMy0YJKnYUbcX nVCcuJJAADr56Q+WMTAv5WUZufoS6xjYg/dAXGu9dxeK5belZnMaqcZHC7Ds8JftHUIO DLk3A6aN+9kI/0/xcCS7ut3GlwQ99zk0HUOnzGqPVIEzknskYWWX8kHLSAtCV1hFB9tp dP/LRbBu4qWEL/V8TAT7HqF56KXwqGwRHzb0QniQK3ssVtad6A4fDqhjzY90UKqezJH6 xTV69qimB0uHe/P547LKEHw6xTtFtVSnPyCyHzdfIxoJHpQKjl6+QULNXyoNVhG5m82D K8DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:reply-to:message-id:subject :mime-version:content-transfer-encoding; bh=rpgIUlJN4Cldnt/pnjHn+BNKpEuscTlk4XnD9WTXLi8=; b=tYxOQ9w4RW7SlYsheDTHU3k0uUo2PhJ13G3Hceka2UZAlr4xXkJRK6WYmOWk0xCt6R Y0kQuDb3M9ONyQtadhO7QRL1VXmuzOzOUG7zxmnKQEOv3rGYc0xZu572VtKIjRFIMfeH 9kIvZvmugfrzShfCJ+whJZkkJTObgsgMtLUQ121Pf6GUv5vwP73H4guHJwa49wwjzCL8 PHLzk34C8o8rEwg+Dj86Szx/dRoC/HdMK05b4gbNhwiJ9MBWfJ2ChfrpCGvtoZjMf92L IR+6rD6CDyz0LFaCNBP1DbiKIQqjXsd1Jjq7elurbNjTGhMBDASG5jPqDkiLbfEAEMeW yqcw== X-Gm-Message-State: AOAM530R/+ir5yFrLs1DNi3Kn6qoOp2uQU6d5UnktlRmbmc8eXjccbzH Zede5hp3aHgvu8DyiApq1sg= X-Google-Smtp-Source: ABdhPJzM0RqWt2XOsLqOWV0wKI1NENWs9yCF/tyc4vUi4o/Ib/Sl9tfeE70Yh46EU8ZdkMRgF5yneg== X-Received: by 2002:a5d:47a9:: with SMTP id 9mr13966263wrb.42.1638445305719; Thu, 02 Dec 2021 03:41:45 -0800 (PST) Received: from MYPC-PC ([197.239.91.39]) by smtp.gmail.com with ESMTPSA id l4sm2283439wrv.94.2021.12.02.03.41.28 (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 02 Dec 2021 03:41:44 -0800 (PST) Date: Thu, 02 Dec 2021 03:41:44 -0800 (PST) X-Google-Original-Date: Thu, 2 Dec 2021 11:41:26 GMT From: Louisa Besson To: X-Mailer: Barca 2.8 (4400) - EXPIRED EVALUATION VERSION X-URL: http://www.pocomail.com/ Reply-To: rraya9989@gmail.com Message-ID: <2021122114126.279093@MYPC-PC> Subject: [SPAM] Your prayers will be appreciated. Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Dec 2021 05:41:53 -0600 (CST) for IP:'209.85.221.43' DOMAIN:'mail-wr1-f43.google.com' HELO:'mail-wr1-f43.google.com' FROM:'allenm6120@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Dec 2021 05:41:53 -0600 (CST) X-Spam-Prev-Subject: Your prayers will be appreciated. Status: R X-Status: X-Keywords: X-UID: 360 Content-Length: 3195
 
Hello friend,
 
How are you doing today? I am Mrs Louisa Besson from= France; I have decided to donate what I have to you, Churches, Motherless= babies, Less privileged, Widow's because I am diagnosed and dying with= cancer. I have been touched by God Almighty to donate from what I have= inherited from my late husband to you for the good work of God Almighty. I= have asked Almighty God to forgive me and believe he has, because he is a= Merciful God, I will be going in for surgery soon and your prayers will be= appreciated.
 
I decided to donate the sum of "eight million, five= hundred thousand united state dollar" to you for the good work of God= Almighty, and also to help the motherless and less privileged and also for= assistance of the widows and Less privileged during this Covid 19 Pandemic.= As soon as I read from you, I shall give you info on what I need from you,= then you will contact the bank and tell them I have willed my inheritance= to you by quoting my personal file routing and account information to you= for good, effective and prudent work. I know I don't know you but I have= been directed to do this by God Almighty.
 
Please I will need you to respect my decision and keep= every process of this confidential until every process is finalized. If you= are interested in carrying out this task, i will need you to get back to me= and answer the below questions,
 
1). That you are in a position to be trusted with such a= large amount of funds, and that you have a heart for charity and thus would= not have any problems locating the right charity and human aid groups to= disburse the fund to. It would be nice to know what charities you have in= mind to donate the money to?
 
2). That you are willing to contact the bank holding the= deposit to discuss the terms of releasing the funds to you?
 
3). That you promise to respect my decision and keep every= process of this transfer confidential top secret until every process is= finalized?
 
4). That you fully understand this transaction and you are= ready to proceed under these terms?
 
I wish you all the best and May the good Lord bless you= abundantly.
 
Yours Faithfully,
Mrs.Louisa Besson.
 
From philiprogerr@gmail.com Thu Dec 2 19:07:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************ X-Spam-Status: Yes, score=12.9 required=5.0 tests=BAYES_99,BAYES_999, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM,HTML_MESSAGE, LOTS_OF_MONEY,MSGID_FROM_MTA_HEADER,NML_ADSP_CUSTOM_MED, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_ZBI, SPAM_BOOSTER_04,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in * bl.spamcop.net * [Blocked - see ] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [philiprogerr[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.0 LOTS_OF_MONEY Huge... sums of money * 2.5 SPAM_BOOSTER_04 Boost score for BAYES_999 + BRBL or PSBL or * SCBL * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 RCVD_IN_MSPIKE_ZBI No description available. * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list X-Spam-Relay-Country: US US Received: from hwsrv-923635.hostwindsdns.com (hwsrv-923635.hostwindsdns.com [23.254.217.232]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B317iJl036859 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 2 Dec 2021 19:07:51 -0600 Message-Id: <202112030107.1B317iJl036859@ga.impsec.org> Received: from [66.154.113.237] (unknown [66.154.113.237]) by hwsrv-923635.hostwindsdns.com (Postfix) with ESMTPA id D5B63129722; Thu, 2 Dec 2021 23:17:24 +0000 (UTC) Authentication-Results: hwsrv-923635.hostwindsdns.com; spf=pass (sender IP is 66.154.113.237) smtp.mailfrom=philiprogerr@gmail.com smtp.helo=[66.154.113.237] Received-SPF: pass (hwsrv-923635.hostwindsdns.com: connection is authenticated) Content-Type: multipart/alternative; boundary="===============1396796890==" MIME-Version: 1.0 Subject: [SPAM] Re: Business Insight To: Recipients From: "Philip Roger" Date: Thu, 02 Dec 2021 15:17:27 -0800 X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Dec 2021 19:07:51 -0600 (CST) for IP:'23.254.217.232' DOMAIN:'hwsrv-923635.hostwindsdns.com' HELO:'hwsrv-923635.hostwindsdns.com' FROM:'philiprogerr@gmail.com' RCPT:'' X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 02 Dec 2021 19:07:51 -0600 (CST) X-Spam-Prev-Subject: Re: Business Insight Status: R X-Status: X-Keywords: X-UID: 361 Content-Length: 2151 You will not see this in a MIME-aware mail reader. --===============1396796890== Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Greetings, I'm Philip, working with Med Pharma Ltd as a research consultant. Our company is one of UK's most respected and indigenous multi-million Poun= ds pharmaceutical companies, manufacturing all over hundreds of various life saving bio pharmaceutical p= roducts and medical consumables. I have a business proposal that would interest you on this, and I shall exp= lain deeply if I get a response from you in this regard. You can feel free to message me through my personal email; philiprogerr@gm= ail.com Note: You have the right to quit by the end of my detailed explanation and = you don't feel like moving forward with me. But Trust me, you won't regret it. Thank you. Regards Philip Roger --===============1396796890== Content-Type: text/html; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body

Greetings,

I'm Philip, working with = Med Pharma Ltd as a research consultant.

Our company is one of UK's = most respected and indigenous multi-million Pounds pharmaceutical companies= ,

manufacturing all over hundreds of various life saving bio pharmac= eutical products and medical consumables.

I have a business proposal= that would interest you on this, and I shall explain deeply if I get a res= ponse from you in this regard.

You can feel free to message me throu= gh my personal email;  philiprogerr@gmail.com


Note: You have the right t= o quit by the end of my detailed explanation and you don't feel like moving= forward with me.
But Trust me, you won't regret it.

Thank you.
Regards
Philip Roger

--===============1396796890==-- From jhardin@impsec.org Sat Dec 4 05:30:49 2021 -0500 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 53773 invoked by uid 99); 4 Dec 2021 10:32:28 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Dec 2021 10:32:28 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id 3D2431FF4F1 for ; Sat, 4 Dec 2021 10:32:28 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org X-Spam-Flag: NO X-Spam-Score: 5.603 X-Spam-Level: ***** X-Spam-Status: No, score=5.603 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENA_SUBJ_ONLY_RE=2.2, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.2, MISSING_HEADERS=1.207, REPLYTO_WITHOUT_TO_CC=1.946, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=azcuba.cu Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id HaZEHsSythuj for ; Sat, 4 Dec 2021 10:32:25 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=200.55.188.11; helo=mx2.azcuba.cu; envelope-from=angel.mendez@azcuba.cu; receiver= Received: from mx2.azcuba.cu (mx2.azcuba.cu [200.55.188.11]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTP id B4A5E7EB5E for ; Sat, 4 Dec 2021 10:32:20 +0000 (UTC) Received: from winter.azcuba.cu (unknown [172.16.2.4]) by mx2.azcuba.cu (Postfix) with ESMTP id 4C1FF40539; Sat, 4 Dec 2021 04:57:27 -0500 (EST) Received: from zimbra.azcuba.cu (orion.azcuba.cu [172.16.2.6]) by winter.azcuba.cu (Postfix) with ESMTP id 39D45D04E6; Sat, 4 Dec 2021 05:32:07 -0500 (CST) Received: from localhost (localhost [127.0.0.1]) by zimbra.azcuba.cu (Postfix) with ESMTP id 30842248752; Sat, 4 Dec 2021 05:32:05 -0500 (CST) Received: from zimbra.azcuba.cu ([127.0.0.1]) by localhost (zimbra.azcuba.cu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id tq1IeEe1tvHU; Sat, 4 Dec 2021 05:32:00 -0500 (CST) Received: from localhost (localhost [127.0.0.1]) by zimbra.azcuba.cu (Postfix) with ESMTP id 9E42424872E; Sat, 4 Dec 2021 05:31:31 -0500 (CST) DKIM-Filter: OpenDKIM Filter v2.10.3 zimbra.azcuba.cu 9E42424872E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azcuba.cu; s=81A01500-A7FE-11E9-A3C5-BFF67CBA5147; t=1638613891; bh=XQi7HNxTKtcPQd2a0ORH6Gowkv7e84kdEpjcZ4GhlfA=; h=Date:From:Message-ID:MIME-Version; b=sSNAFqvtYQH73rutbuo6prWhxuLqgTyRd99xB4djynYUVNWuzMTpE1ZWij9Msejtm eo+teYs2sk5nTd1HSH+S+pFqz4cf17bmUVrjS6KK9HJ5cU7m6J+XdNejwzpuYKTbEO HYJT5RDgFJlZAoEuZYQhX9vwe0iVi3eNNjwYNRBWeULoqbmY26c1xz3rPeK6dzTUnN eY+9XPPxud+H3jgSNqW0bY57n/6CJjEfkW5NZqEvW2Llt2ZFDcTIa3BoTCMup/ciNU jobOzsgJ0cYLzYGNC0E48jefrNSMmwZZtEuuR0pg87nt+963xG28GpKbQtFyqLST/h RzrEG8jIvH/1A== X-Virus-Scanned: amavisd-new at oc.azcuba.cu Received: from zimbra.azcuba.cu ([127.0.0.1]) by localhost (zimbra.azcuba.cu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 4qhsQVfAikoO; Sat, 4 Dec 2021 05:31:31 -0500 (CST) Received: from zimbra.azcuba.cu (orion.oc.azcuba.cu [172.16.10.6]) by zimbra.azcuba.cu (Postfix) with ESMTP id 5A5B82486BE; Sat, 4 Dec 2021 05:30:49 -0500 (CST) Date: Sat, 4 Dec 2021 05:30:49 -0500 (CST) From: "Ms. Ella Golan" Reply-To: "Ms. Ella Golan" Message-ID: <353956163.850659.1638613849193.JavaMail.zimbra@azcuba.cu> Subject: Re MIME-Version: 1.0 X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="=_068cda76-6230-4f9d-8c95-6084b883890b" X-Originating-IP: [172.16.2.6] X-Mailer: Zimbra 8.8.7_GA_1964 (zclient/8.8.7_GA_1964) Thread-Index: 8Nl4wZDr+UUEMSE0eezurD+ke9A7Sg== Thread-Topic: Re Status: X-Status: X-Keywords: X-UID: 362 Content-Length: 2977 --=_068cda76-6230-4f9d-8c95-6084b883890b Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit How are you doing today? I'm the Executive Vice President Banking Division with FIRST INTERNATIONAL BANK OF ISRAEL LTD (FIBI). I have a very lucrative deal to discuss with you. I will await your response to proceed with the details. Regards. Ms.Ella Golan --=_068cda76-6230-4f9d-8c95-6084b883890b Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
How are you doing today? I'm the Executiv= e Vice President Banking Division with FIRST INTERNATIONAL BANK OF ISRAEL L= TD (FIBI). I have a very lucrative deal to discuss with you.
I will await your response to proceed with the details.

Regards.
Ms.Ella Golan
--=_068cda76-6230-4f9d-8c95-6084b883890b-- From SLORUSSO@bilcocq.com Sun Dec 5 20:54:20 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.7 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,DEAR_FRIEND,FORM_FRAUD_5,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER, HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,MONEY_FORM_SHORT, MONEY_FREEMAIL_REPTO,NSL_RCVD_FROM_USER,RCVD_IN_MSPIKE_H2, RELAY_COUNTRY_FR,REPTO_419_FRAUD_GM_LOOSE,SPF_HELO_NONE,SPF_PASS, T_FILL_THIS_FORM_SHORT,UNDISC_MONEY,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9966] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.5 RELAY_COUNTRY_FR Relayed via France * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [92.175.211.9 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [fspero82[at]gmail.com] * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to * known advance fee fraud collector mailbox * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information * 0.2 MONEY_FORM_SHORT Lots of money if you fill out a short form * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs * 0.0 FORM_FRAUD_5 Fill a form and many fraud phrases X-Spam-Relay-Country: FR XX Received: from mail.bilcocq.com (mail2.bilcocq.com [92.175.211.9] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B62sAte040776 for ; Sun, 5 Dec 2021 20:54:20 -0600 Received: from User (103.114.104.117) by mail.bilcocq.com (192.168.2.24) with Microsoft SMTP Server id 14.3.498.0; Sun, 5 Dec 2021 20:55:46 +0100 Reply-To: From: INFO Subject: [SPAM] INFO Date: Sun, 5 Dec 2021 11:55:45 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit Message-ID: <33c2b192-4af0-4d00-a65b-04f44a58dcdc@srv-ex2010.bilcocq.local> To: Undisclosed recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 05 Dec 2021 20:54:20 -0600 (CST) for IP:'92.175.211.9' DOMAIN:'[92.175.211.9]' HELO:'mail.bilcocq.com' FROM:'SLORUSSO@bilcocq.com' RCPT:'' X-Greylist: Delayed for 06:58:11 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 05 Dec 2021 20:54:20 -0600 (CST) X-Spam-Prev-Subject: INFO Status: R X-Status: X-Keywords: X-UID: 363 Content-Length: 1285
Dear friend,
It might be a surprise to you reading from me again as I had written an earlier email to you but without a response. Presently, I'm in the hospital where I am undergoing treatment for Esophageal Cancer. I am Mrs. Felicia sp?ro, widow to late Maurientes sp?ro, former deputy defense attach? to Benin consulate in the Czech Republic. My husband was killed by those who were envious of his position in the same office.
But before his death, he vowed to use his wealth for the orphanages and elderly persons who are less privileged.He deposited the sum of {NINE HUNDRED THOUSAND DOLLARS} here in the bank.  I have decided to donate this money to an individual, who will utilize it to fulfill the last request of my late husband, which is why I contacted you. Reply with your full names, phone number, address, and occupation so that I will give you more details.
Yours Sincerely,
Mrs. Felicia sp?ro
 From apmail-jhardin-owner@apache.org Tue Dec 7 19:15:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1B83F2Ew031011 for ; Tue, 7 Dec 2021 19:15:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=5.0 tests=ADVANCE_FEE_4_NEW_MONEY, BAYES_99,BAYES_999,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, LOTS_OF_MONEY,NA_DOLLARS,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,T_HK_NAME_FM_MR_MRS, USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: FI US IN ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 07 Dec 2021 19:15:02 -0800 (PST) Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B83EF3s040829 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 7 Dec 2021 21:14:23 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id 12E7F5FDBA for ; Wed, 8 Dec 2021 03:14:13 +0000 (UTC) Received: (qmail 19696 invoked by uid 500); 8 Dec 2021 03:14:13 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 19688 invoked by uid 99); 8 Dec 2021 03:14:12 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Dec 2021 03:14:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id D98341FF54A for ; Wed, 8 Dec 2021 03:14:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 3pfAE3bG0JrH for ; Wed, 8 Dec 2021 03:14:11 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.65; helo=mail-ua1-f65.google.com; envelope-from=mrschantadiarrah@gmail.com; receiver= Received: from mail-ua1-f65.google.com (mail-ua1-f65.google.com [209.85.222.65]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 1F20ABD9FB for ; Wed, 8 Dec 2021 03:14:11 +0000 (UTC) Received: by mail-ua1-f65.google.com with SMTP id 30so2239487uag.13 for ; Tue, 07 Dec 2021 19:14:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=upEjCtnC2Ii3s0C5EN8WCUBESCEy7mmkpRfQMue+b8o=; b=GdxzJYyHtBIVNhbgOGcts3vYaACMoiSgN7Z687LUyY1Gk/yyH+J/SE00i/dmo3choO vHtHX5JujOqC4gm0RT17okFQRKSaffuXqmRzcyL4mRVn6T3oaj/WMUVvgUo2pd/MoY8t Ommk4AWGUF8BCp250c28AWqfF56z0FF7qePDqawDzKh3gnA70Htr/77Bv3WuEdshtJKY XuCa4WGrf5YFDSCdIYE6GJ6koxAYXbxGBClidBpc+IERafdT0f/MwyasjYZRVZsMBNOO rwto78wNg8GC5hVJLN60IGBAvl3po/m5CYz0KgKM8VNJjwU3GQ3TaZJScBaq6gwn5wau yh/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=upEjCtnC2Ii3s0C5EN8WCUBESCEy7mmkpRfQMue+b8o=; b=chvmbtNTStJFnZeJ5ADJ3yt2rmjKNFi2xHi9dSLMufgoly7RCcDBr9G+Qk3iYUcd6V AXP+Sv9R9FsQXuMQOChyaMZUyI6ebynBbq62TgTtCtal0rsyv0BFeWW+3/Qo8TFp4XfJ tqDX3zGqRDxUjtwChhQBfgvyCK5VpRbeMZ3yRzsVp/eXgWGG+qaRUV11LjZ/ZuNyrgW6 jakAhZLlPbBFJ/DjK6t6ZjUhOyFsOFvmgEKeJKy5Xb2pGv8nQiwyC58Joy1hnpAyQdv1 QkOcUQ5qxivWhCBWVnsJuxKuJ5yiW9zulcTJK4Fs6s7Wn96abX6P346GJd3RHvH69UO7 dPDQ== X-Gm-Message-State: AOAM530jPhB7V20DIQCbsXqe9Qna7OXPGFDpVFkFiJ+sO6B4qTdjGIh8 1rEN47Mw5C2Fb1n1V+zTzqLiGjBO0sd7//GW1fVmrz6c5tE04Q== X-Google-Smtp-Source: ABdhPJy/DOt9smCGE7+0yYpF1KxmjyXaryzTMpwq6uh9LIKwIb6KNdszCjxZpE9Q3W2cJMx+FVaDrZEgprYxJYp2d0o= X-Received: by 2002:ab0:44e:: with SMTP id 72mr5077531uav.121.1638933250300; Tue, 07 Dec 2021 19:14:10 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a59:a7b1:0:b0:260:f75:462a with HTTP; Tue, 7 Dec 2021 19:14:10 -0800 (PST) From: "mrs.chanta diarrah" Date: Tue, 7 Dec 2021 19:14:10 -0800 Message-ID: Subject: Dear beloved To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 07 Dec 2021 21:14:23 -0600 (CST) for IP:'95.216.194.37' DOMAIN:'mxout1-he-de.apache.org' HELO:'mxout1-he-de.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 07 Dec 2021 21:14:23 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 364 Dear beloved Compliment of the day to you. I am Mrs.CHANTAL I am sending this brief letter to solicit your partnership to transfer $5.5 Million US Dollars. I shall send you more information and procedures when I receive positive response from you. Please send me a message in my private email address is (diarrahchantal36@gmail.com) Best Regards Mrs.Chantal Diarrah. From azizissa1100@gmail.com Tue Dec 7 14:24:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********** X-Spam-Status: Yes, score=11.6 required=5.0 tests=BAYES_80, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,T_MONEY_PERCENT,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8655] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [azizissa1100[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.219.175 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.219.175 listed in wl.mailspike.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [mohammedshamekh24[at]gmail.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [azizissa1100[at]gmail.com] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B7KO7jc012395 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 7 Dec 2021 14:24:11 -0600 Received: by mail-yb1-f175.google.com with SMTP id j2so633190ybg.9 for ; Tue, 07 Dec 2021 12:24:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=7Z4bIWUJcNwasnOvZT//wASf4/xDxe1Cc4BxfIfuhGs=; b=aCkXkPaXi/041SDXG3Nglpl8bWp3Mj33HS91aQFCIyCsXjjBQGHIJmozOXfCb56RY8 mtgKc1JMosWRZmdmxcN+qwrkV53qZTG0pIj3CimJSdBZw1zOmAN/Y0syWbq34TgYkFmB eN+ZfxaJmFIpA01J70dOOqty3j08FZaL+Y2kmMnhtiap5SEcUcxqTxltNa0qNux4nvEQ JeV85ww+0wGK9OrhniIOlToaZ+yK0S4IOsdZao/FeT+vmMHhpFDN6qF3+ipIquanhFbV 1ejQmb6JgyACDQzNzxdA7w/dCnftr0d713LGj81Y24QRBvmV8cQtAQL1T6O904FqMYot 1duA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:content-transfer-encoding; bh=7Z4bIWUJcNwasnOvZT//wASf4/xDxe1Cc4BxfIfuhGs=; b=MzMZWyNlA7Jt6XSZocRB+QtUIf5BDUkjWANMIg7bm6AFLzxvSinXH6gChiqNFqp50C gNn8S4dQF0z/6Oaj4BOxFHjbdGEqh/7VgxVwpgvgMBF5gRS4mWHIH2LgReTmCUMxa4lm 5UrjPYREmKfrJRYxeRoiID6wz0VjfBP5PHSk8ZurJorNs25vOtlCbnqnqTlPIy8PkxyF izXseckqJqOiZt5NUKga2ODOPjzAJDk2gRSdNol/K1xjntYVdQdJQcCDlSUAIt+5Iw4G lwQsgN1Esiqr9J0IjTlhohF+AOEa1h/x9ytJ0XDboMorrSJbuapxJpNjYKLHNvxhmHky /FZg== X-Gm-Message-State: AOAM530TtgSpvuAMOd1YH24MUoRxAvZAAzTDpacXbnNeKWV4HAvo5iaD /M+BcaD+u70L8ruwdAvmuMpnR9KXC3uX8ioHg5Y= X-Google-Smtp-Source: ABdhPJzOlmt1cirkBUFxhNSY8XCTLaCyqFFogO3jAuhSD3heeXcs1wLWzH/6aPMd+VlaVsb74JtPSfEemAUmHcw+9NE= X-Received: by 2002:a25:c54f:: with SMTP id v76mr55906218ybe.212.1638908646351; Tue, 07 Dec 2021 12:24:06 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:7010:4ac5:b0:1e1:4f5b:c145 with HTTP; Tue, 7 Dec 2021 12:24:05 -0800 (PST) Reply-To: mohammedshamekh24@gmail.com From: Mrmohammed shamekh Date: Tue, 7 Dec 2021 12:24:05 -0800 Message-ID: Subject: [SPAM] THE AMOUNT IS 27.5 MILLIOMS USD To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 07 Dec 2021 14:24:11 -0600 (CST) for IP:'209.85.219.175' DOMAIN:'mail-yb1-f175.google.com' HELO:'mail-yb1-f175.google.com' FROM:'azizissa1100@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 07 Dec 2021 14:24:11 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by ga.impsec.org id 1B7KO7jc012395 X-Spam-Prev-Subject: THE AMOUNT IS 27.5 MILLIOMS USD Status: R X-Status: X-Keywords: X-UID: 365 Dear Friend, Greetings. How are you doing today i hope fine? I came across your e-mail contact prior a private search while in need of your assistance. My name  Mr mohammed shamekh ’ I work with the department of Audit and accounting manager here in UBA Bank of Africa, There is this fund that was keep in my custody years ago and I need your assistance for the transferring of this fund to your bank account for both of us benefit for life time investment and the amount is (US $27,500. Million Dollars). I have every inquiry details to make the bank believe you and release the fund to your bank account in within 7 banking working days with your full co-operation with me after success Note 50% for you while 50% for me after success of the transfer of the funds to your bank account okay. WAITING TO HEAR FROM YOU. THANKS. Mr mohammed shamekh , From un-claims@covid19funds.org Thu Dec 9 11:07:09 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *********************** X-Spam-Status: Yes, score=23.3 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_60,FAKE_REPLY_C,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_OUTLOOK_TAGS,FREEMAIL_FORGED_REPLYTO,FROM_MISSPACED, FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_TO_UNDISC, FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE, LOTS_OF_MONEY,LOTTO_AGENT,LOTTO_DEPT,MIME_HTML_ONLY,MISSING_MIMEOLE, MONEY_ATM_CARD,MONEY_FREEMAIL_REPTO,MONEY_FROM_MISSP, MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,SPF_HELO_NONE,SPF_SOFTFAIL, UNDISC_MONEY,URG_BIZ autolearn=disabled version=3.4.4 X-Spam-Report: * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.6553] * 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 0.0 NSL_RCVD_FROM_USER Received from User * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.6 URG_BIZ Contains urgent matter * 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 1.9 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE * 0.0 FROM_MISSP_USER From misspaced, from "User" * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed * 1.9 MONEY_FROM_MISSP Lots of money and misspaced From * 1.5 FAKE_REPLY_C No description available. * 0.0 FROM_MISSPACED From: missing whitespace * 0.2 MONEY_ATM_CARD Lots of money on an ATM card * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 LOTTO_AGENT Claims Agent * 0.9 LOTTO_DEPT Claims Department * 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: AM ** XX Received: from txs.nk.am (txs.nk.am [178.213.128.194]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1B9H6vhT008524 for ; Thu, 9 Dec 2021 11:07:08 -0600 Received: from localhost (unknown [127.0.0.1]) by txs.nk.am (Postfix) with ESMTP id 8111BB03B8F; Tue, 7 Dec 2021 08:56:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at taxservice.nk.am Received: from User (unknown [102.32.28.150]) (Authenticated sender: ttv@taxservice.nk.am) by txs.nk.am (Postfix) with ESMTPA id 8E314B00F32; Tue, 7 Dec 2021 12:39:09 +0400 (+04) Reply-To: From: "un-claims@covid19funds.org" Subject: [SPAM] Re: second wave of relief Date: Tue, 7 Dec 2021 10:39:24 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Message-Id: <20211207085648.8111BB03B8F@txs.nk.am> To: undisclosed-recipients:; X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 09 Dec 2021 11:07:09 -0600 (CST) for IP:'178.213.128.194' DOMAIN:'txs.nk.am' HELO:'txs.nk.am' FROM:'un-claims@covid19funds.org' RCPT:'' X-Greylist: Delayed for 52:14:40 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 09 Dec 2021 11:07:09 -0600 (CST) X-Spam-Prev-Subject: Re: second wave of relief Status: R X-Status: X-Keywords: X-UID: 366 Content-Length: 4275
UNITED NATIONS COMPENSATION COMMISSION
United Nations Organization
UNCC Secretariat. (Dublin  Ireland)
 
