OwlCyberSecurity - MANAGER

Edit File: 1720422799.M827250P811233.cloudbhc.clouditzone.com,S=7821,W=7957

Return-Path: <test@aircolog.com> Delivered-To: oneboxpk+spam@cloudbhc.clouditzone.com Received: from cloudbhc.clouditzone.com by cloudbhc.clouditzone.com with LMTP id wOR/MI+Ri2bhYAwAZAThIw (envelope-from <test@aircolog.com>) for <oneboxpk+spam@cloudbhc.clouditzone.com>; Mon, 08 Jul 2024 12:13:19 +0500 Return-path: <test@aircolog.com> Envelope-to: carolintl@onebox.pk Delivery-date: Mon, 08 Jul 2024 12:13:19 +0500 Received: from 94-154-35-142.virtualine.org ([94.154.35.142]:60236) by cloudbhc.clouditzone.com with esmtp (Exim 4.96.2) (envelope-from <test@aircolog.com>) id 1sQiYo-003Oz7-1Y for carolintl@onebox.pk; Mon, 08 Jul 2024 12:13:19 +0500 Reply-To: Robert F Wood <robert.fernandez17546@gmail.com> From: Robert F Wood <robert.fernandez7546@gmail.com> To: carolintl@onebox.pk Date: 8 Jul 2024 00:12:37 -0700 Message-ID: <20240708001236.7BDE4EE8300382CB@gmail.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-Spam-Status: Yes, score=15.2 X-Spam-Score: 152 X-Spam-Bar: +++++++++++++++ X-Spam-Report: Spam detection software, running on the system "cloudbhc.clouditzone.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: It has come to our attention that some imposters have been using some fake organizations to defraud people who are eligible for the IC3 internet fraud victim compensation, If you've ever paid, or if you're still paying anyone or organizations to get your compensation payment please stop immediately; they're scammers!! Content analysis details: (15.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [94.154.35.142 listed in zen.spamhaus.org] 0.0 TVD_RCVD_IP Message was received from an IP address 0.5 SUBJ_ALL_CAPS Subject is all capitals 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit [robert.fernandez17546[at]gmail.com] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [robert.fernandez7546[at]gmail.com] 0.0 T_US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 0.0 HK_SCAM No description available. 2.6 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.0 LOTS_OF_MONEY Huge... sums of money 0.2 KAM_DMARC_NONE DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 0.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free email? 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.2 HELO_MISC_IP Looking for more Dynamic IP Relays 0.0 SPOOFED_FREEMAIL No description available. 1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to 0.0 MONEY_FRAUD_3 Lots of money and several fraud phrases 2.4 TO_NO_BRKTS_PCNT To: lacks brackets + percentage X-Spam-Flag: YES Subject: ***SPAM*** GOOD NEWS!! <html><head> <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> </head> <body> <p style=3D"color: rgb(44, 54, 58); text-transform: none; text-indent: 0px;= letter-spacing: normal; font-family: Roboto, sans-serif; font-size: 14px; = font-style: normal; font-weight: 400; margin-top: 0px; margin-bottom: 1rem;= word-spacing: 0px; white-space: normal; box-sizing: border-box; orphans: 2= ; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; tex= t-decoration-style: initial; text-decoration-color: initial; text-decoratio= n-thickness: initial; -webkit-text-stroke-width:=20 0px;">It has come to our attention that some imposters have been using some= fake organizations to defraud people who are eligible for the IC3 internet= fraud victim compensation,</p> <p style=3D"color: rgb(44, 54, 58); text-transform: none; text-indent: 0px;= letter-spacing: normal; font-family: Roboto, sans-serif; font-size: 14px; = font-style: normal; font-weight: 400; margin-top: 0px; margin-bottom: 1rem;= word-spacing: 0px; white-space: normal; box-sizing: border-box; orphans: 2= ; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; tex= t-decoration-style: initial; text-decoration-color: initial; text-decoratio= n-thickness: initial; -webkit-text-stroke-width:=20 0px;">If you've ever paid, or if you're still paying anyone or organization= s to get your compensation payment please stop immediately; they're scammer= s!!</p> <p style=3D"color: rgb(44, 54, 58); text-transform: none; text-indent: 0px;= letter-spacing: normal; font-family: Roboto, sans-serif; font-size: 14px; = font-style: normal; font-weight: 400; margin-top: 0px; margin-bottom: 1rem;= word-spacing: 0px; white-space: normal; box-sizing: border-box; orphans: 2= ; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; tex= t-decoration-style: initial; text-decoration-color: initial; text-decoratio= n-thickness: initial; -webkit-text-stroke-width:=20 0px;">Note: Eligible beneficiaries are to receive their 100% full funds wit= hout paying any fee to anyone or organizations.<br style=3D"box-sizing: bor= der-box;">&nbsp;<br style=3D"box-sizing: border-box;"> We have conducted several meetings and investigations, and it has been dete= rmined that the safest and only method for beneficiaries to receive their c= ompensation of USD$1,759,910.00 without any complications is through a bitc= oin Trust wallet account, free of any charges, which can be downloaded from= your Google app store or an Apple store. Please send your bitcoin trust wa= llet address to <strong>robert.fernandez17546@gmail.com</strong> for the immediate transfer of your compensation payment.<br style=3D"box-s= izing: border-box;">&nbsp;<br style=3D"box-sizing: border-box;">Thanks for = your cooperation.<br style=3D"box-sizing: border-box;">Faithfully,<br style= =3D"box-sizing: border-box;">Robert F Wood<br style=3D"box-sizing: border-b= ox;">Senior Attorney, Justice Law Group&nbsp;</p></body></html>