OwlCyberSecurity - MANAGER

Edit File: 1689109069.M912112P23972.cloudserv.clouditzone.com,S=7617,W=7754

Return-Path: <test@planttel.net> Delivered-To: oneboxpk+spam@cloudserv.clouditzone.com Received: from cloudserv.clouditzone.com by cloudserv.clouditzone.com with LMTP id ETaqNU3CrWSkXQAAnE02Jg (envelope-from <test@planttel.net>) for <oneboxpk+spam@cloudserv.clouditzone.com>; Wed, 12 Jul 2023 01:57:49 +0500 Return-path: <test@planttel.net> Envelope-to: carolintl@onebox.pk Delivery-date: Wed, 12 Jul 2023 01:57:49 +0500 Received: from [181.211.189.130] (port=60924 helo=mail.epam.gob.ec) by cloudserv.clouditzone.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <test@planttel.net>) id 1qJKQe-0006CX-2C for carolintl@onebox.pk; Wed, 12 Jul 2023 01:57:49 +0500 Received: from localhost (localhost [127.0.0.1]) by mail.epam.gob.ec (Postfix) with ESMTP id 27B91E90C188; Mon, 10 Jul 2023 23:59:03 -0500 (-05) Received: from mail.epam.gob.ec ([127.0.0.1]) by localhost (mail.epam.gob.ec [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id ayh8-Uj4ipwR; Mon, 10 Jul 2023 23:59:03 -0500 (-05) Received: from localhost (localhost [127.0.0.1]) by mail.epam.gob.ec (Postfix) with ESMTP id F15FCE909605; Mon, 10 Jul 2023 23:59:02 -0500 (-05) X-Virus-Scanned: amavisd-new at epam.gob.ec Received: from mail.epam.gob.ec ([127.0.0.1]) by localhost (mail.epam.gob.ec [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UbI2V2ko5Y5o; Mon, 10 Jul 2023 23:59:02 -0500 (-05) Received: from User (_gateway [192.168.11.1]) by mail.epam.gob.ec (Postfix) with SMTP id 84A96E90D197; Mon, 10 Jul 2023 23:58:52 -0500 (-05) Reply-To: <lorenzobengat@aliyun.com> From: "Lorenzo Bengat"<test@planttel.net> Date: Mon, 10 Jul 2023 21:59:02 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20230711045852.84A96E90D197@mail.epam.gob.ec> X-Spam-Status: Yes, score=33.7 X-Spam-Score: 337 X-Spam-Bar: +++++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "cloudserv.clouditzone.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hello, I'm Dr. Bengat. I wish to urgently confirm from you if actually you know one Mrs. Jeanne White who claims to be your business associate/partner. Kindly reconfirm this application put in by Mrs. Jeanne White - she submitted the under-listed bank account information supposedly sent by you to receive the funds on your behalf. Content analysis details: (33.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 MILLION_USD BODY: Talks about millions of dollars 0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam 0.0 NSL_RCVD_FROM_USER Received from User 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, https://senderscore.org/blocklistlookup/ [181.211.189.130 listed in bl.score.senderscore.com] 1.2 MISSING_HEADERS Missing To: header 1.5 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 3.4 MSOE_MID_WRONG_CASE No description available. 0.0 LOTS_OF_MONEY Huge... sums of money 0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait -0.0 T_SCC_BODY_TEXT_LINE No description available. 1.9 REPLYTO_WITHOUT_TO_CC No description available. 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FSL_NEW_HELO_USER Spam's using Helo and User 0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool 0.0 FROM_MISSP_USER From misspaced, from "User" 2.0 HK_SCAM No description available. 0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe 0.0 MONEY_FROM_MISSP Lots of money and misspaced From 2.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To 0.0 FROM_MISSPACED From: missing whitespace 1.6 MONEY_FREEMAIL_REPTO Lots of money from someone using free email? 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems 0.6 FROM_MISSP_EH_MATCH From misspaced, matches envelope 0.0 FILL_THIS_FORM Fill in a form with personal information 1.4 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool 0.0 MONEY_FORM Lots of money if you fill out a form 2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 1.0 ADVANCE_FEE_2_NEW_FRM_MNY Advance Fee fraud form and lots of money 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases 0.0 FORM_FRAUD_3 Fill a form and several fraud phrases X-Spam-Flag: YES Subject: ***SPAM*** Confirm. Hello, I'm Dr. Bengat. I wish to urgently confirm from you if actually you know one Mrs. Jeanne White who claims to be your business associate/partner. Kindly reconfirm this application put in by Mrs. Jeanne White - she submitted the under-listed bank account information supposedly sent by you to receive the funds on your behalf. The bank information she applied with are stated thus: Account Name: Mrs. Jeanne White Bank name: Citi Bank NA Bank address: #1230 Arch Street, Philadelphia, PA 19107, USA Account Number: 013439887655 Routing Number: 2771722 Swift Code: CITIUS30 The said Mrs. Jeanne White is claiming to this office that you are dead and have Instructed that all relevant documentation/Information regarding your Payment/Transfer, be changed to her as the beneficiary of the payment short-listed among the foreign beneficiaries entitled to receive their payment. For your Information, this Government has approved the total amount of EIGHT MILLION, FIVE HUNDRED THOUSAND UNITED STATES DOLLARS ONLY, in your favor, prior to the Federal Government instructions/mandate to offset all outstanding payments to the various legal foreign beneficiaries. We need to confirm from you if it's really true that you are dead as mentioned by your Associate. You should note that, if we do not hear from you, we automatically assume that you are actually dead and the information passed to us by Mrs. Jeanne White is correct. Hence, you are hereby requested to reply to this Email immediately for confirmation, before we proceed with this payment and for us to know the true position of things with you so that we won't make any mistakes/errors in remitting your out-standing payment to a wrong person/account. Lastly, you are advised to reply back to this email and reconfirm the details of this message if truly you're alive. Full name................................ Direct telephone number......... Address.................................... Age........................................... Country..................................... Your quick response will help us a lot ( lorenzobengat@aliyun.com ) Yours, Sincerely, Dr. L. Bengat