Good Day
 
PAYMENT OF US$ 240,000 .00
 
Thank you for your swift response to the UNCC message.
 
The United Nations has announced a second wave of relief to help businesses and individuals navigate financial commitments as Covid-19 continues to impact the livelihood of many individuals and businesses across the globe.
 
The United Nations Compensation Commission (UNCC)was created in 1991 as a subsidiary organ of the UN Security Council with a mandate to process claims and pay compensation.
 
The Governing Council is the organ of the Commission that sets its policy within the framework of relevant United Nations Security Council resolutions. As such, it established the criteria for the compensability of claims, the rules, and procedures for processing the claims, the guidelines for the administration and financing of the Compensation Fund, and the procedures for the payment of compensation. The Governing Council reports regularly to the Security Council on the work of the Commission.
 
In this case, I represent you as your claim agent, and I believe I will provide you great service. There are only three easy steps to this claim. The US$240,000 will be sent to your designated address in the form of a Visa Debit Card.
 
1. Please fill out the attached form, sign it, and return it to this office for processing and issuance of the VISA Debit Card.
 
2. A VISA Debit Card will be dispatched to your designated address very soon once issued by the United Nations Finance Division, and you will be able to track the delivery of your card.
 
3. Once you confirm that you have received the Visa Debit Card at this office, the card will be activated within 24 hours. This precaution is taken for security reasons to prevent a fully activated card from falling into the wrong hands.
 
Awaiting your urgent response,
 
Mr. Benjamin Sesay
Claims Department.
United Nations Compensation Commission (UNCC)
Tel: +353 1920 3734
 From anna@glpak.ru Sat Dec 11 00:55:11 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************** X-Spam-Status: Yes, score=14.0 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_80,FBI_MONEY,FBI_SPOOF,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FREEMAIL_REPTO,RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,RDNS_NONE, RELAY_COUNTRY_RU,SPF_HELO_SOFTFAIL,SPF_SOFTFAIL,SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.9353] * 1.0 RELAY_COUNTRY_RU Relayed via Russia * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [176.106.232.205 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [176.106.232.205 listed in bl.score.senderscore.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record * (softfail) * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [westernuniopayment.agent0018[at]consultant.com] * 0.0 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.0 FBI_SPOOF Claims to be FBI, but not from FBI domain * 1.0 FBI_MONEY The FBI wants to give you lots of money? * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 0.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money X-Spam-Relay-Country: RU ** ** RU Received: from glpak.ru ([176.106.232.205]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BB6t2gt011348 for ; Sat, 11 Dec 2021 00:55:11 -0600 Received: from alex.glpak.ru (localhost [127.0.0.1]) by glpak.ru (Postfix) with ESMTP id 8DE8EB94918; Sat, 11 Dec 2021 09:43:35 +0700 (NOVT) X-Virus-Scanned: amavisd-new at glpak.ru Received: from glpak.ru ([127.0.0.1]) by alex.glpak.ru (glpak.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Wbe5F7K6VC6; Sat, 11 Dec 2021 09:43:35 +0700 (NOVT) Received: from EC2AMAZ-QUTIC32.us-east-2.compute.internal (unknown [213.234.212.28]) by glpak.ru (Postfix) with ESMTPA id EF502B962D0; Sat, 11 Dec 2021 09:43:27 +0700 (NOVT) Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Description: Mail message body Subject: [SPAM] Re: Re: PAYMENT APPROVED TO YOU $3.5MILLION. To: Recipients From: "U.S. FEDERAL BUREAU OF INVESTIGATION" Date: Sat, 11 Dec 2021 02:43:24 +0000 Reply-To: westernuniopayment.agent0018@consultant.com Message-Id: <20211211024335.8DE8EB94918@glpak.ru> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 11 Dec 2021 00:55:11 -0600 (CST) for IP:'176.106.232.205' DOMAIN:'[176.106.232.205]' HELO:'glpak.ru' FROM:'anna@glpak.ru' RCPT:'' X-Greylist: Delayed for 02:28:23 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 11 Dec 2021 00:55:11 -0600 (CST) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by ga.impsec.org id 1BB6t2gt011348 X-Spam-Prev-Subject: Re: Re: PAYMENT APPROVED TO YOU $3.5MILLION. Status: R X-Status: X-Keywords: X-UID: 367 Content-Length: 1401 Greetings. After proper and several investigations and research at Western Union and Money Gram Office, we found your name in Western Union database among those that have sent money through Western Union and this proves that you have truly been swindled by those unscrupulous persons by sending money to them through Western Union/Money Gram in the course of getting one fund or the other that is not real. In this regard a meeting was held between the Board of Directors of WESTERN UNION, MONEY GRAM, the Federal Bureau of Investigation (FBI) alongside with the IRS, As a consequence of our investigations it was agreed that the sum of Three Million Five Hundred Thousand United States Dollars ($3.5MILLION USD) should be transferred to you out from the funds that the United States Department of the Treasury has set aside as compensation payment for scam victims. This case would be handled and supervised by the Federal Bureau of Investigation (FBI). We have submitted your details to them so that your funds can be transferred to you. Contact the Western Union agent office through the information below: Contact Person: Vickie Kries Address: Western Union/Money gram Post Office, Florida USA. Email: westernuniopayment.agent0018@consultant.com Yours sincerely, Christopher A. Wray DIRECTOR FEDERAL BUREAU OF INVESTIGATION UNITED STATES DEPARTMENT OF JUSTICE WASHINGTON, D.C. 20535 From ws666696@gmail.com Sat Dec 11 12:45:27 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ******************* X-Spam-Status: Yes, score=19.8 required=5.0 tests=ADVANCE_FEE_5_NEW_FRM_MNY, BAYES_99,DEAR_SOMETHING,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FILL_THIS_FORM,FILL_THIS_FORM_LONG, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,HK_SCAM,LOTS_OF_MONEY,MONEY_FORM, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,UNDISC_FREEM,UNDISC_MONEY, URG_BIZ,XFER_LOTSA_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9923] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.222.41 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.222.41 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [ws666696[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [willsmi68[at]yahoo.com] * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [ws666696[at]gmail.com] * 2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)' * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.6 URG_BIZ Contains urgent matter * 0.0 LOTS_OF_MONEY Huge... sums of money * 0.0 HK_SCAM No description available. * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 1.0 XFER_LOTSA_MONEY Transfer a lot of money * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 3.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 0.0 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 3.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com [209.85.222.41]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BBIjOEH040512 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 11 Dec 2021 12:45:27 -0600 Received: by mail-ua1-f41.google.com with SMTP id w23so22376420uao.5 for ; Sat, 11 Dec 2021 10:45:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=nWJ2cCPN8vxTo1JklizjArmB8777q9QmnDEH7GeJH2g=; b=CULkpHF+LcCNHAjstMD0oflM/xCxNGVJUPj4ysDwSmEwbIyQJ1yvx2sRgNZ2Gy/yey kx0zvGheDsD3ejLzqWel/iqBm310VcWuD9Rxo/gIl167VNnWWmH1ZzQDFI0ZjD+23Dau 4e49zsGlDGBvr1Q0rgIfikC3LHyzqDre0rJe7SDwCB2B069+by3izLPKsUJz1Qt0SaWl MyFQNv7HmtvhqORn1Wc+fWMVA/cUVRv5i6AcipyZyE2uFp3LWAijlrc7hjLLj1tYzNvC EU5f2FmiBTIlZMzEcyKvHIUhRfbu5pkRBPxhtqfxG9WlJOuz6Bn/CWjWvwbkiu6834c4 U2Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=nWJ2cCPN8vxTo1JklizjArmB8777q9QmnDEH7GeJH2g=; b=qstjliOwykPd1i8jiRgv6wuQqwWxFSOAh4sGmIzs1q56FkeXmW3qhikR9DiJTWIiXN De+sZknXr2vQd66XeNOEWU2czWButQQJ2ZG5t0oa8Magjg9KdvdpmwnGuFVAlYmqWk8r 6hPjpm2bKJ8cf9+usyTnu6FIGv9mDJBohR3wLuVYNi5ywC5yAvT04Ec32MdotHnK6ZRY 4fIS6uk8ZmKYWGOsAplXvoSTUG50zXVsHPbYCVPKaE7c8WD9GEhMuDWPu8d7H4AOL/XK V9H2xwbFsLh07bbPhaxEZBtoTwzf//lhOrZeWQmHIFhhT/cjct39IjsDhMWyXh8tCQje oTmw== X-Gm-Message-State: AOAM5307r9YK+722gR4YYEkzN2eExiHKqaxZBj3H0T4GmdBUJt2MQ8oZ xJHJs175A3DyBZI7Krs5syuuEmwfet4fxRhelt4YoyLCJOppknUh X-Google-Smtp-Source: ABdhPJyuCR/AMkgEu88qP1HuXHExfVQN4h+wlHfjgtrJXDCE3FobGdoU+mwsnGCCJpOI/74iVLW+MDJHsNIZzdWbVi8= X-Received: by 2002:a05:6130:42c:: with SMTP id ba44mr36416684uab.52.1639248320503; Sat, 11 Dec 2021 10:45:20 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a59:ac10:0:b0:264:927a:aa46 with HTTP; Sat, 11 Dec 2021 10:45:20 -0800 (PST) Reply-To: willsmi68@yahoo.com From: Michael Auckland Date: Sat, 11 Dec 2021 19:45:20 +0100 Message-ID: Subject: [SPAM] Foreign Payment Settlement To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 11 Dec 2021 12:45:27 -0600 (CST) for IP:'209.85.222.41' DOMAIN:'mail-ua1-f41.google.com' HELO:'mail-ua1-f41.google.com' FROM:'ws666696@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 11 Dec 2021 12:45:27 -0600 (CST) X-Spam-Prev-Subject: Foreign Payment Settlement Status: R X-Status: X-Keywords: X-UID: 368 Content-Length: 2146 Monzo Bank Limited 38 Finsbury Square London EC2A. 1PX United Kingdom Tel: (44) 703 195 8389 >From The Desk Of: Mr. Michael Auckland (Foreign Operation Officer) Attention, Dear sir, I am Mr. Michael Auckland from Monzo Bank Limited. we had just formed a new forum which is the newly inaugurated World Debt Recovery committee (WDRC). My committee has a mandate to recover unpaid debts associated with NNPC contracts, Lottery fund, inheritance fund, loans and grants etc ranging from $1M-$95.5M owed to various beneficiaries and companies across the globe (Asia, Europe, USA, Africa, and Australia) and submit the list of the unpaid beneficiaries/companies to the 2 appointed official paying Banks for immediate payment of the fund. In the course of our investigation, your email address/particulars were shortlisted among the first fifteen individuals yet to be paid hence this email. However, we received a petition today from one Mrs.Christina Morgan that you are dead. According to her, you died in a plane crash as such your fund should be paid to her as the apparent heir. She has also submitted her Bank account with Bank of America for the transfer of the fund to her. To avoid undue delay or paying the fund to wrong individual/beneficiary, we have decided to contact you for confirmation. If we fail to hear from you after 72 hours, it will be assumed that the petition of Mrs. Morgan is true and the fund will be paid to her without further delay. Therefore, We would like you to choose below your choice of fund transfer: (A) Bank Transfer/Online Banking (B) Certified Bank Draft/Cheque (C) ATM Card (D) Consignment Your full personal information is also required as below which will be needed for the transfer of your fund. (A) Full name and residential address (B) Next of kin (C) Occupation (D) Nationality (E) Bank Account Information (F) Telephone numbers (G) Scan the first page of your international passport or drivers license, recent passport photograph, send all via email attachment. Your urgent response is always required because you have a limited time to execute this fund. Sincerely Yours Mr. Michael Auckland From apmail-jhardin-owner@apache.org Mon Dec 13 11:57:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1BDJv2pM028001 for ; Mon, 13 Dec 2021 11:57:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_99,BAYES_999, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US US IN ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Mon, 13 Dec 2021 11:57:02 -0800 (PST) Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BDJuhqp011202 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 13 Dec 2021 13:56:46 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id AE5523E9E4 for ; Mon, 13 Dec 2021 19:56:39 +0000 (UTC) Received: (qmail 41843 invoked by uid 500); 13 Dec 2021 19:56:39 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 41839 invoked by uid 99); 13 Dec 2021 19:56:39 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Dec 2021 19:56:39 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id D95DA1FF519 for ; Mon, 13 Dec 2021 19:56:38 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 5nPkgAo821sW for ; Mon, 13 Dec 2021 19:56:38 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.176; helo=mail-vk1-f176.google.com; envelope-from=mrs.klararichter07@gmail.com; receiver= Received: from mail-vk1-f176.google.com (mail-vk1-f176.google.com [209.85.221.176]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 2384FBD81C for ; Mon, 13 Dec 2021 19:56:38 +0000 (UTC) Received: by mail-vk1-f176.google.com with SMTP id s1so11119030vks.9 for ; Mon, 13 Dec 2021 11:56:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=59yeu3uaY2mGLhVbmwY+Vm8nxPwSsNfvO2TxK7iEybM=; b=PZFod6ClRZfmK7/NqMsUYeLjk1Qn+UNhRRwNoKPio4BEQ8yhZKtOvXLp1fVT0sUvdH BjekKw1cHTDB2xVqfs0524K0dIk+Feylv2zCCvXyiLgx9tObbMHHXBlnTt0ET3cqCpQl m++OFhPiFJ88gYQKZ+XBr0CmG+C3vDnl5CU4Lgk/UTtH1f0DosZ7XfYKtTDRSck349yH zUr8l1W1CSQAwiycMAdWVufxRSulKO69dZcr93/XC/gZOWrbd1KLVadXgeuGrxwmyKgs 3jHDWBrmtPDg5PfnJssBUgw1/EOLBfwkYDMqIm/RJLGrNgVRMCV+gut1V0HLnZSRwJVa EuFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=59yeu3uaY2mGLhVbmwY+Vm8nxPwSsNfvO2TxK7iEybM=; b=UHyajL4HcLWbS/uPINC4Er5zOCeYKjheT+sE/WGdQLWYe8vll/p3fQxwvl+LI66rx/ OB3jprwVisrvugHu0xnOnng3AuLWzWGW8HkJe/JpjezKFGZ5nUrD+ORNk/ZlLXQoHPXR 1aSjlTcRuCeNbBalS+WJigepVktUQaBDczxBbfsj5Ayk9Eyhp7Tyxteue8jd1hVpRj54 uDLJtCQ12DCLv0muIWknAA/sNVupAo1+hiCwJfChNcbGYiMIbTbw+Ow1Lh6qQU7cNNUi q1ItW9ok1npPfjgF+9Gh28PqPQ813Eq8/hXzMwe4vyhEzV0iUOEMqhBbZ+Vw/QpWOb0S dvsA== X-Gm-Message-State: AOAM533DhdvaDLNOioqVHlTdTyueMAC4oJW8NJL3y/VK61pPYWXbU4kw dHo94lYp8W+mYzqncQ2t+YDBLlYbeyfnnruhZMI= X-Google-Smtp-Source: ABdhPJw2BPBGp0npUD09cSaoTd0EyP660rU1E71T197AmsmfgUJemJsxYdJ7Wt8JlHmO7Y12Ox5EuzMPp86uT1TqW7c= X-Received: by 2002:a1f:19d1:: with SMTP id 200mr244299vkz.36.1639425392143; Mon, 13 Dec 2021 11:56:32 -0800 (PST) MIME-Version: 1.0 Reply-To: sgt.monicab03@gmail.com From: Sgt Monica Brown Date: Mon, 13 Dec 2021 19:56:14 +0000 Message-ID: Subject: Best regards To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/alternative; boundary="00000000000022709505d30c78e0" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 13 Dec 2021 13:56:46 -0600 (CST) for IP:'3.227.148.255' DOMAIN:'mxout1-ec2-va.apache.org' HELO:'mxout1-ec2-va.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Mon, 13 Dec 2021 13:56:46 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 369 --00000000000022709505d30c78e0 Content-Type: text/plain; charset="UTF-8" Hello, I am Sgt. Monica Brown, Please confirm to me the receipt of this message.I have sent you this message many times but couldn't hear your response.Please get back to me very important for more details. --00000000000022709505d30c78e0 Content-Type: text/html; charset="UTF-8"
Hello,
I am Sgt. Monica Brown, Please confirm to me the receipt of this message.I have sent you this message many times but couldn't hear your response.Please get back to me very important for more details.
--00000000000022709505d30c78e0-- From mrsblessingscleme@gmail.com Sun Dec 12 15:11:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.4 required=5.0 tests=BAYES_60,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLYTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_HK_NAME_FM_MR_MRS,UNDISC_FREEM,UPPERCASE_50_75,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7640] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.173 listed in wl.mailspike.net] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.173 listed in list.dnswl.org] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrsblessingscleme[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 UPPERCASE_50_75 message body is 50-75% uppercase * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails X-Spam-Relay-Country: US Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BCLAu3e037961 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 12 Dec 2021 15:11:07 -0600 Received: by mail-oi1-f173.google.com with SMTP id o4so20834014oia.10 for ; Sun, 12 Dec 2021 13:10:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=CScZ3wgwAoNcP2hDnqXlix5UDGrDiarDd6PNIGLyspo=; b=IRNIDyOLkpEGTcezoQAjekh8JiEPYVbekMl5K5/+OeJrY3c1McaZSbTVwPpLAfJmca MR43XKNRFghBKLJNo4h3z6f2jkcyQjeVfTuLkoIxpGXpYKJH8N+erWYr9JULVa60O73n 5xwIr+DyPSKxfh3B9xI50kd1USeAcknzloCNe4WEf1AuXC7WG83f+NlBdqY+/gkhCPAy u9QscelDabxlpEtyWzJqcnQ55SWIHLt+DzdguHyvEYldJLTVs/B94/8AQuIezkNZo0pl Mg0LBJ0SKFHe3GGGzVr7BdPDGQAW8BTFn3ciN3H8BqIicGcXA629LXR+oN3lTnv7szpV 7tcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=CScZ3wgwAoNcP2hDnqXlix5UDGrDiarDd6PNIGLyspo=; b=rk1lzBl3Fdoc6zabf9et30ZQJZvL5FA+rNC4HVFTEOiUV8vpIQDDEC/ts7YlAztJbg assioLhyNRvQzhVF75T+wybRU7lhgnaXGGSDtilQNWqL+IvwJmjY0YHESamDYwGxdcUm u06NsNFiQMo/HDhQw1Zl0L04Hnuq409ayngymTCT5lr3ezIb9z7408X+rIyxg9FUw8hL J25xwfuwoJJ8Gh+6gscL+w/qlz/Cq8KFj4ovBKu1qe4mi3wU4bwviP4I0TNmp5LAhqxl UbB1k0jAyoxiaVRcoMdI53ZL7VbrBr0+sPRv/Vvs0T8yBKZu7U6IIDZFxwmPl9BlvXW1 DgHA== X-Gm-Message-State: AOAM530BUHHa3tIcR+yp1yEBkZnfLrBpsZNEIHAZRr09wUFUj8TQcc9o IFSddrNcxVjH3/PGuBpUkBlW+pQvqfZi8hrsHXQ= X-Google-Smtp-Source: ABdhPJzge+Y0cyNMing4KDSUq91fbbpmyIEMTz00qRC2Or8NrUu7obNh7oDXF1lz8hV9l+vxiciVynK4AhU6TBGuY7I= X-Received: by 2002:a05:6808:13ce:: with SMTP id d14mr24393074oiw.62.1639343455446; Sun, 12 Dec 2021 13:10:55 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a4a:48c7:0:0:0:0:0 with HTTP; Sun, 12 Dec 2021 13:10:55 -0800 (PST) Reply-To: mrsisabelladz@gmail.com From: "Mrs. Isabella Dzsesszika" Date: Sun, 12 Dec 2021 22:10:55 +0100 Message-ID: Subject: [SPAM] From Mrs. Isabella Dzsesszika To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 15:11:07 -0600 (CST) for IP:'209.85.167.173' DOMAIN:'mail-oi1-f173.google.com' HELO:'mail-oi1-f173.google.com' FROM:'mrsblessingscleme@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 15:11:07 -0600 (CST) X-Spam-Prev-Subject: From Mrs. Isabella Dzsesszika Status: R X-Status: X-Keywords: X-UID: 370 GOOD MORNING DEAR. MY NAME IS Isabella Dzsesszika. I AM CONTACTING YOU FOR IMPORTANT ISSUE I WILL LIKE TO DISCUS WITH YOU. PLEASE GET BACK TO ME IF YOU READ THIS MAIL. YOURS, Isabella Dzsesszika From mrsblessingscleme@gmail.com Sun Dec 12 15:11:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: *************** X-Spam-Status: Yes, score=15.4 required=5.0 tests=BAYES_60,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLYTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_HK_NAME_FM_MR_MRS,UNDISC_FREEM,UPPERCASE_50_75,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80% * [score: 0.7640] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mrsblessingscleme[at]gmail.com] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.167.169 listed in wl.mailspike.net] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.167.169 listed in list.dnswl.org] * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 UPPERCASE_50_75 message body is 50-75% uppercase * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails X-Spam-Relay-Country: US Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com [209.85.167.169]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BCLAubP037962 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sun, 12 Dec 2021 15:11:07 -0600 Received: by mail-oi1-f169.google.com with SMTP id s139so20749425oie.13 for ; Sun, 12 Dec 2021 13:10:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=CScZ3wgwAoNcP2hDnqXlix5UDGrDiarDd6PNIGLyspo=; b=IRNIDyOLkpEGTcezoQAjekh8JiEPYVbekMl5K5/+OeJrY3c1McaZSbTVwPpLAfJmca MR43XKNRFghBKLJNo4h3z6f2jkcyQjeVfTuLkoIxpGXpYKJH8N+erWYr9JULVa60O73n 5xwIr+DyPSKxfh3B9xI50kd1USeAcknzloCNe4WEf1AuXC7WG83f+NlBdqY+/gkhCPAy u9QscelDabxlpEtyWzJqcnQ55SWIHLt+DzdguHyvEYldJLTVs/B94/8AQuIezkNZo0pl Mg0LBJ0SKFHe3GGGzVr7BdPDGQAW8BTFn3ciN3H8BqIicGcXA629LXR+oN3lTnv7szpV 7tcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=CScZ3wgwAoNcP2hDnqXlix5UDGrDiarDd6PNIGLyspo=; b=qNQnM4tvqsg74J+K/9KqxICRoAwyv51qUij6N9Tyns4cw27kwNT+L12yGOTdoAzHTN f0eVrgcBVsxidHF12LmbkTqpiSDXihxlLkegdLfcsBIAgBMBK/9abtDZGhd6N+3EuQ7n ZFKDKv7ppCIgKJ9jdrSQ0Vua4E8iC7J9FYDnC8L1WPwhn/mBQqz+MPn/VDGkbecjqHmS itWxkdbZUlK1Wki4rilbr3pTdQgdu14QQLuwR0vDfS/JdpEKyVdebRveOW6nM/zJdshg Qx17raAmku9NxRLhVuyqkKW9i7SrCoyh3HIyV9Q7xkZoT7u0e508X54uFJ0qoObtrlre ZxkQ== X-Gm-Message-State: AOAM531lKylgcJ40hCReqMXpIhtutLVSA9/7awk5+jTMrKWLVKsXcz6n lEzv3lzIlKO39+H+PGRLPen6MgV2Af2emlz2ON0= X-Google-Smtp-Source: ABdhPJzge+Y0cyNMing4KDSUq91fbbpmyIEMTz00qRC2Or8NrUu7obNh7oDXF1lz8hV9l+vxiciVynK4AhU6TBGuY7I= X-Received: by 2002:a05:6808:13ce:: with SMTP id d14mr24393074oiw.62.1639343455446; Sun, 12 Dec 2021 13:10:55 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a4a:48c7:0:0:0:0:0 with HTTP; Sun, 12 Dec 2021 13:10:55 -0800 (PST) Reply-To: mrsisabelladz@gmail.com From: "Mrs. Isabella Dzsesszika" Date: Sun, 12 Dec 2021 22:10:55 +0100 Message-ID: Subject: [SPAM] From Mrs. Isabella Dzsesszika To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 15:11:07 -0600 (CST) for IP:'209.85.167.169' DOMAIN:'mail-oi1-f169.google.com' HELO:'mail-oi1-f169.google.com' FROM:'mrsblessingscleme@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 15:11:07 -0600 (CST) X-Spam-Prev-Subject: From Mrs. Isabella Dzsesszika Status: R X-Status: X-Keywords: X-UID: 371 GOOD MORNING DEAR. MY NAME IS Isabella Dzsesszika. I AM CONTACTING YOU FOR IMPORTANT ISSUE I WILL LIKE TO DISCUS WITH YOU. PLEASE GET BACK TO ME IF YOU READ THIS MAIL. YOURS, Isabella Dzsesszika From williamwhite714@gmail.com Sun Dec 12 14:09:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE,KHOP_HELO_FCRDNS, MIME_HTML_ONLY,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,STATIC_XPRIO_OLE, TO_NO_BRKTS_FROM_MSSP,T_HK_NAME_FM_MR_MRS,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [66.84.12.214 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [66.84.12.214 listed in bl.score.senderscore.com] * 1.6 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.2 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [williamwhite714[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [williamwhite714[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 1.3 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE * 2.0 FROM_MISSPACED From: missing whitespace * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 XPRIO Has X-Priority header * 0.6 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US ** Received: from Server2.sdb.us.com (s214.n12.n84.n66.static.myhostcenter.net [66.84.12.214] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BCK9ssa032881 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 12 Dec 2021 14:09:59 -0600 Message-Id: <202112122009.1BCK9ssa032881@ga.impsec.org> Received: from [127.0.0.1] (port=48720 helo=User) by Server2.sdb.us.com with smtp (Exim 4.86_1) (envelope-from ) id 1mvWaa-0006Yj-C0; Thu, 09 Dec 2021 22:28:52 -0500 Reply-To: From: "Mr Jesse Robert" Subject: [SPAM] Good day Date: Thu, 9 Dec 2021 19:32:48 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - Server2.sdb.us.com X-AntiAbuse: Original Domain - pavoninestudios.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: Server2.sdb.us.com: acl_c_authenticated_local_user: root X-Authenticated-Sender: Server2.sdb.us.com: root X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 14:09:59 -0600 (CST) for IP:'66.84.12.214' DOMAIN:'[66.84.12.214]' HELO:'Server2.sdb.us.com' FROM:'williamwhite714@gmail.com' RCPT:'' X-Greylist: Delayed for 64:37:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 14:09:59 -0600 (CST) X-Spam-Prev-Subject: Good day Status: R X-Status: X-Keywords: X-UID: 372
I am Mr Jesse Robert , would like you to contact me on my private
email (jerobtt@gmail.com) for a mutual benefit discussion.
Thanks.
 
