Has someone offered you a huge sum of money or a valuable consignment? It's a 419 or advance fee fraud - find out how they work, and what to do to be safe.
#400927 by buried under 419s Wed Nov 27, 2019 10:18 am
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Tue, 26 Nov 2019 21:56:40 -0800
Received: from static.115.146.130.94.clients.your-server.de ([94.130.146.115]:34530 helo=web.imisrv.com)
by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1iZqJa-0004gL-I5
for ; Tue, 26 Nov 2019 21:56:40 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bimc.ir;
s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject
:From:Reply-To:Sender:Message-ID:To:Cc:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=EAk8TPy3AYdkxYLABne0yvLHpGx8T5YBlz0pnqFk54E=; b=eR3vYvOES53ZutVqotjrkdK+rB
IqQ1ScAG6cSq7MSn3Qva7SdFb6NEygt9M3jAq8U60x99g6S9wMHo0jYFNlPnyF7LQTZGepmdKbfOZ
JcP0U/MtG/1BWktOZdUlkj0WeCgm48oKSkve96C0Clt0ejHss/64sRpBKrAvsiVD6HcD/wWVzwp7x
ZoAT3FK73V74vDSh+DwfEph2abLZttcO+5sJxfCe4rVVI1pOZTb2FfAYfoIj0pUXYI2j4sBGFXGE0
/aS2NhVLR7fn5Y+B2KyqHe/OfRTXdh5jAboSF4IYp5iCvwPSxCjK6dePnBKF0ncsvONeZu919pxza
HTcv+xjQ==;
Received: from 13.177.181.107.wiredns.net ([107.181.177.13]:52214 helo=User)
by web.imisrv.com with esmtpa (Exim 4.92)
(envelope-from <[email protected]>)
id 1iZqIf-0007qi-Qt; Wed, 27 Nov 2019 00:55:42 -0500
Reply-To: <[email protected]>
From: "Philip Li Wong"<[email protected]>
Date: Wed, 27 Nov 2019 06:55:19 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - web.imisrv.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hk.bankcomm.com
X-Get-Message-Sender-Via: web.imisrv.com: authenticated_id: [email protected]
X-Authenticated-Sender: web.imisrv.com: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Status: Yes, score=32.7
X-Spam-Score: 327
X-Spam-Bar: ++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Glad to write to you. I avail myself of this opportunity to
approach you for an establishment of a business relationship with you. I
got your contact through LinkedIn and would like to discuss more with you
about this opportunity. [...]

Content analysis details: (32.7 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.8 NSL_RCVD_HELO_USER Received from HELO User
2.7 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[94.130.146.115 listed in bl.score.senderscore.com]
1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.0 MISSING_HEADERS Missing To: header
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.2 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
2.0 FSL_NEW_HELO_USER Spam's using Helo and User
3.2 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
1.6 REPLYTO_WITHOUT_TO_CC No description available.
1.6 MISSING_MID Missing Message-Id: header
0.9 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.4 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE
2.0 FROM_MISSPACED From: missing whitespace
2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
X-Spam-Flag: YES
Subject: ***SPAM*** HELLO

Glad to write to you. I avail myself of this opportunity to approach you for an
establishment of a business relationship with you. I got your contact through
LinkedIn and would like to discuss more with you about this opportunity.

I would like to send a summary of this business for your review.

Could we please take a few minutes of your time to revert back to this mail???

Best Regards,
Philip Li Wong

Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces
Advertisement

Who is online

Users browsing this forum: No registered users and 34 guests