JESSE ROBERT
 From williamwhite714@gmail.com Sun Dec 12 14:09:59 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ****************************************** X-Spam-Status: Yes, score=42.3 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT, FSL_CTYPE_WIN1251,FSL_NEW_HELO_USER,HTML_MESSAGE,KHOP_HELO_FCRDNS, MIME_HTML_ONLY,MISSING_HEADERS,MSGID_FROM_MTA_HEADER, MSOE_MID_WRONG_CASE,NML_ADSP_CUSTOM_MED,NSL_RCVD_HELO_USER, RCVD_IN_PSBL,RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC, SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL, SPOOFED_FREEM_REPTO,SPOOF_GMAIL_MID,STATIC_XPRIO_OLE, TO_NO_BRKTS_FROM_MSSP,T_HK_NAME_FM_MR_MRS,XPRIO autolearn=disabled version=3.4.4 X-Spam-Report: * 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL * [66.84.12.214 listed in psbl.surriel.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [66.84.12.214 listed in bl.score.senderscore.com] * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9998] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9998] * 1.6 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 1.2 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [williamwhite714[at]gmail.com] * 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override * is CUSTOM_MED * 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' * headers * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [williamwhite714[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 2.6 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 1.3 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 1.8 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay * 0.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE * 2.0 FROM_MISSPACED From: missing whitespace * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing * list * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.8 SPOOFED_FREEMAIL No description available. * 0.0 XPRIO Has X-Priority header * 0.6 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US ** Received: from Server2.sdb.us.com (s214.n12.n84.n66.static.myhostcenter.net [66.84.12.214] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BCK9sSQ032882 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 12 Dec 2021 14:09:59 -0600 Message-Id: <202112122009.1BCK9sSQ032882@ga.impsec.org> Received: from [127.0.0.1] (port=48720 helo=User) by Server2.sdb.us.com with smtp (Exim 4.86_1) (envelope-from ) id 1mvWaa-0006Yj-C0; Thu, 09 Dec 2021 22:28:52 -0500 Reply-To: From: "Mr Jesse Robert" Subject: [SPAM] Good day Date: Thu, 9 Dec 2021 19:32:48 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - Server2.sdb.us.com X-AntiAbuse: Original Domain - joya-arts.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Get-Message-Sender-Via: Server2.sdb.us.com: acl_c_authenticated_local_user: root X-Authenticated-Sender: Server2.sdb.us.com: root X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 14:09:59 -0600 (CST) for IP:'66.84.12.214' DOMAIN:'[66.84.12.214]' HELO:'Server2.sdb.us.com' FROM:'williamwhite714@gmail.com' RCPT:'' X-Greylist: Delayed for 64:37:03 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sun, 12 Dec 2021 14:09:59 -0600 (CST) X-Spam-Prev-Subject: Good day Status: R X-Status: X-Keywords: X-UID: 373
I am Mr Jesse Robert , would like you to contact me on my private
email (jerobtt@gmail.com) for a mutual benefit discussion.
Thanks.
 
JESSE ROBERT
 From alina.rosenberg246@gmail.com Thu Dec 16 14:27:51 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************** X-Spam-Status: Yes, score=22.6 required=5.0 tests=ADVANCE_FEE_5_NEW_MONEY, BAYES_99,DEAR_FRIEND,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, FREEMAIL_REPLYTO,HTML_MESSAGE,LOTS_OF_MONEY,MILLION_HUNDRED, MONEY_FRAUD_8,MONEY_FREEMAIL_REPTO,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,SUBJ_ALL_CAPS,T_HK_NAME_FM_MR_MRS,T_MONEY_PERCENT, UNCLAIMED_MONEY,UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9966] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.208.67 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [alina.rosenberg246[at]gmail.com] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends * in digit * [alina.rosenberg246[at]gmail.com] * 0.1 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 2.4 UNCLAIMED_MONEY BODY: People just leave money laying around * 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 T_HK_NAME_FM_MR_MRS No description available. * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 0.0 T_MONEY_PERCENT X% of a lot of money for you * 3.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases * 3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BGKRkJ1023660 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Thu, 16 Dec 2021 14:27:50 -0600 Received: by mail-ed1-f67.google.com with SMTP id z9so35794083edb.5 for ; Thu, 16 Dec 2021 12:27:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=1sR8dHPZtyLJSyyMdr3qFOh9eka7nJbPjifs5rYr7CI=; b=mHqLTy9/YOLC0fsjCAhrZkgKfdN1ScAx+j68Cs9qY0fp5L326lTwrANujf8YQPTFke yQ4mIp3YeHeDithbunCdGLDOCWXveX8gBfMZyi6TY9kixXgfwpb0k75kzDxuP82e2NwB MHz3YM1iJNy4taQxKZVw779FlkR+XsKp9HQ7Dyv/z3BLPeend6fyYtXdFCJi7xWXQbIs xYJJAU6Jbj4AR4/BkmiqMLXIbMzMT/Pt1hXB9j1FsP9U1/Az4EDKH7dnaKbU3jXElf/S n51GGkTd3Y8d6Jbgr6nTpmYcUhi8qlMWobihRtd/HbIN2JN49fsmPbYiqXnB79JekSHX 1cEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=1sR8dHPZtyLJSyyMdr3qFOh9eka7nJbPjifs5rYr7CI=; b=S7xHbVBOKB7SOLOSC9VQiFhiZNyCslFohvtndIzG/KKmwYmHK+nRgqbXq5LZK5LSx8 lHlomT00c7aW6K9B899SvrMon3LBY899TIny4elAtKoX2la/N/leE+2hIcPpbscarEIA erClDPfeBo8iznMkaGMk7E81TLx6tLnTaTibctIrXA9tarCBqYnMTjlBagAx6AU7wjMy Fpa/M5l0vi+AJuVo/eL8suwh51w5xZR2a6kPNBGIgQP9Alf/drjmypzthZdpt9Z8VGt8 rftSrd3hrq6uEjdM93dv66UhDVwNbttdFtcBzJ64SKrN2Cdi72+yhE1MN9w3DO5O1ZHJ grLA== X-Gm-Message-State: AOAM531/AH8YxXtsRvpOiVWqjwi+IzGgAJCcllQRBdSM+XfWYq9XRqy9 z/gQTZKIKiGr73RZOhp5pKi9D3Bb2gG4R8rEf/U= X-Google-Smtp-Source: ABdhPJx6XQPlP34SgD7O5VwCodWWYLSPftLgYEqM5AZdPIJciRRDU6fnq80qohc24DCWC315XNleeMFM3JnsQFP1CPY= X-Received: by 2002:a17:906:4e56:: with SMTP id g22mr8973486ejw.567.1639686464183; Thu, 16 Dec 2021 12:27:44 -0800 (PST) MIME-Version: 1.0 Reply-To: madamkoenig.ruhama1b@gmail.com From: Mrs Ruhama Koenig Date: Thu, 16 Dec 2021 21:27:34 +0100 Message-ID: Subject: [SPAM] Re: PLEASE HELP ME To: undisclosed-recipients:; Content-Type: multipart/alternative; boundary="0000000000003da1e905d349410a" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 16 Dec 2021 14:27:51 -0600 (CST) for IP:'209.85.208.67' DOMAIN:'mail-ed1-f67.google.com' HELO:'mail-ed1-f67.google.com' FROM:'alina.rosenberg246@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 16 Dec 2021 14:27:51 -0600 (CST) X-Spam-Prev-Subject: Re: PLEASE HELP ME Status: R X-Status: X-Keywords: X-UID: 374 Content-Length: 5172 --0000000000003da1e905d349410a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Dear Friend, I know that this message will be a surprise to you. I was just surfing through the Google Internet search when I found your email address having prayed over it. I am sending this message to you praying that it will reach you in good health. My Name is Mrs Koenig Ruhama, from ISRAEL, I am married to Mr. Peter koenig, A Contractor and gold merchant who owned a small gold Mine company; He died of Pulmonary disease in August 2016, and our long years of marriage we were not blessed with children. During his lifetime he deposited the sum of ($ 18.5 Million Dollars) Eighteen Million Five Hundred Thousand Dollars in (C.A.B) Cambodia Asia Bank LTD, The deposited money was from the sale of the shares, death benefits payment and entitlements of my deceased husband by his company. I am suffering from long time cancer and presently i am partially suffering from a stroke illness which has become almost impossible for me to move around, from all medical indications my condition has really deteriorated and it=E2=80=99s pretty obvious that i may not live long, owning to the rap= id growth by stage and the excruciating pain that accrues to it. I was diagnosed and my Doctor told me privately that I should expect to build my spirit for the inevitable. She says i may not last for more than six months, based on this i sincerely request for your assistance in this humanitarian work. I want you to take 20% of the total money for your personal use while 80% of the money will go to charity. I have decided to donate what I inherited from my late husband to you for good work of God for helping Motherless babies/Less privileged/Widows, because I am dying and diagnosed with cancer 4 years ago. If this money remains unclaimed after my death, the bank executives or the government will take the money as unclaimed funds and maybe use it for selfish and worthless ventures. I need a very honest person who can claim this money and use it for Charity and humanitarian works, Which will be named after my late husband and my name. I need your positive answer to know if you will be able and willing to execute this project, and I will give you more information on how the fund will be transferred to your bank account. I now realize that wealth without life in Christ is vanity and non-sense.Please Always remember me in your prayers! Best Regards, Mrs Koenig Ruhama --0000000000003da1e905d349410a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


Dear Friend,

I know that this message will = be a surprise to you. I was just surfing through the Google Internet search= when I found your email address having prayed over it. I am =C2=A0sending = this message to you praying that it will reach you in good health. My Name = is Mrs Koenig Ruhama, from ISRAEL, I am married to Mr. Peter koenig, A Cont= ractor and gold merchant who owned a small gold Mine company; He died of Pu= lmonary disease in August 2016, and our long years of marriage we were not = blessed with children.

During his lifetime he deposited the sum of = ($ 18.5 Million Dollars) Eighteen Million Five Hundred Thousand Dollars in = (C.A.B) Cambodia Asia Bank LTD, The deposited money was from the sale of th= e shares, death benefits payment and entitlements of my deceased husband by= his company.

I am suffering from long time cancer and presently i a= m partially suffering from a stroke illness which has become almost impossi= ble for me to move around, from all medical indications my condition has re= ally deteriorated and it=E2=80=99s pretty obvious that i may not live long,= owning to the rapid growth by stage and the excruciating pain that accrues= to it. I was diagnosed and my Doctor told me privately that I should expec= t to build my spirit for the inevitable. She says i may not last for more t= han six months, based on this i sincerely request for your assistance in th= is humanitarian work.
I want you to take 20% of the total money for your= personal use while 80% of the money will go to charity.

I have deci= ded to donate what I inherited from my late husband to you for good work of= God for helping Motherless babies/Less privileged/Widows, because I am dyi= ng and diagnosed with cancer 4 years ago. If this money remains unclaimed a= fter my death, the bank executives or the government will take the money as= unclaimed funds and maybe use it for selfish and worthless ventures. I nee= d a very honest person who can claim this money and use it for Charity and = humanitarian works, Which will be named after my late husband and my name. = I need your positive answer to know if you will be able and willing to exec= ute this project, and I will give you more information on how the fund will= be transferred to your bank account. I now realize that wealth without lif= e in Christ is vanity and non-sense.Please Always remember me in your praye= rs!

Best Regards,

Mrs Koenig Ruhama
--0000000000003da1e905d349410a-- From reply@powerball.com Thu Dec 16 22:49:27 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********** X-Spam-Status: Yes, score=10.6 required=5.0 tests=ADVANCE_FEE_3_NEW_FRM_MNY, BAYES_99,FILL_THIS_FORM,FILL_THIS_FORM_LONG,LOTS_OF_MONEY, MILLION_HUNDRED,MONEY_FORM,MONEY_FRAUD_3,PDS_PHP_EVAL, PHP_ORIG_SCRIPT_EVAL,RCVD_IN_MSPIKE_H2,SPF_FAIL,SPF_HELO_NONE, SUBJ_ALL_CAPS autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9974] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [208.113.201.24 listed in wl.mailspike.net] * 0.5 SUBJ_ALL_CAPS Subject is all capitals * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=reply%40powerball.com;ip=208.113.201.24;r=ga.impsec.org] * 0.1 MILLION_HUNDRED BODY: Million "One to Nine" Hundred * 3.0 PHP_ORIG_SCRIPT_EVAL From suspicious PHP source * 0.0 LOTS_OF_MONEY Huge... sums of money * 1.5 PDS_PHP_EVAL PHP header shows eval'd code * 0.0 FILL_THIS_FORM Fill in a form with personal information * 2.0 FILL_THIS_FORM_LONG Fill in a form with personal information * 0.0 MONEY_FORM Lots of money if you fill out a form * 0.0 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of * money * 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases X-Spam-Relay-Country: US US US Received: from iad1-shared-fallback1.dreamhost.com (iad1-shared-fallback1.dreamhost.com [208.113.201.24]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BH4nH9c015848 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 16 Dec 2021 22:49:27 -0600 Received: from iad1-shared-relay.dreamhost.com (dashboard.dreamcompute.com [208.113.156.243]) by iad1-shared-fallback1.dreamhost.com (Postfix) with ESMTP id 4JFRz43k40zGM13 for ; Thu, 16 Dec 2021 14:45:36 -0800 (PST) Received: from shenandoah.dreamhost.com (shenandoah.dreamhost.com [208.113.170.83]) by iad1-shared-relay.dreamhost.com (Postfix) with ESMTP id 4JFRz43Kxgz1jv for ; Thu, 16 Dec 2021 14:45:36 -0800 (PST) Received: by shenandoah.dreamhost.com (Postfix, from userid 2438601) id 4JFRv83SV2z3KJ; Thu, 16 Dec 2021 14:42:12 -0800 (PST) To: jhardin@impsec.org Subject: [SPAM] Re: OFFICIAL PROFIT NOTICE X-PHP-Originating-Script: 2438601:zaqvlefnqj.php(1) : eval()'d code(1) : eval()'d code(286) : eval()'d code(1) : eval()'d code Date: Thu, 16 Dec 2021 14:42:12 -0800 From: POWER BALLpowerplay Reply-To: emmy.marty@onet.eu Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 16 Dec 2021 22:49:27 -0600 (CST) for IP:'208.113.201.24' DOMAIN:'iad1-shared-fallback1.dreamhost.com' HELO:'iad1-shared-fallback1.dreamhost.com' FROM:'reply@powerball.com' RCPT:'' X-Greylist: Delayed for 06:03:42 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Thu, 16 Dec 2021 22:49:27 -0600 (CST) X-Spam-Prev-Subject: Re: OFFICIAL PROFIT NOTICE Status: R X-Status: X-Keywords: X-UID: 375 Content-Length: 1570 Att: We are happy to inform you of the release of Power-Ball United States sweepstakes international lottery program held on the 23rd August, 2021. Due to the mix up of numbers and names, the results were later released on the 13th December, 2021. Your email was entered as a dependent client attached with claim file numbers: KLT/VC/0999/171 with batch numbers: 0136215 drew the lucky numbers 4-13-21-27-36-38-45, which consequently won the lottery in the 3rd category. You have been approved a lump sum payment of ($2.500.000 USD) two million five hundred thousand dollars only) in cash credited to claim file numbers: KLT/VC/0999/171. This is from a total cash prize of ($250.756.820 USD) Two hundred and fifty million seven hundred and fifty-six thousand eight hundred and twenty dollars only) Shared among International winners in this 3 rd category. Kindly provide details below if you receive this is your email account. (**) Your Full names: (**) Your Telephone Number (**) Your Contact address: (**) Your Occupation: (**) Your Country: (**) Your Age & Sex: (**) And your file/batch and lucky number above: Best regards, Emmy Marty Congratulations!!!!!!!!! Note that: Do not share your Social Security number, credit card numbers and bank account numbers. Scammers may try to get this information from you by offering to wire “prize money”directly into your bank account. Only the designated paying bank in the US has the right to require such information's. Winners stories- https://www.powerball.com/index.php/winner-stories From wilaanslima@gmail.com Sat Dec 18 14:15:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1BIMF22U007224 for ; Sat, 18 Dec 2021 14:15:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********* X-Spam-Status: Yes, score=9.4 required=5.0 tests=BAYES_80,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,FREEMAIL_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,LOTS_OF_MONEY,MONEY_FREEMAIL_REPTO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, UNDISC_FREEM,UNDISC_MONEY autolearn=disabled version=3.4.4 X-Spam-Report: * 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% * [score: 0.8500] * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at * https://www.dnswl.org/, no trust * [209.85.222.45 listed in list.dnswl.org] * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.222.45 listed in wl.mailspike.net] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [wilaanslima[at]gmail.com] * -0.0 SPF_PASS SPF: sender matches SPF record * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [revfrpaulwilliams2[at]gmail.com] * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * 0.0 LOTS_OF_MONEY Huge... sums of money * 3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to * 0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free * email? * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs X-Spam-Relay-Country: US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 18 Dec 2021 14:15:02 -0800 (PST) Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com [209.85.222.45]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BIMEf6A023486 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 18 Dec 2021 16:14:49 -0600 Received: by mail-ua1-f45.google.com with SMTP id t13so10879124uad.9 for ; Sat, 18 Dec 2021 14:14:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=PA5Eb3SKatYFaqsO/40bx9AAytaL07oA6ydkj8EAbzQ=; b=Lb5ypqJAbd7LJNS0gGjV1tZ58Fw9DbvfFmoB1PVBTLYsj67H4gtnfQEHsrTyr7EFsQ r61pqZLcFdHEeaVRRCgN/zfVEUeJx73UhFZVveKP9Cky2596S+gzn65XHt7p914gDtHU lXDOi6PiPH6Akjmv1KbzRi8G0hg3n/q6iZdbNbhw6M1Yn54dVWSPSLmufQV4ow1Rn9Eb QrgNjdMav62K7Kw6QUQXMWs7HdFE+jiu/V10Wplt7mVlj9ZFPrs+xo5s2zp3PMuAQox+ HGvxskeskQXhKtgmsyqES5EB8T+3PYlKvgqpXy+KY53l8PjJwaAML/rA1QWmXa59BnXm inGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=PA5Eb3SKatYFaqsO/40bx9AAytaL07oA6ydkj8EAbzQ=; b=aF6SYiWuvWqUDcPCth7eX9SLr1EjbMIsTa/YiG3oamlc0dMsibn/9HWC34MOGm/9Lj iOrw84qwxFS5RFqAQIkUd16FfeojlBTY2gMbnFq5ni/AED4gji2fwYZ7QL1IFYArBEWn wrmU1zyDC4o2LCq0uWJN98pwelwGrfWdIbEMqY7z3MNSjw5X1xppII272PFACAJfIZ8m FnB8dH5P6+3PneJdAehE4hWtw0ExxrlKHmFIZ7vL1Q7ltABkjzhbo4wKkdB9FRj5R+Y7 T85qmbZzWKY3lKXWgu8k1iasvWa+OnZI0WzlzeSSotaTPOCj3EUB8xQuBQ4ZThehyTTi eZgA== X-Gm-Message-State: AOAM530B4OJWHS8UC9vXhLBwVsN2XkA/44UohqHFIo3vOB78knsGINJ0 w6lIFaNWnpHJ2ermqLam+hOzImZZLwx9QKKhIY8= X-Google-Smtp-Source: ABdhPJyw55TH1I/7iriUv/sn+R/5Mjf/a0MIBRHo/siiWXuCdZrEx4oAdsE12tzQwKGahlEG2dl3hv+4Mp7lVymQYSQ= X-Received: by 2002:a05:6102:3f50:: with SMTP id l16mr3261804vsv.85.1639865676183; Sat, 18 Dec 2021 14:14:36 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a59:ce04:0:b0:23d:ea9e:f9cc with HTTP; Sat, 18 Dec 2021 14:14:35 -0800 (PST) Reply-To: revfrpaulwilliams2@gmail.com From: "Rev. Fr. Paul Williams" Date: Sun, 19 Dec 2021 03:44:35 +0530 Message-ID: Subject: [SPAM] Donation From Williams Foundation. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 18 Dec 2021 16:14:49 -0600 (CST) for IP:'209.85.222.45' DOMAIN:'mail-ua1-f45.google.com' HELO:'mail-ua1-f45.google.com' FROM:'wilaanslima@gmail.com' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 18 Dec 2021 16:14:49 -0600 (CST) X-Spam-Prev-Subject: Donation From Williams Foundation. Status: R X-Status: X-Keywords: X-UID: 376 Contact Rev. Fr. Paul Williams Immediately For A Charity Donation Of $6,200,000.00 United States Dollars At E-Mail: revfrpaulwilliams2@gmail.com From apmail-jhardin-owner@apache.org Wed Dec 22 10:48:01 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1BMIm1Ae016976 for ; Wed, 22 Dec 2021 10:48:01 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=5.0 tests=BAYES_80,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HK_SCAM,LOTS_OF_MONEY,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS, SUBJ_ALL_CAPS,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: FI US FI ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Wed, 22 Dec 2021 10:48:01 -0800 (PST) Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BMIj6Lx036366 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 22 Dec 2021 12:45:12 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with SMTP id 096205FE3F for ; Wed, 22 Dec 2021 18:45:02 +0000 (UTC) Received: (qmail 98055 invoked by uid 500); 22 Dec 2021 18:45:02 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 98052 invoked by uid 99); 22 Dec 2021 18:45:02 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Dec 2021 18:45:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id D0A86C051E for ; Wed, 22 Dec 2021 18:45:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id Pw0NjwzgSVyW for ; Wed, 22 Dec 2021 18:45:01 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.210.42; helo=mail-ot1-f42.google.com; envelope-from=attorneydavid.chamber@gmail.com; receiver= Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id E2B1FBDA31 for ; Wed, 22 Dec 2021 18:45:00 +0000 (UTC) Received: by mail-ot1-f42.google.com with SMTP id v22-20020a9d4e96000000b005799790cf0bso3959617otk.5 for ; Wed, 22 Dec 2021 10:45:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=u1gqW2AN4TYa/Dw5DMGT2cF2T7wFMTDPgrS97DSidBo=; b=ihOBpFA4HcHF9CEkd2Yi/tziZjOZWb6+Hm3XDbb9bxIk0nwFXRmwo2fYFxb4pg+gam G4Prm8Hsz0As5+YfIXIsmZRqT8ukKjsDxP0/HQe00xKMrtXSjg5k/Gq3P9xOw+DJXoG2 kCq7ca9DUWl4CZW7Au4XiGqe9CbVYrTEQJDRwXoJKraK3MYRqvj5yLt7nHVQRzaiTcc6 4nh+1RWuginaDEIjtrwb7cijta+k1YdkH+jDJOlJu5y7Zj9xj+H9BjWxQFJr6hbigZkO eqHWAV7lPwzdYHn5oPAaO3kwnGvI7w8N6Xp9EzBb+2Zcdg7MDa5kr+SmgsL7Xfxv7KTd W31Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=u1gqW2AN4TYa/Dw5DMGT2cF2T7wFMTDPgrS97DSidBo=; b=EpKrTmNAVPqX7YJxwrhV7Ph/h/bm8V+IPqPzFVcgddElLOUriu+CEyn0K/poyJJQnW 9//Zye/8PNAELO5yutu+wFW+EpDiNvnMjfvCDqFP2VNozO2yv1+q/9zZHBvLXzIGB/Vu WCJbj5fhCYis701lVe423j/chBKh5gvaQFn+7ncrvfOwDNyr2JEOg3Qv9bIvGqBfv9Ac 39pqkplDIzb1yLzn+kwQSpNXgDoBZmRconaZa3qE5P4lyzDxN3puQ0+NeI/yekiOXpZ5 Bom5QHnoRz1YYSNiHKgs5zfwrcyZvMk7z93RyQoeWJpJykZgv/imnZUZmcHS/kKzXelA RKMg== X-Gm-Message-State: AOAM532aw/MqAeajHluwJdFO3lgKgHskSkQszVF95H7K8ekcaqtjNfeX iEbbuiXeJewmSY+VbYxa6WHXCea8vNamYnr89mQ= X-Google-Smtp-Source: ABdhPJycjTn+bxdvku6Np3bBMYS8/mItJ5vsTMCGE5OAEdpfpE70fA+N4auux1mCZ/KUoTPtdrRJwSBWJhYdeMahVmA= X-Received: by 2002:a05:6830:1e15:: with SMTP id s21mr2710838otr.103.1640198700430; Wed, 22 Dec 2021 10:45:00 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:6838:3b48:0:0:0:0 with HTTP; Wed, 22 Dec 2021 10:45:00 -0800 (PST) From: "attorneydavid.chamber@gmail.com" Date: Wed, 22 Dec 2021 18:45:00 +0000 Message-ID: Subject: SHORT FORMATTTT To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 22 Dec 2021 12:45:12 -0600 (CST) for IP:'95.216.194.37' DOMAIN:'mxout1-he-de.apache.org' HELO:'mxout1-he-de.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Wed, 22 Dec 2021 12:45:12 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 377 Greetings. How are you doing today hope great? I want to introduce you to. 12.5 Million dollars business contract which you will be a beneficiary as next of kin to the fund in question. Are you ready for this opportunity? Can you be trusted? Let me know so I will give you more details about this before we proceed with. Thanks for your understanding. Mr. David Lawson. From apmail-jhardin-owner@apache.org Sat Dec 25 08:48:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1BPGm2Yd017755 for ; Sat, 25 Dec 2021 08:48:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_99,BAYES_999, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, SPF_PASS,T_FREEMAIL_DOC_PDF,T_FREEMAIL_DOC_PDF_BCC,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US US IN ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Sat, 25 Dec 2021 08:48:02 -0800 (PST) Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BPGjTGe044646 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 25 Dec 2021 10:45:36 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 9E9CF3EFAB for ; Sat, 25 Dec 2021 16:45:23 +0000 (UTC) Received: (qmail 5170 invoked by uid 500); 25 Dec 2021 16:45:23 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 5167 invoked by uid 99); 25 Dec 2021 16:45:23 -0000 Received: from spamproc1-he-de.apache.org (HELO spamproc1-he-de.apache.org) (116.203.196.100) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Dec 2021 16:45:23 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-de.apache.org (ASF Mail Server at spamproc1-he-de.apache.org) with ESMTP id CF9C01FF53F for ; Sat, 25 Dec 2021 16:45:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-de.apache.org Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-de.apache.org [116.203.196.100]) (amavisd-new, port 10024) with ESMTP id 0PgAF-AAqSIH for ; Sat, 25 Dec 2021 16:45:22 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.208.54; helo=mail-ed1-f54.google.com; envelope-from=hodoale@gmail.com; receiver= Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id C7DA7BD8CC for ; Sat, 25 Dec 2021 16:45:21 +0000 (UTC) Received: by mail-ed1-f54.google.com with SMTP id m21so45643239edc.0 for ; Sat, 25 Dec 2021 08:45:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=9f7K4euckOta8fZvt/eJRNKUjbjNHhMPklvqco7E2xg=; b=brVIcUntMJtYVVyc7A/WCLeG/n7Zx5OtcR8nQsMhezfvsjDDb6wv4BIvHKHFhc6Mp6 XxFLl6Hk9r2d9eE7s6dAfp6VgNtz/YaFAof2VjQbWEXSnRS+L0WKFIzOjxm8OZ2gC/FX 99YspiZMZaT5jFlvtyLTYKd0uY1YrtY3YOyYlWkpWpI9+Xt5jpN/hrNqclMNTFcJ333s Y8GFceqZb+YJLhUr9CESBmPdrlXjypSMe+Dz22ySEQ3mqVr+nGqSthYCaiqU5PmsLF7f pgizuKyftOeK5skNS02Jfm8pJV3a2EfxutyGcC3ZT5xnLD/5Lvbo9IGUYr9JEM/DrhxQ 62lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=9f7K4euckOta8fZvt/eJRNKUjbjNHhMPklvqco7E2xg=; b=h9KPwzL99rFuqm4F4ra+5Tn/IoJUfAnOhEV5HVTPk6eGdHxmESu8O0Vyenn2SVdSnf 6sUECSO3PzTVzQ/TgN983U4Br9iS0Vg2xRHBSFV/NxGE6n7NLMm46KlQahjDSQ9BKK11 4LhfubzgkIemBUTSVqqmHCyjXCCZPRI/4jvOH71XHrLcbKc1Ce59Zsg7NSXr5+uC+Gfv YCTTtGNtVNxVrwu56oaIEmec/NOKgyysRsQiBlRTXVZXtfjybznSVw9sCyejS+jENXBv +ChpRZTNIXl7GayXbp9+SetftWplKz9iosCjdpLyCKi424xDogceRtwJW2nwN0oCsilN ygsw== X-Gm-Message-State: AOAM533h7yGJQ/pKDglFaIUVhy8ZvXbJdO+1QgkIeUJ7kqbiTWXLv7Jm GpzaYlT/ZW69xx6G0XSZ2XbcHAjQtn9vbapIRTM= X-Google-Smtp-Source: ABdhPJwgax96aaxaF6iUNUIttcay9c4D6KcoiU2ozKgavOeOUnBHDxIql27WPaY4+Zuei7fIygXC8M0aWE2VblJwrAw= X-Received: by 2002:a17:906:5d0b:: with SMTP id g11mr8812360ejt.690.1640450719981; Sat, 25 Dec 2021 08:45:19 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a17:906:4158:0:0:0:0 with HTTP; Sat, 25 Dec 2021 08:45:19 -0800 (PST) Reply-To: westeruniontransferunite7@outlook.com From: Hodo Alema Date: Sat, 25 Dec 2021 16:45:19 +0000 Message-ID: Subject: RE To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/mixed; boundary="0000000000006fc97305d3fb32c3" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 25 Dec 2021 10:45:36 -0600 (CST) for IP:'3.227.148.255' DOMAIN:'mxout1-ec2-va.apache.org' HELO:'mxout1-ec2-va.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Sat, 25 Dec 2021 10:45:36 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 378 Content-Length: 19167 --0000000000006fc97305d3fb32c3 Content-Type: text/plain; charset="UTF-8" --0000000000006fc97305d3fb32c3 Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="Attention.docx" Content-Disposition: attachment; filename="Attention.docx" X-Attachment-Id: file0 Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQAJJIeCgQEAAI4FAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0 lE1Pg0AQhu8m/geyVwPbejDGlPag9ahNrPG8LkPZyH5kZ/v17x1KS6qhpVq9kMAy7/vMCzOD0UqX 0QI8KmtS1k96LAIjbabMLGWv08f4lkUYhMlEaQ2kbA3IRsPLi8F07QAjqjaYsiIEd8c5ygK0wMQ6 MHSSW69FoFs/407IDzEDft3r3XBpTQAT4lBpsOHgAXIxL0M0XtHjmsRDiSy6r1+svFImnCuVFIFI +cJk31zirUNClZt3sFAOrwiD8VaH6uSwwbbumaLxKoNoInx4Epow+NL6jGdWzjX1kByXaeG0ea4k NPWVmvNWAiJlrsukOdFCmR3/QQ4M6xLw7ylq3RPt31QoxnkOkj52dx4a46rppLbYq+12gxAopFNM vv6CcVfouFXuRFjC+8u/UeyJd4LkNBpT8V7CCYn/MIxGuhMi0LwD31z7Z3NsZI5Z0mRMvHVI+8P/ ou3dgqiqYxo5Bz4oaFZE24g1jrR7zu4Pqu2WQdbizTfbdPgJAAD//wMAUEsDBBQABgAIAAAAIQAe kRq38wAAAE4CAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJLbSgNBDIbvBd9hyH032woi0tneSKF3 IusDhJnsAXcOzKTavr2jILpQ217m9OfLT9abg5vUO6c8Bq9hWdWg2JtgR99reG23iwdQWchbmoJn DUfOsGlub9YvPJGUoTyMMaui4rOGQSQ+ImYzsKNchci+VLqQHEkJU4+RzBv1jKu6vsf0VwOamaba WQ1pZ+9AtcdYNl/WDl03Gn4KZu/Yy4kVyAdhb9kuYipsScZyjWop9SwabDDPJZ2RYqwKNuBpotX1 RP9fi46FLAmhCYnP83x1nANaXg902aJ5x687HyFZLBZ9e/tDg7MvaD4BAAD//wMAUEsDBBQABgAI AAAAIQDLB57NXQEAAHMEAAAcAAgBd29yZC9fcmVscy9kb2N1bWVudC54bWwucmVscyCiBAEooAAB AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKyUwW7CMAyG75P2DlXua4BtMCEKO4xJHHbZmHYO qdNGpHGVmAFvv1DEKBt0O/RSyY7s/8vvuKPJpjDRJziv0SasG3dYBFZiqm2WsPf5880DizwJmwqD FhK2Bc8m4+ur0SsYQaHI57r0UehifcJyonLIuZc5FMLHWIINJwpdISiELuOlkEuRAe91On3u6j3Y +KRnNEsT5mbpLYvm2zIo/90bldISnlCuCrB0RoJ7IAo386GncBlQwg6ZOHAyfh5h0CYCBWvgqF+F vPp2mxh6FxgKLR16VBRLLPjegd3NB6fmck9bA/5DUz5VCiTVLfh51MTRvcBxZtT/GEelfDRjD9kk 329TXqGluViY2ji+U00Q921C5OFxO6Pt8mhDIbQhHK7BE7iVDUtGTlivqoBg8IgrMojL3cgPVS+Y hh2ZbkKFFRdf8l2b5GtYvP3ap1ryYCE/+VWMvwAAAP//AwBQSwMEFAAGAAgAAAAhAP4i20fPBQAA /iAAABEAAAB3b3JkL2RvY3VtZW50LnhtbORa627bNhT+P2DvQAgD1gKN7TiXdkbjznUuC9ZlQZOg GDCgoCRKIkKRAklZdZ9mz7In20fKcnyJUzdtgdrLH1kkdXju5+NhXr76kAsyYtpwJY+C3VYnIExG KuYyPQpurk93XgTEWCpjKpRkR8GYmeBV/8cfXla9WEVlzqQlICFNryqioyCztui12ybKWE5NK+eR VkYlthWpvK2ShEesXSkdt7ud3Y7/VWgVMWOw35DKETXBhFy+TE0VTGKvROmcWtNSOm3nVN+WxQ6o F9TykAtux6DdOWzIqKOg1LI3YWhnypD7pFczNHk0X+glKe7Zt/7yeKIBv2NbMwEelDQZL+7EeCw1 iJg1LI0eEmKUi2ZdVezuL+03FXkdGxxrWsEUdwSXyN2jjLj+KBe1Hpx976y6SHG385AwE4s4ElMe 1mFhfs+Gk5xyOSXzONXMKhcR8SX+faZVWUzZKfiXUTuXt1NaLjA/g7POoY+8WdHMZxFYCt2rjBYs IHnUO0+l0jQU4Kja3SfOI4M+kkWo4rF7FqTqIdnEb4+CTmd/sHd4MAyaoUuEXqdzOtx70f1lOnjM EloKOzPjyVxq99CTx6mS1oBMBDkGGdVK8qDtFkRKKI2JERWOwuvOQaeeEFSmzTiTO8OBG25PKOJZ TCjfy9t9W1MTcZh0oDkV5LWgEcxT9bKBNMujS2yGntlwaB5m2nxsWO4+r8UwH4dObi9ePdbIUPV8 Yu6ZgkYwRqGZYXrEgj4ZWIusjUTl5LW11F6nWqnkRDt12XGBb1JN8ytLta33chPedHN22hBd9J+t I+2JjDdf1lBPXNmZJlTq1hVJb0cYkMeIA+eZkuYw8fsz9dq5au1/k7XQwnSln9hky3ttrAyGQWKZ JqrUJOESgZszZlH/CA1VacnYT5QyfkYqRmJWKMMtiwklwDfRLeHSqrtF5MlPpNs6IDkXAtH1lNgM GT/N8GTkHTPYSZIbiSlHCmHlwFOLDIRwNEhGR4yAXqwINyRCRqORXfjumGsWWWS0Y90ip0wDpgGa kU+5timYEFsTyTc5y9aSeCuieVUWH3FK2A4Qjvj3n09pY0MS+d5hnYdmi1o9NlPU+k8WpF0/OS2V 3RXoYHa39ZT7CE9bYiasc/DXxQCJiIfAQ0jnk1/XvrKHLAUynikTX6DEb8I3l8bqa/Zhlff/9tfl yds35xe/k8CFgFW9yifY0qVXq6k0CdN4sez5r8jkApXNHX8C8rclwfsQ6A/wzDnSdKM7HPS96WKF DY2rIdSyzzPjlR0LBnfwiPENZzKDQ2gLTXtCQHgrsfQ3MbTtV18vnr8JhyvUz2qo6HKFw1lejYLL W6I9xtLn8UEAPdvUngJGO6g18Tqs5QY1fIx2iz8afdrfvj+jrRNsc3aFnqYq8kcG6GZzDxNPAQgz HmWkAtYjaHaMeMw8iqu4zYALkb3KyDeDCOBepiqH7FRo0ZCoAaNVFnAzAbZskWMlf7YEba2UWbfO wLdIxvN6pettCWYZqNadLwcgsYqOFI8xGCntQCHxWS/naKUp+YyYEtxRM2cDaHyDtT53rNl4QdzJ +wJ5gaiEwHy8QCq25P3837ZZzwk9iGO0IkxvUVZIvo3iDlUJPDJeEHcbJb1mghUZLgmILPOQ6S0X uSn8G5+JGkFQxba4/edr7ELY3SvxI45ym9P6XcAYvr81CytCalCRasDielIxKlOMhhfghsMmfj3u h6RrkXnssqDRrQmGjRfEldorgEOGW8nxgpXu9futaQ/+zxr9ztDvTq6uT95ekJuL8z8vWnPWRnYv 3HnL4IhwOfVqdxf20OWb+6JIr9x1U4Vjare77+8MMvw+eIHfvlVVpH/4zpJVBcb36yWapxku65rX UFmr8rt3wZKZ2YzRmOHS73nXk0+UQo98+pqWuKhyV4L1dmjWuauuyX2W+8Rzgf9CONM4CFU9nL7Z JbcRuNw79LMQvpbbN3fqK0iMNf+40P8PAAD//wMAUEsDBBQABgAIAAAAIQCxiVTzrAYAAKUbAAAV AAAAd29yZC90aGVtZS90aGVtZTEueG1s7FlPbxtFFL8j8R1Ge29jJ3YaR3Wq2LEbaNNGsVvU43h3 vDvN7M5qZpzUN9QekZAQBXGgEjeQEFCplbiUEx8lUARF6lfgzczueidek6SNoILm0Nqzv3n/32/e rC9fuRczdECEpDxpe/WLNQ+RxOcBTcK2d2vYv7DmIalwEmDGE9L2pkR6VzbefecyXlcRiQmC/Ylc x20vUipdX1qSPixjeZGnJIFnYy5irOCrCJcCgQ9BbsyWlmu11aUY08RDCY5B7DD6+RsQdnM8pj7x NnLpPQYqEiX1gs/EQMsm2ZYSNtiva4Scyi4T6ACztgeKAn44JPeUhxiWCh60vZr585Y2Li/h9WwT Uwv2lvb1zV+2L9sQ7C8bnSIcFUrr/Ubr0lYh3wCYmsf1er1ur17IMwDs++CptaUss9Ffq3dymSWQ /Tgvu1tr1houviR/Zc7mVqfTabYyW6xQA7IfG3P4tdpqY3PZwRuQxTfn8I3OZre76uANyOJX5/D9 S63Vhos3oIjRZH8OrRPa72fSC8iYs+1K+BrA12oZfIaCaiiqS6sY80QtqrUY3+WiDwANZFjRBKlp SsbYhzLu4ngkKNYK8DrBpSd2yZdzS1oXkr6gqWp776cYWmIm7+Wz714+e4KO7j89uv/j0YMHR/d/ sIKcXds4Ccu7Xnz9yZ+PPkR/PPnqxcPPqvGyjP/1+49++enTaiC0z8yc558//u3p4+dffPz7tw8r 4JsCj8rwIY2JRDfIIdrjMThmouJaTkbibDuGEablHZtJKHGCtZYK+T0VOegbU8yy7Dh2dIgbwdsC 6KMKeHVy1zF4EImJohWar0WxA9zhnHW4qIzCNa2rFObhJAmrlYtJGbeH8UGV7i5OnPz2JinwZl6W juPdiDhm7jKcKByShCikn/F9Qiq8u0OpE9cd6gsu+VihOxR1MK0MyZCOnGqabdqmMeRlWuUz5NuJ zc5t1OGsyustcuAioSswqzB+SJgTxqt4onBcJXKIY1YO+HWsoiojB1Phl3E9qSDTIWEc9QIiZdWe mwL8LSX9GgbGqkz7DpvGLlIoul8l8zrmvIzc4vvdCMdpFXZAk6iMfU/uQ4litMtVFXyHux2iv0Me cLIw3bcpcdJ9MhvcoqFj0qxA9JOJqMjlVcKd+h1M2RgTQzVA6g5XxzT5O+JmFJjbajg/4gaqfP7l owq731TK3oTTq6pnto8R9SLccXruchHQN5+dt/Ak2SXQEPNH1FtyfkvO3n+enBf18/lT8oyFgaD1 LGIHbTN2xwun7jFlbKCmjFyXZvCWcPYEfVjU+8yVkxS3sDSCj7qTQYGDCwU2e5Dg6gOqokGEUxja 654WEspMdChRyiVcFs1ypWyNh8Ff2atmU19CLHNIrHZ4YJdX9HJ+1yjEGKtCc6HNFa1oAadVtnIp Ewq+vYqyujbq1NrqxjRDio62wmUdYnMph5AXrsFiEU0YahCMQhDlVbj0a9Vw2cGMBDruNkd5WkwW zjNFMsIByXKk/Z7PUd0kKa+VOUe0H7YY9MXxhKiVtLW02NfQdpokldU1FqjLs/c6WcoreJYlkHa8 HVlSbk6WoMO212ouNz3k47TtjeGeDB/jFLIu9RyJWQhvm3wlbNmf2Mymy2fZbOWOuU1Qh1cfNu5z Djs8kAqptrCMbGmYR1kJsERrsvYvNyGs5+VABRudzoqVNSiGf80KiKObWjIeE1+Vk11a0bGzXzMq 5RNFxCAKDtGITcQehvTrUgV/AirhdYdhBP0F3s3paJtHLjlnTVd+I2Zwdh2zNMIZ3eoWzTvZwg0h FTaYbyXzwLdK241zZ3fFtPw5uVIu4/+ZK/o8gbcPK4HOgA/vhgVGulPaHhcq4sBCaUT9voDBwXAH VAu834XHUFTwhtr8L8iB/t/2nJVh2houkWqPhkhQOI9UJAjZBVoy1XeCsHp2dlmRLBNkKqpkrkyt 2SNyQNhQc+CqPts9FEGpGzbJaMDgjtef+z3roFGoh5xyvzlMVpy9tgf+6cnHNjM45fKwGWjy+Bcm FuPB7FS1+832/OwtO6IfzMasRt4VoKx0FLSytn9FE8541FrGmvN4uZkbB1mc9xgWi4EohXdISP8D 5x8VPrO/dugDdcj3gFsR/HihhUHZQFVfsIMH0gRpF0cwONlFW0xalA1tNjrpqOWH9TlPuoXeY8HW lp0m32cMdjGcueqcXjzPYGcRdmJt1xaGGjJ7vEVhaZxfZExizO9k5V+y+OguJHoLfjOYMCVNMcHv VALDDD0wfQDNbzWarRt/AQAA//8DAFBLAwQUAAYACAAAACEASv8t44IDAADLCAAAEQAAAHdvcmQv c2V0dGluZ3MueG1stFZbb9s2FH4fsP9g6LmO5EuyVIhTbE68tYjbYUp/ACUey0R4A0lZcX/9Dkkx ahY3KFb0yUfn8p37oa/ePQo+OYCxTMlVNjsrsgnIRlEm21X2+X4zvcwm1hFJCVcSVtkRbPbu+tdf rvrSgnOoZicIIW0pmlW2d06XeW6bPQhiz5QGicKdMoI4/DRtLoh56PS0UUITx2rGmTvm86K4yAYY tco6I8sBYipYY5RVO+dNSrXbsQaGn2RhvsdvtLxRTSdAuuAxN8AxBiXtnmmb0MT/RcMU9wnk8FoS B8GTXj8rXtMc0u2VoU8W3xOeN9BGNWAtNkjwmK4gTD7BzJYvgJ5KfYalzqPv3EOh+awI1Bi55S/s T3Q7dvGO1YaY2GYcAB+FaMr3rVSG1ByHqp8ts2ucqC9KiUlfajANNgnHsSiy3AswGbWrHHGAYquB 8zCfDQeCYH3ZGiJwslZZ5AQbCjvScXdP6sopjUoHgjH/Nh8gmz0xpHFgKk0aRFsr6YziSY+qj8qt cUoNFjEGEWfWhxOpKs4/WkgiMIvIHWZ6qyj4yDrDXhTqm4X2BiFKrEfI4bQjhftqGAVMjUPljhw2 GHzFvsDvkn7orGO4JWGyfyCC1wIA6T1/wu2+P2rYAHEdluknOQud2HCmt8wYZd5LirPxo87y1ETf Tjx+1CbiH6VcakNRbBbntzfnsRZebZTMF8X68vaUZL2Y396uT0m+jbZZLy7nb70NRjbEI0p/Uv42 11eR8k2eiDggayJqw8hk648OWomyNg9/MJnkNeDRha8lVVcn4XQaBVYQzje4BUkQVkOUlFl9A7sA y7fEtCPuoGFOcnHjPjxh+Q0G86dRnY7eekN0bF5yN1suBzwm3R0TiW+7ukpWEg/HV6JO0k8H4wHz sTx96fC9CUtwR2SbegRy+rnyqthrbir/JsGWaI3Ljip1O1tlnLV7N/OD6/CL4tsUPup2PsjmQYZf XhY+SOMzQ+2B8AqRRK2BGHmLxFuMPLy8UW858s4T73zkXSQevo19ucdNM3j2HvCcJNLzd4pz1QP9 KzFX2QtWLILdEw3YV38VcdxVGRjDmbSTQwmPeHOBModPvmZUkEd/gucX3nzQ5uSoOvdM18u8sn7G nVDiCJqHVj0zDiP+n1j6kkLDcByro6jHI3wWA+fMugo03munDKYcTuSbgDz+C7n+FwAA//8DAFBL AwQUAAYACAAAACEAF6AWTgIBAACsAQAAFAAAAHdvcmQvd2ViU2V0dGluZ3MueG1sjNDBSgMxEAbg u+A7LLm32ZUisnS3IFLxIoL6AGl2dhvMZMJMaqxPb9qqIF56yySZj5l/ufpAX70Di6PQqWZeqwqC pcGFqVOvL+vZjaokmTAYTwE6tQdRq/7yYpnbDJtnSKn8lKooQVq0ndqmFFutxW4BjcwpQiiPIzGa VEqeNBp+28WZJYwmuY3zLu31VV1fq2+Gz1FoHJ2FO7I7hJCO/ZrBF5GCbF2UHy2fo2XiITJZECn7 oD95aFz4ZZrFPwidZRIa07wso08T6QNV2pv6eEKvKrTtwxSIzcaXBHOzUH2Jj2Jy6D5hTXzLlAVY H66N95SfHu9Lof9k3H8BAAD//wMAUEsDBBQABgAIAAAAIQBAZPnJHAgAAHE+AAAaAAAAd29yZC9z dHlsZXNXaXRoRWZmZWN0cy54bWy0m21T2zgQx9/fzH0Hj99DHni6Mk07FMrBDG1pA3OvFVshGmzL 5wcC9+lvJdmKseN4N3ZflTjW/na1q/8KKn38/BoGzgtPUiGjmTs5HLsOjzzpi+hp5j4+XB/85Tpp xiKfBTLiM/eNp+7nT3/+8XF9nmZvAU8dMBCl5+vYm7mrLIvPR6PUW/GQpYeh8BKZymV26MlwJJdL 4fHRWib+aDqejPVPcSI9nqZAu2TRC0vdwlzYtCZjHgFrKZOQZemhTJ5GIUue8/gArMcsEwsRiOwN bI9PSzNy5uZJdF44dGAdUkPOjUPFP+WIpBHFFq4ZeSW9PORRpomjhAfgg4zSlYg3YexrDUJclS69 7AriJQzK99bx5LjBsyFjcnCVsDWkYmOwYW7LZPhmUBiYeVD53WS1bnEy3hVMkRFlwvqAceE9s/Qk ZCKyZvabmurkwnroU99/JzKPrTux6GftNnq2ttSyJHg2PtUrrxpaSjLQWLrzFYu564Te+e1TJBO2 CMCj9eTYURXpfgKp8KV3xZcsD7JUfUzuk+Jj8Un/cy2jLHXW5yz1hHgACQEroQCDNxdRKlz4hrM0 u0gF2/rlSr219RsvzSrWvghfuCNFTP8Dmy8smLnTafnkUnnw7lnAoqfyGY8OHudVT2aufbQAuzOX JQfzC2VspMMs/62EG78LHj5pV2LmwcoDDltmHEQIVExxAqGyOz0DRTMffuVqclmeyQKiDQCsahY+ 1mYctAmUam4UG77lyzvpPXN/nsEXM1ez4OHj7X0iZAIyOnM/fFBMeDjnobgRvs9VgyiePUYr4fN/ Vjx6TLm/ef7zWstzYdGTeZSB+6dnugqC1P/66vFYySSYjpjK8Hc1ADQM0lHhaIdysfHGPKhR9cN/ S+TE5HArZcWZammO9n8nSEed9wZNVUTVALRdkq9H/U0c9zdx0t+ELt5+c3HW3wvYyPTNiKmNSlXi k5pJzxRfdR6OPuwoWTWiUUWdIxpF0zmiUSOdIxol0TmiUQGdIxoJ7xzRyG/niEY6d47wmBauehUd 6dlALewHkQXQJzuUbtJT6opW49yzhD0lLF45qrHW3d4llvN8keFc1XK6v1jOs0Sq7WbHjEB3Vkt3 b03+GsYrlgrYlXeBek79g9r6OH8nAravHagTU3yNmPTGZGsLuw+Yx1cy8HniPPBXk1HC+O/SmZtd RqdzPdN6J55WmQO7QtVyO2GnLZPePhPG/p1I9Rzs7OanLaF0GUfl8LSlLtuNf+O+yMNyahC7kVOj 54Q01xDaxd1TdKxS1FxdnVGoBGBCMO2CHoK2j/DfNBe6fZVjjP+mFe1pH+G/aVx72tf1sTu/ZKW5 gj+rOKjldUZeu5cykMkyD8o10CkPZ+QVbBG4EMiL2NpHicQZeQW/k0/nwvPgNzdMnZJzsdFRAoWc DkPRiw0fCzkpNdmbECIiJ6jGmhJY/bSWACKL7i/+ItQfganNQKu03Wt2LuejlhmAFoTaQ//MZda9 h562aB6WchvBn0tS7uBoRy0rD0sr6sn0O0KO+zU+AqhfBySA+rVCAqilPtr3PLYn4iH9myOBRZZl 28V02aGV+YyszBZEawED9U3E/qtl9bbXQrNvIijkBDX7JoJCzk6tl9m+iWAN1jcRrJau0Z6jqqZS giL3zSrI7gQQEQ0j3gjQMOKNAA0j3ghQf/Huhgwn3ggWWRusplbFGwHSr1B+1begqngjQGRtMGpX /M2o7Hvayu5fbgcQbwSFnKCmeCMo5Oy0iTeCpV+hVEKNZaUOwRpGvBGgYcQbARpGvBGgYcQbARpG vBGg/uLdDRlOvBEssjZYTa2KNwJElgcLqoo3AqRfoWjDVvHWq/63izeCQk5QU7wRFHJ2aoJqN6kI FjlBNZYVbwRLv0IphoKli5sS1DDijYhoGPFGgIYRbwRoGPFGgPqLdzdkOPFGsMjaYDW1Kt4IEFke LKgq3ggQWRu2irdejL9dvBEUcoKa4o2gkLNTE1SrcwgWOUE1lhVvBEvXS2/xRoD0K/uCKBENI96I iIYRbwRoGPFGgPqLdzdkOPFGsMjaYDW1Kt4IEFkeLKgq3ggQWRu2irdeI79dvBEUcoKa4o2gkLNT E1Qr3ggWOUE1lpU6BGsY8UaAdGH2Fm8ESL+yB0ivIkqahhFvRETDiDcC1F+8uyHDiTeCRdYGq6lV 8UaAyPJgQVXxRoDI2qDO2cJ5UfTx1ElLEWDPGZSnGtDAaUuSsMAiwF98yRO4Vci7T4f0BJYREogt 5YEN8YuUzw7uYPdRS4GgUWIRCKmPdL/pUzqViwhHZztuEjz8uHRuzAWYxjhdUu9P3sDtoep1IX09 SV0cAj+ztxiu7MTlyXJlDS4IqXtdxRUgfSf0Fi4EFdd61GB1zwde1Jeqisf6/20LKvwMRD2wifJW wPLgRtQO1L0M4GIpOOWDJ5m+aVRFtpyH1y5sLmOUDhbn4je7J/Peu9OZOz3O1BnwHd7qM+Is3zk/ jn7JZLTpIlzM0k51+QjpWgTmehn8cBv5EOO6uJllEum/MmMKvr/kQfCN6ctomYzbXw34MjPfTsa6 +9VMLWSWybB9fKIPh2tPthmAUqg6Yz6qINprJMrDBU+Ko+Yt5XiRe3nEAzixzBsFAgfjVUvpO93t Dr4rYrtC7gSPVrCekgwO8ze9ulFfwfW/Z+PXgsE9ux/q2pxeR7WabylmfKXA/W9VHtr2eHx9dPL1 6sSA4a6mWpaeOre7eQPeuS4mrHyoLnFD5ZvFoUdtZqT8Kf30PwAAAP//AwBQSwMEFAAGAAgAAAAh AE3/DitIAQAAdQIAABEACAFkb2NQcm9wcy9jb3JlLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAIyS30vDMBDH3wX/h5L3NkmnIqXtQGVPDgQ3FN9CcuuCTRqSuG7/vemP1Q59 EPJyd9987nuX5MujqqMDWCcbXSCaEBSB5o2QuirQdrOK71HkPNOC1Y2GAp3AoWV5fZVzk/HGwott DFgvwUWBpF3GTYH23psMY8f3oJhLgkKH4q6xivkQ2gobxj9ZBTgl5A4r8Ewwz3AHjM1ERCNS8Alp vmzdAwTHUIMC7R2mCcU/Wg9WuT8v9JWZUkl/MmGm0e6cLfhQnNRHJydh27ZJu+htBP8Uv6+fX/tR Y6m7XXFAZS54xi0w39hy68DmeJbollcz59dhzzsJ4uE0an7nO6mFg+zep6Q5noehRz/S0AhEFExm w0jnytvi8WmzQmVKUhrTNE5vN/QmC4eQj87Sxf3O9JBQo7F/ExfkkngGlL3jy49SfgMAAP//AwBQ SwMEFAAGAAgAAAAhAI/1OMaZBwAAgDsAAA8AAAB3b3JkL3N0eWxlcy54bWy0m99TnEgQx9+v6v4H inezv9S9WNmkjMbTKpOYrNY9szDrTgnMHgxR76+/nh4WERboFvKkC0x/eqZ7vs3q9IdPT1Ho/BJJ KlW8cCfvxq4jYl8FMr5fuHe3Fwd/uU6qvTjwQhWLhfssUvfTxz//+PB4kurnUKQOGIjTk8hfuBut tyejUepvROSl79RWxHBzrZLI0/AxuR9FXvKQbQ98FW09LVcylPp5NB2Pj93cTEKxotZr6Ytz5WeR iDWOHyUiBIsqTjdym+6sPVKsPaok2CbKF2kKk45Cay/yZFyYmRzWDEXST1Sq1vodTGZkPRoZUzB8 MsbfotB1Iv/k6j5WibcKYfEeJ4fuR1i5QPnnYu1loU7Nx+QmyT/mn/DHhYp16jyeeKkv5S0sKRiI JNi6PI1T6cId4aX6NJXe3psb89TeO36qS9Y+y0C6I0NM/wObv7xw4U6nuytnxoNX10Ivvt9dE/HB 3bLsycItLq3A7sL1koPlqTE2wmnufpamu301efiErmw9H4IBHG+tBSQF5IjhhNLk4HQO+WI//MzM unqZVjkEDQCsbBY+VlYccgUyZ2kTGO6K9bXyH0Sw1HBj4SILLt5d3SRSJZCkC/f9e8OEi0sRyUsZ BMLsl/zaXbyRgfhnI+K7VAQv139cYPLnFn2VxRrcP55jFoRp8OXJF1uTtmA69kyEv5kBkDgQjhIH Hcrkizf2QoWKF//dISc2hnspG+GZHe6g/60gnHXWGzQ1MypPAO2yfJ31N3HY38RRfxOYvP3WYt7f C9D1vhGxuVHKSnpQtfJt8pXXYfa+JWXNiFoWdY6oJU3niFqOdI6opUTniFoGdI6oBbxzRC2+nSNq 4Wwd4XsoXNUsmuFqkDb2rdShMONbBWjSU+ryUuPceIl3n3jbjWMKa9XtNrFcZitNcxXl9O1iudSJ iu87VwSqs9m6b9bkL9F246US3pI6ln7ac+lvzVuP83cig07UkU2+2pzwxWRvCbsJPV9sVBiIxLkV TzaijPHflLO0bxmdzvUM67W832hnucGS2wk7blj05pWw9q9limvQupmOG6bSZZwUw+OGvGw2/lUE Mot2S0N4Gzm2es4IcwWBLrYv0aEJUX13dc7CBIAyBVsu+FNA+wT/bXHh2zcxpvhvS9Eb7RP8t4Xr jfYxP9rjy1aac/jS6pC215y9d89UqJJ1Fu72QKc8zNk7uEDQpsDexIV9kkjM2Tv4lXw6p74P39wo ecqOxYuOMijscFgKbjb6XNhBqcjehDEjdoAqrCmD1U9rGSC26P4Uv6T5mxi3GKBKF++andt51rAC UIJI79A/MqW736GnDZpHpVzF8OeSVDg02qxh51FpeT7ZeseIcb/CxwD1q4AMUL9SyAA15EfzO09R E+mQ/sWRwWLLclHFMO3IyjxnK3MB4pWAgeom4f2rYfc250K9bhIo7ADV6yaBwo5OpZYVdZPAGqxu ElgNVaM5RmVN5UyKXTfLoOJNgDCjYcSbABpGvAmgYcSbAOov3t2Q4cSbwGJrQ6GpZfEmgPARzlf9 AlQWbwKIrQ1W7fK/Ge3qHlpp/3I7gHgTKOwA1cWbQGFHp0m8CSx8hJMJFVYhdQTWMOJNAA0j3gTQ MOJNAA0j3gTQMOJNAPUX727IcOJNYLG1odDUsngTQGx5KEBl8SaA8BGONuwVb9z1v128CRR2gOri TaCwo1MR1OIllcBiB6jCKsSbwMJHOMmQszC5OZMaRrwJMxpGvAmgYcSbABpGvAmg/uLdDRlOvAks tjYUmloWbwKILQ8FqCzeBBBbG/aKN27G3y7eBAo7QHXxJlDY0akIaqFzBBY7QBVWId4EFuZLb/Em gPCRt4I4MxpGvAkzGka8CaBhxJsA6i/e3ZDhxJvAYmtDoall8SaA2PJQgMriTQCxtWGveOMe+e3i TaCwA1QXbwKFHZ2KoBbiTWCxA1RhFVJHYA0j3gQQJmZv8SaA8JE3gHAXccI0jHgTZjSMeBNA/cW7 GzKceBNYbG0oNLUs3gQQWx4KUFm8CSC2NphztnBelHw8ddKQBNRzBrtTDWTgtCFIVGA+wZ9iLRJo shLdp0N6AnczZBAb0oM6xc9KPTi0g92zhgQho+QqlAqPdD/jKZ1SI8Js3tJJcPv9zLm0DTC1cZhS r0/eQPdQuV0I25NM4xD4qZ+30LKz3Z0sN9agQcj0deUtQNgidwUNQXlbjxls+nzgQWyqyi/j/21z KvwORBxYR/kbYPnQEdWCulEhdMeBUwF4orHTqIxsOA+PLrw0Y+wczM/Fv7w92edenc5s9VibM+At 3uIZcS9rXR8HH7IRrbsIjVnoVJePEK5VaNvL4JerOIA5QoMg/sfMBjJ48qwpuH8mwvCrh81oWm2b Hw3FWtu7kzFWv4qpldJaRc3jEzwcjp7sMwCpUHbGfjSTaM6ROItWIoHurpZVP838LBYhnFgWtQSB g/GmpPRd7mYHXyVxsUOupYg3sJ8SDYf5615dmlvQ/vdg/Vp50Gf33bTN4T6q5HxDMtMzBdphTXqg 7fH4Ynb05fzIgqFX02xL35zbfXkCnrnIF2x30TSTQubbzYGjXlZk91v68X8AAAD//wMAUEsDBBQA BgAIAAAAIQASjLuGJQIAALkGAAASAAAAd29yZC9mb250VGFibGUueG1srFTbbuIwEH1faf8h8nuJ HdKWooYK6CLtyz6suh9gjANWfYlsQ8rf78QOKRJES6pNJCs5Yx/NnDnj55cPJZMDt04YXSAywijh mpmN0NsC/Xlb3U1Q4jzVGyqN5gU6codeZt+/PdfT0mjvEjiv3VSxAu28r6Zp6tiOK+pGpuIagqWx inr4tdtUUfu+r+6YURX1Yi2k8Mc0w/gBtTT2FhZTloLxV8P2imsfzqeWS2A02u1E5U5s9S1stbGb yhrGnYOalYx8igrd0ZD8gkgJZo0zpR9BMWnMKG2o4DjB4UtJlCg2/bnVxtK1BO1qkqNZK1xSTzVV AC6pFGsrQqCi2jhOIHagskA4wyt8D2vz5njcrChtGNiOWsd9txFHuKRKyOMJdbVwLgYq4dnuhB+o FU1CMeTEFgJ7t8YF+kEwxtlqhSJCCpQDMF92SAZJxeep3TPuEHAOJBZ4whbyFHgAAZ72VMgzjda5 UOJNKO6SX7xOfhtFdY8iGX4AJe5Bj0aZ8SBFbOANCt6qCCSezbv6oZIlII+TnLT1D1Ik8tyuyBza bHSfNwieBE+Q1hvjq95YkGveoHtvBlkjNHCCT2WftzSa5VOIYAQwVL81oHGtWc55oC991piDY2Wy kJS999higecgQzN87bhcFQP/p0EJamSTx9YE51V8QY2hg7KkCm4M2qNEMxhxQJpBGXZlfG1ALq8M nHcjM8QX/74yWoO42V8AAAD//wMAUEsDBBQABgAIAAAAIQDspeQj2wEAANgDAAAQAAgBZG9jUHJv cHMvYXBwLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxTwW7bMAy9D9g/ GL43ioMu6AJGxZBi6GFbA8Rtz6xMJ8JkSZDUoNnXj4ob1+l2qk/vkTT5/EjD9Utnij2FqJ1dltVk WhZklWu03S7L+/r7xVVZxIS2QeMsLcsDxfJafv4E6+A8haQpFtzCxmW5S8kvhIhqRx3GCactZ1oX OkxMw1a4ttWKbpx67sgmMZtO54JeEtmGmgs/NCz7jot9+mjTxqmsLz7UB8+CJdTUeYOJ5K8sx4AY AlC7hKbWHclqzvGBwRq3FGUFogfw6ELDfMaRHsJqhwFVYvfk/OsXECMO37w3WmFiX+VPrYKLrk3F 3dGBIr8PYlwC7MqG1HPQ6SCnIMYUfmjLSnhAD1hZwG1Av3uVNzDYKDS04k+XLZpIIN4CcEuY17pG zXphnxZ7UsmFIuo/vNhZWTxhpGzYstxj0GgTG5fLenLExscUZK1T4N6c6/kRjsvGWF9mD7mWwXlh DvYaOHGujicYinctf2n6j9hqLPaooZc6kjOCw4x3XVeu82gPPHxAbPDveO9rd5OP5dXD8+Bo6486 7TYeFS/nqjrb/ygDG74Sanihp35vAbhlu4PJQ/l27JaaU82/iXxRD/2PKqvLyZSf4wmdYnynwx8k /wIAAP//AwBQSwECLQAUAAYACAAAACEACSSHgoEBAACOBQAAEwAAAAAAAAAAAAAAAAAAAAAAW0Nv bnRlbnRfVHlwZXNdLnhtbFBLAQItABQABgAIAAAAIQAekRq38wAAAE4CAAALAAAAAAAAAAAAAAAA ALoDAABfcmVscy8ucmVsc1BLAQItABQABgAIAAAAIQDLB57NXQEAAHMEAAAcAAAAAAAAAAAAAAAA AN4GAAB3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAP4i20fPBQAA /iAAABEAAAAAAAAAAAAAAAAAfQkAAHdvcmQvZG9jdW1lbnQueG1sUEsBAi0AFAAGAAgAAAAhALGJ VPOsBgAApRsAABUAAAAAAAAAAAAAAAAAew8AAHdvcmQvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQA BgAIAAAAIQBK/y3jggMAAMsIAAARAAAAAAAAAAAAAAAAAFoWAAB3b3JkL3NldHRpbmdzLnhtbFBL AQItABQABgAIAAAAIQAXoBZOAgEAAKwBAAAUAAAAAAAAAAAAAAAAAAsaAAB3b3JkL3dlYlNldHRp bmdzLnhtbFBLAQItABQABgAIAAAAIQBAZPnJHAgAAHE+AAAaAAAAAAAAAAAAAAAAAD8bAAB3b3Jk L3N0eWxlc1dpdGhFZmZlY3RzLnhtbFBLAQItABQABgAIAAAAIQBN/w4rSAEAAHUCAAARAAAAAAAA AAAAAAAAAJMjAABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCP9TjGmQcAAIA7AAAP AAAAAAAAAAAAAAAAABImAAB3b3JkL3N0eWxlcy54bWxQSwECLQAUAAYACAAAACEAEoy7hiUCAAC5 BgAAEgAAAAAAAAAAAAAAAADYLQAAd29yZC9mb250VGFibGUueG1sUEsBAi0AFAAGAAgAAAAhAOyl 5CPbAQAA2AMAABAAAAAAAAAAAAAAAAAALTAAAGRvY1Byb3BzL2FwcC54bWxQSwUGAAAAAAwADAAJ AwAAPjMAAAAA --0000000000006fc97305d3fb32c3-- From apmail-jhardin-owner@apache.org Tue Dec 28 03:06:02 2021 Return-Path: Received: from athena.impsec.org (tunnel.impsec.org [127.0.0.1]) by athena.impsec.org (8.14.9/8.14.9) with ESMTP id 1BSB62x5011052 for ; Tue, 28 Dec 2021 03:06:02 -0800 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_60,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, FREEMAIL_REPLYTO_END_DIGIT,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, REPTO_419_FRAUD_OL,SPF_HELO_PASS,SPF_PASS,T_FREEMAIL_DOC_PDF, T_FREEMAIL_DOC_PDF_BCC,USER_IN_DEF_SPF_WL autolearn=disabled version=3.4.4 X-Spam-Relay-Country: US US FI ** IN US Received: from tunnel.impsec.org [127.0.0.1] by athena.impsec.org with POP3 (fetchmail-6.3.26) for (single-drop); Tue, 28 Dec 2021 03:06:02 -0800 (PST) Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BSB59eE042007 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 28 Dec 2021 05:05:14 -0600 Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 2DFC13EAD3 for ; Tue, 28 Dec 2021 11:05:07 +0000 (UTC) Received: (qmail 80562 invoked by uid 500); 28 Dec 2021 11:05:07 -0000 Delivered-To: apmail-jhardin@apache.org Received: (qmail 80558 invoked by uid 99); 28 Dec 2021 11:05:07 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Dec 2021 11:05:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 595ECC0546 for ; Tue, 28 Dec 2021 11:05:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id 1oFrby-zBl38 for ; Tue, 28 Dec 2021 11:05:04 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::1044; helo=mail-pj1-x1044.google.com; envelope-from=zambruttab@gmail.com; receiver= Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 773577EA50 for ; Tue, 28 Dec 2021 11:05:04 +0000 (UTC) Received: by mail-pj1-x1044.google.com with SMTP id r16-20020a17090a0ad000b001b276aa3aabso7999234pje.0 for ; Tue, 28 Dec 2021 03:05:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to; bh=GXGv87/zYwTLgs2d6FiuEoFJ0jHymw00s79ZAG6ToGY=; b=e/c8yaKK5o3norh9OqqlfPyIlWJeXB8/D0xtsEZdQRe9uFjiiOUAHjkFX8zZ+Jiy5v kfhPqyD43jNd65dtKGgcYgol2Z/jH9fggbAlEK4A76OpiH33EbiuUocOroKkDf137Ha1 ptS7yx9PFhou4SoTvMbXlQ37/RMJG3xkj21VJwovDlDdjbDw/u5LFeVbDhwL7s8tnWFV NBp4FXiG+0bjVbW5HWtjFaMeHowLoYKOqa4WTE8p31VVdFM4RYww51drh+WgDpkZPflU FoI8i9oq2ClBhbeAQpzPiObgoPK+V8sFAbDQJb35RzPIYmtVLjhEGuVuNdV8sW6D/aeg AXwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=GXGv87/zYwTLgs2d6FiuEoFJ0jHymw00s79ZAG6ToGY=; b=qCu2AZjQVHJd+4cuacVII9IFhbtXgKKpGpajPsbDHpawzuh6wKoHql035y8Ovaq0sc cOdxCr2w6I009PSbYT+RezpUmRzq/+tc+Z7DhSXxrSDx5VIKpOcs4jzIWMzD0w+BySzp ejbJNQiEweYEZWPPUL4FAJK5c/9LoxQ8KCQR+W9LdVogjsMcjykOtzzKQcPniFZHy1Er Uzz5c8lExDCQMuGbdMsJz31zmhh6tbWq2PyuxDzly47Z1TWyXwMynmuBQQsPhDcNJgq4 7bD7FFWFzhq4WWx2Iuz4wMAzosB9w+Z2gvBdnntDrvszkby3GeMfct3jXY8TfEJ+Dbup ttqQ== X-Gm-Message-State: AOAM533MJ8tU26gKFJTRJbFiYqu1JSY6/ui9JjB14jyekT2tsUUUzFu2 EVSzjmRfU4jgRDcXIx4JuFj2j/ZFH0f//KQQbEc= X-Google-Smtp-Source: ABdhPJycczb8d8u87UXV/PzalKunD5JL4/Y6anytXsVo9LwhRHasekuBst2+Nzw9rvm0oKLyPUP/N47co0tATFvWqG8= X-Received: by 2002:a17:902:cec8:b0:148:f0dd:3ce0 with SMTP id d8-20020a170902cec800b00148f0dd3ce0mr21375298plg.156.1640689502516; Tue, 28 Dec 2021 03:05:02 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:6a10:8714:b0:238:f025:f3fb with HTTP; Tue, 28 Dec 2021 03:05:01 -0800 (PST) Reply-To: westeruniontransferunite7@outlook.com From: ZAMBRUTTA BIG Date: Tue, 28 Dec 2021 11:05:01 +0000 Message-ID: Subject: RE To: undisclosed-recipients:; X-Security: message sanitized on ga See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.152pre10 $Date: 2017-04-29 07:29:24-08 Content-Type: multipart/mixed; boundary="000000000000fc100005d432caeb" X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 28 Dec 2021 05:05:14 -0600 (CST) for IP:'3.227.148.255' DOMAIN:'mxout1-ec2-va.apache.org' HELO:'mxout1-ec2-va.apache.org' FROM:'apmail-jhardin-owner@apache.org' RCPT:'' X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 28 Dec 2021 05:05:14 -0600 (CST) Status: R X-Status: X-Keywords: X-UID: 379 Content-Length: 19167 --000000000000fc100005d432caeb Content-Type: text/plain; charset="UTF-8" --000000000000fc100005d432caeb Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="Attention.docx" Content-Disposition: attachment; filename="Attention.docx" X-Attachment-Id: file0 Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQAJJIeCgQEAAI4FAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0 lE1Pg0AQhu8m/geyVwPbejDGlPag9ahNrPG8LkPZyH5kZ/v17x1KS6qhpVq9kMAy7/vMCzOD0UqX 0QI8KmtS1k96LAIjbabMLGWv08f4lkUYhMlEaQ2kbA3IRsPLi8F07QAjqjaYsiIEd8c5ygK0wMQ6 MHSSW69FoFs/407IDzEDft3r3XBpTQAT4lBpsOHgAXIxL0M0XtHjmsRDiSy6r1+svFImnCuVFIFI +cJk31zirUNClZt3sFAOrwiD8VaH6uSwwbbumaLxKoNoInx4Epow+NL6jGdWzjX1kByXaeG0ea4k NPWVmvNWAiJlrsukOdFCmR3/QQ4M6xLw7ylq3RPt31QoxnkOkj52dx4a46rppLbYq+12gxAopFNM vv6CcVfouFXuRFjC+8u/UeyJd4LkNBpT8V7CCYn/MIxGuhMi0LwD31z7Z3NsZI5Z0mRMvHVI+8P/ ou3dgqiqYxo5Bz4oaFZE24g1jrR7zu4Pqu2WQdbizTfbdPgJAAD//wMAUEsDBBQABgAIAAAAIQAe kRq38wAAAE4CAAALAAgCX3JlbHMvLnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJLbSgNBDIbvBd9hyH032woi0tneSKF3 IusDhJnsAXcOzKTavr2jILpQ217m9OfLT9abg5vUO6c8Bq9hWdWg2JtgR99reG23iwdQWchbmoJn DUfOsGlub9YvPJGUoTyMMaui4rOGQSQ+ImYzsKNchci+VLqQHEkJU4+RzBv1jKu6vsf0VwOamaba WQ1pZ+9AtcdYNl/WDl03Gn4KZu/Yy4kVyAdhb9kuYipsScZyjWop9SwabDDPJZ2RYqwKNuBpotX1 RP9fi46FLAmhCYnP83x1nANaXg902aJ5x687HyFZLBZ9e/tDg7MvaD4BAAD//wMAUEsDBBQABgAI AAAAIQDLB57NXQEAAHMEAAAcAAgBd29yZC9fcmVscy9kb2N1bWVudC54bWwucmVscyCiBAEooAAB AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKyUwW7CMAyG75P2DlXua4BtMCEKO4xJHHbZmHYO qdNGpHGVmAFvv1DEKBt0O/RSyY7s/8vvuKPJpjDRJziv0SasG3dYBFZiqm2WsPf5880DizwJmwqD FhK2Bc8m4+ur0SsYQaHI57r0UehifcJyonLIuZc5FMLHWIINJwpdISiELuOlkEuRAe91On3u6j3Y +KRnNEsT5mbpLYvm2zIo/90bldISnlCuCrB0RoJ7IAo386GncBlQwg6ZOHAyfh5h0CYCBWvgqF+F vPp2mxh6FxgKLR16VBRLLPjegd3NB6fmck9bA/5DUz5VCiTVLfh51MTRvcBxZtT/GEelfDRjD9kk 329TXqGluViY2ji+U00Q921C5OFxO6Pt8mhDIbQhHK7BE7iVDUtGTlivqoBg8IgrMojL3cgPVS+Y hh2ZbkKFFRdf8l2b5GtYvP3ap1ryYCE/+VWMvwAAAP//AwBQSwMEFAAGAAgAAAAhAP4i20fPBQAA /iAAABEAAAB3b3JkL2RvY3VtZW50LnhtbORa627bNhT+P2DvQAgD1gKN7TiXdkbjznUuC9ZlQZOg GDCgoCRKIkKRAklZdZ9mz7In20fKcnyJUzdtgdrLH1kkdXju5+NhXr76kAsyYtpwJY+C3VYnIExG KuYyPQpurk93XgTEWCpjKpRkR8GYmeBV/8cfXla9WEVlzqQlICFNryqioyCztui12ybKWE5NK+eR VkYlthWpvK2ShEesXSkdt7ud3Y7/VWgVMWOw35DKETXBhFy+TE0VTGKvROmcWtNSOm3nVN+WxQ6o F9TykAtux6DdOWzIqKOg1LI3YWhnypD7pFczNHk0X+glKe7Zt/7yeKIBv2NbMwEelDQZL+7EeCw1 iJg1LI0eEmKUi2ZdVezuL+03FXkdGxxrWsEUdwSXyN2jjLj+KBe1Hpx976y6SHG385AwE4s4ElMe 1mFhfs+Gk5xyOSXzONXMKhcR8SX+faZVWUzZKfiXUTuXt1NaLjA/g7POoY+8WdHMZxFYCt2rjBYs IHnUO0+l0jQU4Kja3SfOI4M+kkWo4rF7FqTqIdnEb4+CTmd/sHd4MAyaoUuEXqdzOtx70f1lOnjM EloKOzPjyVxq99CTx6mS1oBMBDkGGdVK8qDtFkRKKI2JERWOwuvOQaeeEFSmzTiTO8OBG25PKOJZ TCjfy9t9W1MTcZh0oDkV5LWgEcxT9bKBNMujS2yGntlwaB5m2nxsWO4+r8UwH4dObi9ePdbIUPV8 Yu6ZgkYwRqGZYXrEgj4ZWIusjUTl5LW11F6nWqnkRDt12XGBb1JN8ytLta33chPedHN22hBd9J+t I+2JjDdf1lBPXNmZJlTq1hVJb0cYkMeIA+eZkuYw8fsz9dq5au1/k7XQwnSln9hky3ttrAyGQWKZ JqrUJOESgZszZlH/CA1VacnYT5QyfkYqRmJWKMMtiwklwDfRLeHSqrtF5MlPpNs6IDkXAtH1lNgM GT/N8GTkHTPYSZIbiSlHCmHlwFOLDIRwNEhGR4yAXqwINyRCRqORXfjumGsWWWS0Y90ip0wDpgGa kU+5timYEFsTyTc5y9aSeCuieVUWH3FK2A4Qjvj3n09pY0MS+d5hnYdmi1o9NlPU+k8WpF0/OS2V 3RXoYHa39ZT7CE9bYiasc/DXxQCJiIfAQ0jnk1/XvrKHLAUynikTX6DEb8I3l8bqa/Zhlff/9tfl yds35xe/k8CFgFW9yifY0qVXq6k0CdN4sez5r8jkApXNHX8C8rclwfsQ6A/wzDnSdKM7HPS96WKF DY2rIdSyzzPjlR0LBnfwiPENZzKDQ2gLTXtCQHgrsfQ3MbTtV18vnr8JhyvUz2qo6HKFw1lejYLL W6I9xtLn8UEAPdvUngJGO6g18Tqs5QY1fIx2iz8afdrfvj+jrRNsc3aFnqYq8kcG6GZzDxNPAQgz HmWkAtYjaHaMeMw8iqu4zYALkb3KyDeDCOBepiqH7FRo0ZCoAaNVFnAzAbZskWMlf7YEba2UWbfO wLdIxvN6pettCWYZqNadLwcgsYqOFI8xGCntQCHxWS/naKUp+YyYEtxRM2cDaHyDtT53rNl4QdzJ +wJ5gaiEwHy8QCq25P3837ZZzwk9iGO0IkxvUVZIvo3iDlUJPDJeEHcbJb1mghUZLgmILPOQ6S0X uSn8G5+JGkFQxba4/edr7ELY3SvxI45ym9P6XcAYvr81CytCalCRasDielIxKlOMhhfghsMmfj3u h6RrkXnssqDRrQmGjRfEldorgEOGW8nxgpXu9futaQ/+zxr9ztDvTq6uT95ekJuL8z8vWnPWRnYv 3HnL4IhwOfVqdxf20OWb+6JIr9x1U4Vjare77+8MMvw+eIHfvlVVpH/4zpJVBcb36yWapxku65rX UFmr8rt3wZKZ2YzRmOHS73nXk0+UQo98+pqWuKhyV4L1dmjWuauuyX2W+8Rzgf9CONM4CFU9nL7Z JbcRuNw79LMQvpbbN3fqK0iMNf+40P8PAAD//wMAUEsDBBQABgAIAAAAIQCxiVTzrAYAAKUbAAAV AAAAd29yZC90aGVtZS90aGVtZTEueG1s7FlPbxtFFL8j8R1Ge29jJ3YaR3Wq2LEbaNNGsVvU43h3 vDvN7M5qZpzUN9QekZAQBXGgEjeQEFCplbiUEx8lUARF6lfgzczueidek6SNoILm0Nqzv3n/32/e rC9fuRczdECEpDxpe/WLNQ+RxOcBTcK2d2vYv7DmIalwEmDGE9L2pkR6VzbefecyXlcRiQmC/Ylc x20vUipdX1qSPixjeZGnJIFnYy5irOCrCJcCgQ9BbsyWlmu11aUY08RDCY5B7DD6+RsQdnM8pj7x NnLpPQYqEiX1gs/EQMsm2ZYSNtiva4Scyi4T6ACztgeKAn44JPeUhxiWCh60vZr585Y2Li/h9WwT Uwv2lvb1zV+2L9sQ7C8bnSIcFUrr/Ubr0lYh3wCYmsf1er1ur17IMwDs++CptaUss9Ffq3dymSWQ /Tgvu1tr1houviR/Zc7mVqfTabYyW6xQA7IfG3P4tdpqY3PZwRuQxTfn8I3OZre76uANyOJX5/D9 S63Vhos3oIjRZH8OrRPa72fSC8iYs+1K+BrA12oZfIaCaiiqS6sY80QtqrUY3+WiDwANZFjRBKlp SsbYhzLu4ngkKNYK8DrBpSd2yZdzS1oXkr6gqWp776cYWmIm7+Wz714+e4KO7j89uv/j0YMHR/d/ sIKcXds4Ccu7Xnz9yZ+PPkR/PPnqxcPPqvGyjP/1+49++enTaiC0z8yc558//u3p4+dffPz7tw8r 4JsCj8rwIY2JRDfIIdrjMThmouJaTkbibDuGEablHZtJKHGCtZYK+T0VOegbU8yy7Dh2dIgbwdsC 6KMKeHVy1zF4EImJohWar0WxA9zhnHW4qIzCNa2rFObhJAmrlYtJGbeH8UGV7i5OnPz2JinwZl6W juPdiDhm7jKcKByShCikn/F9Qiq8u0OpE9cd6gsu+VihOxR1MK0MyZCOnGqabdqmMeRlWuUz5NuJ zc5t1OGsyustcuAioSswqzB+SJgTxqt4onBcJXKIY1YO+HWsoiojB1Phl3E9qSDTIWEc9QIiZdWe mwL8LSX9GgbGqkz7DpvGLlIoul8l8zrmvIzc4vvdCMdpFXZAk6iMfU/uQ4litMtVFXyHux2iv0Me cLIw3bcpcdJ9MhvcoqFj0qxA9JOJqMjlVcKd+h1M2RgTQzVA6g5XxzT5O+JmFJjbajg/4gaqfP7l owq731TK3oTTq6pnto8R9SLccXruchHQN5+dt/Ak2SXQEPNH1FtyfkvO3n+enBf18/lT8oyFgaD1 LGIHbTN2xwun7jFlbKCmjFyXZvCWcPYEfVjU+8yVkxS3sDSCj7qTQYGDCwU2e5Dg6gOqokGEUxja 654WEspMdChRyiVcFs1ypWyNh8Ff2atmU19CLHNIrHZ4YJdX9HJ+1yjEGKtCc6HNFa1oAadVtnIp Ewq+vYqyujbq1NrqxjRDio62wmUdYnMph5AXrsFiEU0YahCMQhDlVbj0a9Vw2cGMBDruNkd5WkwW zjNFMsIByXKk/Z7PUd0kKa+VOUe0H7YY9MXxhKiVtLW02NfQdpokldU1FqjLs/c6WcoreJYlkHa8 HVlSbk6WoMO212ouNz3k47TtjeGeDB/jFLIu9RyJWQhvm3wlbNmf2Mymy2fZbOWOuU1Qh1cfNu5z Djs8kAqptrCMbGmYR1kJsERrsvYvNyGs5+VABRudzoqVNSiGf80KiKObWjIeE1+Vk11a0bGzXzMq 5RNFxCAKDtGITcQehvTrUgV/AirhdYdhBP0F3s3paJtHLjlnTVd+I2Zwdh2zNMIZ3eoWzTvZwg0h FTaYbyXzwLdK241zZ3fFtPw5uVIu4/+ZK/o8gbcPK4HOgA/vhgVGulPaHhcq4sBCaUT9voDBwXAH VAu834XHUFTwhtr8L8iB/t/2nJVh2houkWqPhkhQOI9UJAjZBVoy1XeCsHp2dlmRLBNkKqpkrkyt 2SNyQNhQc+CqPts9FEGpGzbJaMDgjtef+z3roFGoh5xyvzlMVpy9tgf+6cnHNjM45fKwGWjy+Bcm FuPB7FS1+832/OwtO6IfzMasRt4VoKx0FLSytn9FE8541FrGmvN4uZkbB1mc9xgWi4EohXdISP8D 5x8VPrO/dugDdcj3gFsR/HihhUHZQFVfsIMH0gRpF0cwONlFW0xalA1tNjrpqOWH9TlPuoXeY8HW lp0m32cMdjGcueqcXjzPYGcRdmJt1xaGGjJ7vEVhaZxfZExizO9k5V+y+OguJHoLfjOYMCVNMcHv VALDDD0wfQDNbzWarRt/AQAA//8DAFBLAwQUAAYACAAAACEASv8t44IDAADLCAAAEQAAAHdvcmQv c2V0dGluZ3MueG1stFZbb9s2FH4fsP9g6LmO5EuyVIhTbE68tYjbYUp/ACUey0R4A0lZcX/9Dkkx ahY3KFb0yUfn8p37oa/ePQo+OYCxTMlVNjsrsgnIRlEm21X2+X4zvcwm1hFJCVcSVtkRbPbu+tdf rvrSgnOoZicIIW0pmlW2d06XeW6bPQhiz5QGicKdMoI4/DRtLoh56PS0UUITx2rGmTvm86K4yAYY tco6I8sBYipYY5RVO+dNSrXbsQaGn2RhvsdvtLxRTSdAuuAxN8AxBiXtnmmb0MT/RcMU9wnk8FoS B8GTXj8rXtMc0u2VoU8W3xOeN9BGNWAtNkjwmK4gTD7BzJYvgJ5KfYalzqPv3EOh+awI1Bi55S/s T3Q7dvGO1YaY2GYcAB+FaMr3rVSG1ByHqp8ts2ucqC9KiUlfajANNgnHsSiy3AswGbWrHHGAYquB 8zCfDQeCYH3ZGiJwslZZ5AQbCjvScXdP6sopjUoHgjH/Nh8gmz0xpHFgKk0aRFsr6YziSY+qj8qt cUoNFjEGEWfWhxOpKs4/WkgiMIvIHWZ6qyj4yDrDXhTqm4X2BiFKrEfI4bQjhftqGAVMjUPljhw2 GHzFvsDvkn7orGO4JWGyfyCC1wIA6T1/wu2+P2rYAHEdluknOQud2HCmt8wYZd5LirPxo87y1ETf Tjx+1CbiH6VcakNRbBbntzfnsRZebZTMF8X68vaUZL2Y396uT0m+jbZZLy7nb70NRjbEI0p/Uv42 11eR8k2eiDggayJqw8hk648OWomyNg9/MJnkNeDRha8lVVcn4XQaBVYQzje4BUkQVkOUlFl9A7sA y7fEtCPuoGFOcnHjPjxh+Q0G86dRnY7eekN0bF5yN1suBzwm3R0TiW+7ukpWEg/HV6JO0k8H4wHz sTx96fC9CUtwR2SbegRy+rnyqthrbir/JsGWaI3Ljip1O1tlnLV7N/OD6/CL4tsUPup2PsjmQYZf XhY+SOMzQ+2B8AqRRK2BGHmLxFuMPLy8UW858s4T73zkXSQevo19ucdNM3j2HvCcJNLzd4pz1QP9 KzFX2QtWLILdEw3YV38VcdxVGRjDmbSTQwmPeHOBModPvmZUkEd/gucX3nzQ5uSoOvdM18u8sn7G nVDiCJqHVj0zDiP+n1j6kkLDcByro6jHI3wWA+fMugo03munDKYcTuSbgDz+C7n+FwAA//8DAFBL AwQUAAYACAAAACEAF6AWTgIBAACsAQAAFAAAAHdvcmQvd2ViU2V0dGluZ3MueG1sjNDBSgMxEAbg u+A7LLm32ZUisnS3IFLxIoL6AGl2dhvMZMJMaqxPb9qqIF56yySZj5l/ufpAX70Di6PQqWZeqwqC pcGFqVOvL+vZjaokmTAYTwE6tQdRq/7yYpnbDJtnSKn8lKooQVq0ndqmFFutxW4BjcwpQiiPIzGa VEqeNBp+28WZJYwmuY3zLu31VV1fq2+Gz1FoHJ2FO7I7hJCO/ZrBF5GCbF2UHy2fo2XiITJZECn7 oD95aFz4ZZrFPwidZRIa07wso08T6QNV2pv6eEKvKrTtwxSIzcaXBHOzUH2Jj2Jy6D5hTXzLlAVY H66N95SfHu9Lof9k3H8BAAD//wMAUEsDBBQABgAIAAAAIQBAZPnJHAgAAHE+AAAaAAAAd29yZC9z dHlsZXNXaXRoRWZmZWN0cy54bWy0m21T2zgQx9/fzH0Hj99DHni6Mk07FMrBDG1pA3OvFVshGmzL 5wcC9+lvJdmKseN4N3ZflTjW/na1q/8KKn38/BoGzgtPUiGjmTs5HLsOjzzpi+hp5j4+XB/85Tpp xiKfBTLiM/eNp+7nT3/+8XF9nmZvAU8dMBCl5+vYm7mrLIvPR6PUW/GQpYeh8BKZymV26MlwJJdL 4fHRWib+aDqejPVPcSI9nqZAu2TRC0vdwlzYtCZjHgFrKZOQZemhTJ5GIUue8/gArMcsEwsRiOwN bI9PSzNy5uZJdF44dGAdUkPOjUPFP+WIpBHFFq4ZeSW9PORRpomjhAfgg4zSlYg3YexrDUJclS69 7AriJQzK99bx5LjBsyFjcnCVsDWkYmOwYW7LZPhmUBiYeVD53WS1bnEy3hVMkRFlwvqAceE9s/Qk ZCKyZvabmurkwnroU99/JzKPrTux6GftNnq2ttSyJHg2PtUrrxpaSjLQWLrzFYu564Te+e1TJBO2 CMCj9eTYURXpfgKp8KV3xZcsD7JUfUzuk+Jj8Un/cy2jLHXW5yz1hHgACQEroQCDNxdRKlz4hrM0 u0gF2/rlSr219RsvzSrWvghfuCNFTP8Dmy8smLnTafnkUnnw7lnAoqfyGY8OHudVT2aufbQAuzOX JQfzC2VspMMs/62EG78LHj5pV2LmwcoDDltmHEQIVExxAqGyOz0DRTMffuVqclmeyQKiDQCsahY+ 1mYctAmUam4UG77lyzvpPXN/nsEXM1ez4OHj7X0iZAIyOnM/fFBMeDjnobgRvs9VgyiePUYr4fN/ Vjx6TLm/ef7zWstzYdGTeZSB+6dnugqC1P/66vFYySSYjpjK8Hc1ADQM0lHhaIdysfHGPKhR9cN/ S+TE5HArZcWZammO9n8nSEed9wZNVUTVALRdkq9H/U0c9zdx0t+ELt5+c3HW3wvYyPTNiKmNSlXi k5pJzxRfdR6OPuwoWTWiUUWdIxpF0zmiUSOdIxol0TmiUQGdIxoJ7xzRyG/niEY6d47wmBauehUd 6dlALewHkQXQJzuUbtJT6opW49yzhD0lLF45qrHW3d4llvN8keFc1XK6v1jOs0Sq7WbHjEB3Vkt3 b03+GsYrlgrYlXeBek79g9r6OH8nAravHagTU3yNmPTGZGsLuw+Yx1cy8HniPPBXk1HC+O/SmZtd RqdzPdN6J55WmQO7QtVyO2GnLZPePhPG/p1I9Rzs7OanLaF0GUfl8LSlLtuNf+O+yMNyahC7kVOj 54Q01xDaxd1TdKxS1FxdnVGoBGBCMO2CHoK2j/DfNBe6fZVjjP+mFe1pH+G/aVx72tf1sTu/ZKW5 gj+rOKjldUZeu5cykMkyD8o10CkPZ+QVbBG4EMiL2NpHicQZeQW/k0/nwvPgNzdMnZJzsdFRAoWc DkPRiw0fCzkpNdmbECIiJ6jGmhJY/bSWACKL7i/+ItQfganNQKu03Wt2LuejlhmAFoTaQ//MZda9 h562aB6WchvBn0tS7uBoRy0rD0sr6sn0O0KO+zU+AqhfBySA+rVCAqilPtr3PLYn4iH9myOBRZZl 28V02aGV+YyszBZEawED9U3E/qtl9bbXQrNvIijkBDX7JoJCzk6tl9m+iWAN1jcRrJau0Z6jqqZS giL3zSrI7gQQEQ0j3gjQMOKNAA0j3ghQf/Huhgwn3ggWWRusplbFGwHSr1B+1begqngjQGRtMGpX /M2o7Hvayu5fbgcQbwSFnKCmeCMo5Oy0iTeCpV+hVEKNZaUOwRpGvBGgYcQbARpGvBGgYcQbARpG vBGg/uLdDRlOvBEssjZYTa2KNwJElgcLqoo3AqRfoWjDVvHWq/63izeCQk5QU7wRFHJ2aoJqN6kI FjlBNZYVbwRLv0IphoKli5sS1DDijYhoGPFGgIYRbwRoGPFGgPqLdzdkOPFGsMjaYDW1Kt4IEFke LKgq3ggQWRu2irdejL9dvBEUcoKa4o2gkLNTE1SrcwgWOUE1lhVvBEvXS2/xRoD0K/uCKBENI96I iIYRbwRoGPFGgPqLdzdkOPFGsMjaYDW1Kt4IEFkeLKgq3ggQWRu2irdeI79dvBEUcoKa4o2gkLNT E1Qr3ggWOUE1lpU6BGsY8UaAdGH2Fm8ESL+yB0ivIkqahhFvRETDiDcC1F+8uyHDiTeCRdYGq6lV 8UaAyPJgQVXxRoDI2qDO2cJ5UfTx1ElLEWDPGZSnGtDAaUuSsMAiwF98yRO4Vci7T4f0BJYREogt 5YEN8YuUzw7uYPdRS4GgUWIRCKmPdL/pUzqViwhHZztuEjz8uHRuzAWYxjhdUu9P3sDtoep1IX09 SV0cAj+ztxiu7MTlyXJlDS4IqXtdxRUgfSf0Fi4EFdd61GB1zwde1Jeqisf6/20LKvwMRD2wifJW wPLgRtQO1L0M4GIpOOWDJ5m+aVRFtpyH1y5sLmOUDhbn4je7J/Peu9OZOz3O1BnwHd7qM+Is3zk/ jn7JZLTpIlzM0k51+QjpWgTmehn8cBv5EOO6uJllEum/MmMKvr/kQfCN6ctomYzbXw34MjPfTsa6 +9VMLWSWybB9fKIPh2tPthmAUqg6Yz6qINprJMrDBU+Ko+Yt5XiRe3nEAzixzBsFAgfjVUvpO93t Dr4rYrtC7gSPVrCekgwO8ze9ulFfwfW/Z+PXgsE9ux/q2pxeR7WabylmfKXA/W9VHtr2eHx9dPL1 6sSA4a6mWpaeOre7eQPeuS4mrHyoLnFD5ZvFoUdtZqT8Kf30PwAAAP//AwBQSwMEFAAGAAgAAAAh AE3/DitIAQAAdQIAABEACAFkb2NQcm9wcy9jb3JlLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAIyS30vDMBDH3wX/h5L3NkmnIqXtQGVPDgQ3FN9CcuuCTRqSuG7/vemP1Q59 EPJyd9987nuX5MujqqMDWCcbXSCaEBSB5o2QuirQdrOK71HkPNOC1Y2GAp3AoWV5fZVzk/HGwott DFgvwUWBpF3GTYH23psMY8f3oJhLgkKH4q6xivkQ2gobxj9ZBTgl5A4r8Ewwz3AHjM1ERCNS8Alp vmzdAwTHUIMC7R2mCcU/Wg9WuT8v9JWZUkl/MmGm0e6cLfhQnNRHJydh27ZJu+htBP8Uv6+fX/tR Y6m7XXFAZS54xi0w39hy68DmeJbollcz59dhzzsJ4uE0an7nO6mFg+zep6Q5noehRz/S0AhEFExm w0jnytvi8WmzQmVKUhrTNE5vN/QmC4eQj87Sxf3O9JBQo7F/ExfkkngGlL3jy49SfgMAAP//AwBQ SwMEFAAGAAgAAAAhAI/1OMaZBwAAgDsAAA8AAAB3b3JkL3N0eWxlcy54bWy0m99TnEgQx9+v6v4H inezv9S9WNmkjMbTKpOYrNY9szDrTgnMHgxR76+/nh4WERboFvKkC0x/eqZ7vs3q9IdPT1Ho/BJJ KlW8cCfvxq4jYl8FMr5fuHe3Fwd/uU6qvTjwQhWLhfssUvfTxz//+PB4kurnUKQOGIjTk8hfuBut tyejUepvROSl79RWxHBzrZLI0/AxuR9FXvKQbQ98FW09LVcylPp5NB2Pj93cTEKxotZr6Ytz5WeR iDWOHyUiBIsqTjdym+6sPVKsPaok2CbKF2kKk45Cay/yZFyYmRzWDEXST1Sq1vodTGZkPRoZUzB8 MsbfotB1Iv/k6j5WibcKYfEeJ4fuR1i5QPnnYu1loU7Nx+QmyT/mn/DHhYp16jyeeKkv5S0sKRiI JNi6PI1T6cId4aX6NJXe3psb89TeO36qS9Y+y0C6I0NM/wObv7xw4U6nuytnxoNX10Ivvt9dE/HB 3bLsycItLq3A7sL1koPlqTE2wmnufpamu301efiErmw9H4IBHG+tBSQF5IjhhNLk4HQO+WI//MzM unqZVjkEDQCsbBY+VlYccgUyZ2kTGO6K9bXyH0Sw1HBj4SILLt5d3SRSJZCkC/f9e8OEi0sRyUsZ BMLsl/zaXbyRgfhnI+K7VAQv139cYPLnFn2VxRrcP55jFoRp8OXJF1uTtmA69kyEv5kBkDgQjhIH Hcrkizf2QoWKF//dISc2hnspG+GZHe6g/60gnHXWGzQ1MypPAO2yfJ31N3HY38RRfxOYvP3WYt7f C9D1vhGxuVHKSnpQtfJt8pXXYfa+JWXNiFoWdY6oJU3niFqOdI6opUTniFoGdI6oBbxzRC2+nSNq 4Wwd4XsoXNUsmuFqkDb2rdShMONbBWjSU+ryUuPceIl3n3jbjWMKa9XtNrFcZitNcxXl9O1iudSJ iu87VwSqs9m6b9bkL9F246US3pI6ln7ac+lvzVuP83cig07UkU2+2pzwxWRvCbsJPV9sVBiIxLkV TzaijPHflLO0bxmdzvUM67W832hnucGS2wk7blj05pWw9q9limvQupmOG6bSZZwUw+OGvGw2/lUE Mot2S0N4Gzm2es4IcwWBLrYv0aEJUX13dc7CBIAyBVsu+FNA+wT/bXHh2zcxpvhvS9Eb7RP8t4Xr jfYxP9rjy1aac/jS6pC215y9d89UqJJ1Fu72QKc8zNk7uEDQpsDexIV9kkjM2Tv4lXw6p74P39wo ecqOxYuOMijscFgKbjb6XNhBqcjehDEjdoAqrCmD1U9rGSC26P4Uv6T5mxi3GKBKF++andt51rAC UIJI79A/MqW736GnDZpHpVzF8OeSVDg02qxh51FpeT7ZeseIcb/CxwD1q4AMUL9SyAA15EfzO09R E+mQ/sWRwWLLclHFMO3IyjxnK3MB4pWAgeom4f2rYfc250K9bhIo7ADV6yaBwo5OpZYVdZPAGqxu ElgNVaM5RmVN5UyKXTfLoOJNgDCjYcSbABpGvAmgYcSbAOov3t2Q4cSbwGJrQ6GpZfEmgPARzlf9 AlQWbwKIrQ1W7fK/Ge3qHlpp/3I7gHgTKOwA1cWbQGFHp0m8CSx8hJMJFVYhdQTWMOJNAA0j3gTQ MOJNAA0j3gTQMOJNAPUX727IcOJNYLG1odDUsngTQGx5KEBl8SaA8BGONuwVb9z1v128CRR2gOri TaCwo1MR1OIllcBiB6jCKsSbwMJHOMmQszC5OZMaRrwJMxpGvAmgYcSbABpGvAmg/uLdDRlOvAks tjYUmloWbwKILQ8FqCzeBBBbG/aKN27G3y7eBAo7QHXxJlDY0akIaqFzBBY7QBVWId4EFuZLb/Em gPCRt4I4MxpGvAkzGka8CaBhxJsA6i/e3ZDhxJvAYmtDoall8SaA2PJQgMriTQCxtWGveOMe+e3i TaCwA1QXbwKFHZ2KoBbiTWCxA1RhFVJHYA0j3gQQJmZv8SaA8JE3gHAXccI0jHgTZjSMeBNA/cW7 GzKceBNYbG0oNLUs3gQQWx4KUFm8CSC2NphztnBelHw8ddKQBNRzBrtTDWTgtCFIVGA+wZ9iLRJo shLdp0N6AnczZBAb0oM6xc9KPTi0g92zhgQho+QqlAqPdD/jKZ1SI8Js3tJJcPv9zLm0DTC1cZhS r0/eQPdQuV0I25NM4xD4qZ+30LKz3Z0sN9agQcj0deUtQNgidwUNQXlbjxls+nzgQWyqyi/j/21z KvwORBxYR/kbYPnQEdWCulEhdMeBUwF4orHTqIxsOA+PLrw0Y+wczM/Fv7w92edenc5s9VibM+At 3uIZcS9rXR8HH7IRrbsIjVnoVJePEK5VaNvL4JerOIA5QoMg/sfMBjJ48qwpuH8mwvCrh81oWm2b Hw3FWtu7kzFWv4qpldJaRc3jEzwcjp7sMwCpUHbGfjSTaM6ROItWIoHurpZVP838LBYhnFgWtQSB g/GmpPRd7mYHXyVxsUOupYg3sJ8SDYf5615dmlvQ/vdg/Vp50Gf33bTN4T6q5HxDMtMzBdphTXqg 7fH4Ynb05fzIgqFX02xL35zbfXkCnrnIF2x30TSTQubbzYGjXlZk91v68X8AAAD//wMAUEsDBBQA BgAIAAAAIQASjLuGJQIAALkGAAASAAAAd29yZC9mb250VGFibGUueG1srFTbbuIwEH1faf8h8nuJ HdKWooYK6CLtyz6suh9gjANWfYlsQ8rf78QOKRJES6pNJCs5Yx/NnDnj55cPJZMDt04YXSAywijh mpmN0NsC/Xlb3U1Q4jzVGyqN5gU6codeZt+/PdfT0mjvEjiv3VSxAu28r6Zp6tiOK+pGpuIagqWx inr4tdtUUfu+r+6YURX1Yi2k8Mc0w/gBtTT2FhZTloLxV8P2imsfzqeWS2A02u1E5U5s9S1stbGb yhrGnYOalYx8igrd0ZD8gkgJZo0zpR9BMWnMKG2o4DjB4UtJlCg2/bnVxtK1BO1qkqNZK1xSTzVV AC6pFGsrQqCi2jhOIHagskA4wyt8D2vz5njcrChtGNiOWsd9txFHuKRKyOMJdbVwLgYq4dnuhB+o FU1CMeTEFgJ7t8YF+kEwxtlqhSJCCpQDMF92SAZJxeep3TPuEHAOJBZ4whbyFHgAAZ72VMgzjda5 UOJNKO6SX7xOfhtFdY8iGX4AJe5Bj0aZ8SBFbOANCt6qCCSezbv6oZIlII+TnLT1D1Ik8tyuyBza bHSfNwieBE+Q1hvjq95YkGveoHtvBlkjNHCCT2WftzSa5VOIYAQwVL81oHGtWc55oC991piDY2Wy kJS999higecgQzN87bhcFQP/p0EJamSTx9YE51V8QY2hg7KkCm4M2qNEMxhxQJpBGXZlfG1ALq8M nHcjM8QX/74yWoO42V8AAAD//wMAUEsDBBQABgAIAAAAIQDspeQj2wEAANgDAAAQAAgBZG9jUHJv cHMvYXBwLnhtbCCiBAEooAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxTwW7bMAy9D9g/ GL43ioMu6AJGxZBi6GFbA8Rtz6xMJ8JkSZDUoNnXj4ob1+l2qk/vkTT5/EjD9Utnij2FqJ1dltVk WhZklWu03S7L+/r7xVVZxIS2QeMsLcsDxfJafv4E6+A8haQpFtzCxmW5S8kvhIhqRx3GCactZ1oX OkxMw1a4ttWKbpx67sgmMZtO54JeEtmGmgs/NCz7jot9+mjTxqmsLz7UB8+CJdTUeYOJ5K8sx4AY AlC7hKbWHclqzvGBwRq3FGUFogfw6ELDfMaRHsJqhwFVYvfk/OsXECMO37w3WmFiX+VPrYKLrk3F 3dGBIr8PYlwC7MqG1HPQ6SCnIMYUfmjLSnhAD1hZwG1Av3uVNzDYKDS04k+XLZpIIN4CcEuY17pG zXphnxZ7UsmFIuo/vNhZWTxhpGzYstxj0GgTG5fLenLExscUZK1T4N6c6/kRjsvGWF9mD7mWwXlh DvYaOHGujicYinctf2n6j9hqLPaooZc6kjOCw4x3XVeu82gPPHxAbPDveO9rd5OP5dXD8+Bo6486 7TYeFS/nqjrb/ygDG74Sanihp35vAbhlu4PJQ/l27JaaU82/iXxRD/2PKqvLyZSf4wmdYnynwx8k /wIAAP//AwBQSwECLQAUAAYACAAAACEACSSHgoEBAACOBQAAEwAAAAAAAAAAAAAAAAAAAAAAW0Nv bnRlbnRfVHlwZXNdLnhtbFBLAQItABQABgAIAAAAIQAekRq38wAAAE4CAAALAAAAAAAAAAAAAAAA ALoDAABfcmVscy8ucmVsc1BLAQItABQABgAIAAAAIQDLB57NXQEAAHMEAAAcAAAAAAAAAAAAAAAA AN4GAAB3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAP4i20fPBQAA /iAAABEAAAAAAAAAAAAAAAAAfQkAAHdvcmQvZG9jdW1lbnQueG1sUEsBAi0AFAAGAAgAAAAhALGJ VPOsBgAApRsAABUAAAAAAAAAAAAAAAAAew8AAHdvcmQvdGhlbWUvdGhlbWUxLnhtbFBLAQItABQA BgAIAAAAIQBK/y3jggMAAMsIAAARAAAAAAAAAAAAAAAAAFoWAAB3b3JkL3NldHRpbmdzLnhtbFBL AQItABQABgAIAAAAIQAXoBZOAgEAAKwBAAAUAAAAAAAAAAAAAAAAAAsaAAB3b3JkL3dlYlNldHRp bmdzLnhtbFBLAQItABQABgAIAAAAIQBAZPnJHAgAAHE+AAAaAAAAAAAAAAAAAAAAAD8bAAB3b3Jk L3N0eWxlc1dpdGhFZmZlY3RzLnhtbFBLAQItABQABgAIAAAAIQBN/w4rSAEAAHUCAAARAAAAAAAA AAAAAAAAAJMjAABkb2NQcm9wcy9jb3JlLnhtbFBLAQItABQABgAIAAAAIQCP9TjGmQcAAIA7AAAP AAAAAAAAAAAAAAAAABImAAB3b3JkL3N0eWxlcy54bWxQSwECLQAUAAYACAAAACEAEoy7hiUCAAC5 BgAAEgAAAAAAAAAAAAAAAADYLQAAd29yZC9mb250VGFibGUueG1sUEsBAi0AFAAGAAgAAAAhAOyl 5CPbAQAA2AMAABAAAAAAAAAAAAAAAAAALTAAAGRvY1Byb3BzL2FwcC54bWxQSwUGAAAAAAwADAAJ AwAAPjMAAAAA --000000000000fc100005d432caeb-- From jhardin@impsec.org Tue Dec 28 13:39:25 2021 +0100 Return-Path: Delivered-To: moderator for users@spamassassin.apache.org Received: (qmail 8754 invoked by uid 99); 28 Dec 2021 12:39:28 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Dec 2021 12:39:28 +0000 Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id 00F4AC0546 for ; Tue, 28 Dec 2021 12:39:28 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 3.147 X-Spam-Level: *** X-Spam-Status: No, score=3.147 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_REPLYTO_END_DIGIT=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNDISC_FREEM=3.099] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id VvVOyBflGzEt for ; Tue, 28 Dec 2021 12:39:27 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.167.52; helo=mail-lf1-f52.google.com; envelope-from=fiacregnansa@gmail.com; receiver= Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 1B6ACBD970 for ; Tue, 28 Dec 2021 12:39:27 +0000 (UTC) Received: by mail-lf1-f52.google.com with SMTP id j11so39398984lfg.3 for ; Tue, 28 Dec 2021 04:39:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=rmg3imexfxzkI/T5+9D4U73wI7OHMvgEZq1CpSY0xHw=; b=SO9b4xxDBe+xYvLGEn1Qm1TB5TYiD+Y+SWjjTldwyE7aKbSj4kHvluNfANN/ECfxxh Hkp3LyBsAmotEC3RFGD57LA82WhkPssHYaDsAlVJFtnCCVG7a2tWgay7emxN0jM4q+0T Gw5yPlYG2IH/BDxExRlxMvfWB+3n/CZzkaUBt1YkhNzntWmEzNNCHznYIVKZCzXI329R 4ZP+oBBILVTtm/JtobxbX2goN2g04RLmT2NA/L4FyW5/JtRZ23To7BJfYQOeIgG1UpJt XHyV76gxSIds3nRjBOhoDm6JXW4WAbTOcyHlHKClVhWxDHxgtWj/ZvpZP4VyPRGtBDjo 2mrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to:content-transfer-encoding; bh=rmg3imexfxzkI/T5+9D4U73wI7OHMvgEZq1CpSY0xHw=; b=mUw1W6rSCSWUNUiiCB7EtqzQAd1mdVDNZb9n3eKBfrq4SRI/osluloblLtKpSotpXu jlpl+fpZ9v54FKRPcMJv5iU1uuUw1QDMDPloWP7KlgPkJiQkpuayIYFlfhqydtdJ6MVQ beI0T42pbQp5zeO2eyaTFzM2B9qxIlNJgk9U35RV3iyO812Zk01/GPiaQg6ahnuw42Mi C5h/iNSj8LJ3PJlZzx27V6KhWo/+AEmpx5boS9Gw++l5yOkm+eycOax1aPoaCUgNdKhu PSbehcVGDQgPY4XQsxUsbn/Ap0E6K9QeFqGioTrZg1hHXeXprzM6QIUoP+8Wn/kO8OQB B5Pw== X-Gm-Message-State: AOAM532etuH/GFlv5vEt+CtCAItmTJGlAEq3zW1Rah5t9G+GaScs1OBA GAP7ypJGS4lfw8fZck3sMknWESLPDwVDjkjDOKQ= X-Google-Smtp-Source: ABdhPJy5CjlWRYzHsqEDJYgvWc3YVFPlnlMU2K6eDSW6hiXpz/W+wyo6xTHYPyaeou0d0NYoeb5F6gAiU4m3cOlwYbg= X-Received: by 2002:ac2:5504:: with SMTP id j4mr19527854lfk.332.1640695166022; Tue, 28 Dec 2021 04:39:26 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a2e:88c4:0:0:0:0:0 with HTTP; Tue, 28 Dec 2021 04:39:25 -0800 (PST) Reply-To: gb528796@gmail.com From: george brown Date: Tue, 28 Dec 2021 13:39:25 +0100 Message-ID: Subject: To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 Status: X-Status: X-Keywords: X-UID: 380 16nXnNeV150NCg0K16nXnteZINeSJ9eV16jXkicg15HXqNeQ15XXnyDXkNeg15kg16LXldeo15og 15PXmdefINeR157Xp9em15XXoteZLiDXkNeg15kg16jXldem15Qg15zXlNem15nXoiDXnNeaDQrX lNen16jXldeRINec15zXp9eV15cg16nXnNeZLiDXkNeq15Qg16rXmdeo16kg15DXqiDXlNeh15vX ldedINep15wgKDguNSDXnteZ15zXmdeV158g15PXldec16gpDQrXk9eV15zXqNeZ150g16nXlNec 16fXldeXINep15zXmSDXlNep15DXmdeoINeR15HXoNenINec16TXoNeZINee15XXqteVLg0KDQrX lNec16fXldeXINep15zXmSDXlNeV15Ag15DXlteo15cg15HXnteT15nXoNeq15og16nXnteqINeR 16rXkNeV16DXqiDXk9eo15vXmdedINei150g15DXqdeq15UNCteV15HXnyDXmdeX15nXky4g15DX oNeZINeQ15TXmdeUINeW15vXkNeZINecLTUwJSDXnteh15og15TXp9eo158g15XXkNeZ15zXlSA1 MCUg15nXlNeZ15Ug15bXm9eQ15nXnQ0K15zXlNeZ15XXqiDXkdep15HXmdec15ouDQrXkNeg15Ag 16bXldeoINen16nXqCDXotedINeU15PXldeQItecINeU16TXqNeY15kg16nXnNeZINeb15DXnyDX nNek16jXmNeZ150g16DXldeh16TXmdedOiBnYjUyODc5NkBnbWFpbC5jb20NCg0K16jXkSDXqteV 15PXldeqINee16jXkNepLA0K157XqCDXkifXldeo15InINeR16jXkNeV158sDQo= From tanar02@warp2biz.com Tue Dec 28 00:16:07 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************** X-Spam-Status: Yes, score=34.8 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FREEMAIL_FORGED_REPLYTO, FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_MSFT,FROM_MISSP_USER,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,MISSING_HEADERS,MSOE_MID_WRONG_CASE, NSL_RCVD_FROM_USER,REPLYTO_WITHOUT_TO_CC,REPTO_419_FRAUD_GM, SPF_HELO_PASS,SPF_PASS,T_FILL_THIS_FORM_SHORT autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 0.9996] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 0.9996] * 3.2 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 6.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud * collector mailbox * 0.0 NSL_RCVD_FROM_USER Received from User * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in * digit * [secretservicce7[at]gmail.com] * 1.0 MISSING_HEADERS Missing To: header * 3.1 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 1.6 FROM_MISSP_USER From misspaced, from "User" * 0.9 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 2.0 FROM_MISSPACED From: missing whitespace * 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal * information X-Spam-Relay-Country: US ** ** ** ** US Received: from mail.warp2biz.com (mail.warp2biz.com [208.90.184.24]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BS6G3eF002172 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 28 Dec 2021 00:16:07 -0600 Received: from localhost (localhost [127.0.0.1]) by mail.warp2biz.com (Postfix) with ESMTP id B153CCE240F; Mon, 27 Dec 2021 22:09:09 -0800 (PST) Received: from mail.warp2biz.com ([127.0.0.1]) by localhost (mail.warp2biz.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8jkVZm2CJrWB; Mon, 27 Dec 2021 22:09:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.warp2biz.com (Postfix) with ESMTP id 457F8CF665B; Mon, 27 Dec 2021 22:09:09 -0800 (PST) X-Virus-Scanned: amavisd-new at warp2biz.com Received: from mail.warp2biz.com ([127.0.0.1]) by localhost (mail.warp2biz.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Fh3CF-A6FiRw; Mon, 27 Dec 2021 22:09:09 -0800 (PST) Received: from User (unknown [208.90.184.162]) by mail.warp2biz.com (Postfix) with SMTP id 6AF60CF60E8; Mon, 27 Dec 2021 22:08:56 -0800 (PST) Reply-To: From: "HOMELAND SECURITY DEPT" Subject: [SPAM] URGENT Date: Mon, 27 Dec 2021 22:08:58 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20211228060856.6AF60CF60E8@mail.warp2biz.com> X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 28 Dec 2021 00:16:07 -0600 (CST) for IP:'208.90.184.24' DOMAIN:'mail.warp2biz.com' HELO:'mail.warp2biz.com' FROM:'tanar02@warp2biz.com' RCPT:'' X-Greylist: Delayed for 00:06:51 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Tue, 28 Dec 2021 00:16:07 -0600 (CST) X-Spam-Prev-Subject: URGENT Status: R X-Status: X-Keywords: X-UID: 381 We are happy to inform you that your f u n d s is been approved by a paying bank,kindy get back to us for more details,sendyour full name and cell phone no. Note:Get back to us for more details and information on this. Signed Alejandro Mayorkas Director,United States Secret Service U.S. Department of Homeland Security Washington, DC 20528,USA From mallam.mohammedlawal@hotmail.com Fri Dec 31 05:36:06 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ********************************************** X-Spam-Status: Yes, score=46.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,KHOP_HELO_FCRDNS,MIME_HTML_ONLY, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_VALIDITY_RPBL,REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_05, SPF_HELO_NONE,SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO, STATIC_XPRIO_OLE,TO_NO_BRKTS_FROM_MSSP,USER_IN_BLACKLIST_TO, USER_IN_BLOCKLIST_TO autolearn=disabled version=3.4.4 X-Spam-Report: * 0.0 USER_IN_BLOCKLIST_TO User is listed in 'blocklist_to' * 10 USER_IN_BLACKLIST_TO DEPRECATED: See USER_IN_BLOCKLIST_TO * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.2 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.0 NSL_RCVD_HELO_USER Received from HELO User * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [66.84.13.1 listed in bl.score.senderscore.com] * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mallam.mohammedlawal[at]hotmail.com] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 3.1 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.9 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE * 2.0 FROM_MISSPACED From: missing whitespace * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.3 SPOOFED_FREEMAIL No description available. * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.8 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US ** Received: from vps.fnmcltd.com (s1.n13.n84.n66.static.myhostcenter.net [66.84.13.1] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 1BVBa2Q4020384 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 31 Dec 2021 05:36:06 -0600 Message-Id: <202112311136.1BVBa2Q4020384@ga.impsec.org> Received: from [::1] (port=54600 helo=User) by vps.fnmcltd.com with smtp (Exim 4.86_1) (envelope-from ) id 1n3AQJ-0002eM-2f; Fri, 31 Dec 2021 00:25:51 -0500 Reply-To: From: "Mohammed Lawal" Subject: [SPAM] this message is for You once again Date: Thu, 30 Dec 2021 21:31:10 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.fnmcltd.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hotmail.com X-Get-Message-Sender-Via: vps.fnmcltd.com: acl_c_authenticated_local_user: root X-Authenticated-Sender: vps.fnmcltd.com: root X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 31 Dec 2021 05:36:06 -0600 (CST) for IP:'66.84.13.1' DOMAIN:'[66.84.13.1]' HELO:'vps.fnmcltd.com' FROM:'mallam.mohammedlawal@hotmail.com' RCPT:'' X-Greylist: Delayed for 06:04:42 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 31 Dec 2021 05:36:06 -0600 (CST) X-Spam-Prev-Subject: this message is for You once again Status: R X-Status: X-Keywords: X-UID: 382 Greetings Sir/Ma

Greetings,

Im writing to follow up on my previous email to you on a very important
business proposal. You havent responded yet, I know youre busy and
I completely understand if you havent had the time to write me back.

It's mutual and beneficial, I will give you full details as soon as
I receive your response, thank you.

Respectfully,

Mallam Mohammed Lawal
Email: mohammed.lawal@petroleum.africa.com

From mallam.mohammedlawal@hotmail.com Fri Dec 31 18:51:21 2021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ga.impsec.org X-Spam-Flag: YES X-Spam-Level: ************************************ X-Spam-Status: Yes, score=36.9 required=5.0 tests=AXB_XMAILER_MIMEOLE_OL_024C2, BAYES_99,BAYES_999,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FREEMAIL_FROM,FREEMAIL_REPLYTO,FROM_MISSPACED,FROM_MISSP_EH_MATCH, FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_XPRIO,FSL_CTYPE_WIN1251, FSL_NEW_HELO_USER,HTML_MESSAGE,KHOP_HELO_FCRDNS,MIME_HTML_ONLY, MISSING_HEADERS,MSOE_MID_WRONG_CASE,NSL_RCVD_HELO_USER, RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L3,RCVD_IN_VALIDITY_RPBL, REPLYTO_WITHOUT_TO_CC,SPAM_BOOSTER_05,SPF_HELO_NONE,SPF_SOFTFAIL, SPOOFED_FREEMAIL,SPOOFED_FREEM_REPTO,STATIC_XPRIO_OLE, TO_NO_BRKTS_FROM_MSSP autolearn=disabled version=3.4.4 X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score: 1.0000] * 3.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% * [score: 1.0000] * 2.2 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam * 2.0 NSL_RCVD_HELO_USER Received from HELO User * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail * provider * [mallam.mohammedlawal[at]hotmail.com] * 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, * https://senderscore.org/blocklistlookup/ * [66.84.13.1 listed in bl.score.senderscore.com] * 0.0 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3) * [66.84.13.1 listed in bl.mailspike.net] * 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * 1.0 MISSING_HEADERS Missing To: header * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 2.0 SPAM_BOOSTER_05 Boost score for BAYES_999 + HTML only * 3.1 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool * 0.0 FSL_NEW_HELO_USER Spam's using Helo and User * 2.6 MSOE_MID_WRONG_CASE No description available. * 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted * 0.9 FROM_MISSP_XPRIO Misspaced FROM + X-Priority * 1.6 REPLYTO_WITHOUT_TO_CC No description available. * 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait * 0.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE * 2.0 FROM_MISSPACED From: missing whitespace * 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain * different freemails * 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems * 2.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * 1.3 SPOOFED_FREEMAIL No description available. * 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 1.8 SPOOFED_FREEM_REPTO Forged freemail sender with freemail * reply-to * 0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider X-Spam-Relay-Country: US ** Received: from vps.fnmcltd.com (s1.n13.n84.n66.static.myhostcenter.net [66.84.13.1] (may be forged)) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id 2010pBOa029455 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 31 Dec 2021 18:51:21 -0600 Message-Id: <202201010051.2010pBOa029455@ga.impsec.org> Received: from [::1] (port=51728 helo=User) by vps.fnmcltd.com with smtp (Exim 4.86_1) (envelope-from ) id 1n3FVj-0003Dx-92; Fri, 31 Dec 2021 05:51:47 -0500 Reply-To: From: "Mohammed Lawal" Subject: [SPAM] this message is for You once again Date: Fri, 31 Dec 2021 02:57:08 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.fnmcltd.com X-AntiAbuse: Original Domain - impsec.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hotmail.com X-Get-Message-Sender-Via: vps.fnmcltd.com: acl_c_authenticated_local_user: root X-Authenticated-Sender: vps.fnmcltd.com: root X-Source: X-Source-Args: X-Source-Dir: X-Greylist: inspected by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 31 Dec 2021 18:51:21 -0600 (CST) for IP:'66.84.13.1' DOMAIN:'[66.84.13.1]' HELO:'vps.fnmcltd.com' FROM:'mallam.mohammedlawal@hotmail.com' RCPT:'' X-Greylist: Delayed for 13:54:06 by milter-greylist-4.6.2 (ga.impsec.org [108.161.139.220]); Fri, 31 Dec 2021 18:51:21 -0600 (CST) X-Spam-Prev-Subject: this message is for You once again Status: R X-Status: X-Keywords: X-UID: 383 Greetings Sir/Ma

Greetings,

Im writing to follow up on my previous email to you on a very important
business proposal. You havent responded yet, I know youre busy and
I completely understand if you havent had the time to write me back.

It's mutual and beneficial, I will give you full details as soon as
I receive your response, thank you.

Respectfully,

Mallam Mohammed Lawal
Email: mohammed.lawal@petroleum.africa.com