by Faizan Docherty
Tue Jan 07, 2014 2:07 am
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 121.214.141.194<br>Originating ISP: Telstra Internet<br> City: Melbourne<br>Country of Origin: Australia<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.58.38 with SMTP id n6csp142853pdq;
Mon, 6 Jan 2014 15:04:10 -0800 (PST)
X-Received: by 10.50.102.99 with SMTP id fn3mr22215071igb.5.1389049449813;
Mon, 06 Jan 2014 15:04:09 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id il4si17434703icb.142.2014.01.06.15.04.09
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 06 Jan 2014 15:04:09 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
dkim=fail [email protected]
Received: from nm31.bullet.mail.ne1.yahoo.com ([98.138.229.24]:39721)
by r8-chicago.webserversystems.com with smtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1W0JDM-0005yZ-0p
for <snipped>; Mon, 06 Jan 2014 17:04:08 -0600
Received: from [127.0.0.1] by nm31.bullet.mail.ne1.yahoo.com with NNFMP; 06 Jan 2014 23:04:07 -0000
Received: from [98.138.226.176] by nm31.bullet.mail.ne1.yahoo.com with NNFMP; 06 Jan 2014 23:01:27 -0000
Received: from [98.139.212.152] by tm11.bullet.mail.ne1.yahoo.com with NNFMP; 06 Jan 2014 23:01:26 -0000
Received: from [98.139.212.203] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 06 Jan 2014 23:01:26 -0000
Received: from [127.0.0.1] by omp1012.mail.bf1.yahoo.com with NNFMP; 06 Jan 2014 23:01:26 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 90473 invoked by uid 60001); 6 Jan 2014 23:01:26 -0000
DKIM-Signature: <snipped>
DomainKey-Signature: <snipped>
Received: from [121.214.141.194] by web161203.mail.bf1.yahoo.com via HTTP; Mon, 06 Jan 2014 15:01:25 PST
X-Rocket-MIMEInfo: <snipped>
X-Mailer: YahooMailWebService/0.8.172.614
References: <[email protected]>,<[email protected]> <[email protected]>
Message-ID: <[email protected]>
Date: Mon, 6 Jan 2014 15:01:25 -0800 (PST)
From: Andrei Kogan <[email protected]>
Reply-To: Andrei Kogan <[email protected]>
To: <snipped>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-852950040-1181478255-1389049285=:3596"
X-Spam-Status: Yes, score=15.3
X-Spam-Score: 153
X-Spam-Bar: +++++++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: On Saturday, 28 December 2013 7:40 PM, EMIRATES GROUP PLC
wrote: Dear Esteem Winner, This is to inform you that you have been selected
for a cash prize of £4,000.000.00 (Four million Great British Pounds) in
the EMIRATE GROUP COMPANY end of-Year Promo held this year in United Kingdom/United
Arab Emirate. [...]
Content analysis details: (15.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.1 DEAR_WINNER BODY: DEAR_WINNER
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(andrei.kogan[at]yahoo.com.au)
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
2.5 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money
4.3 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 ADVANCE_FEE_4_NEW_FORM Advance Fee fraud and a form
0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
0.0 ADVANCE_FEE_5_NEW_FORM Advance Fee fraud and a form
3.7 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money
0.0 MONEY_FORM Lots of money if you fill out a form
X-Spam-Flag: YES
Subject: ***SPAM*** Fw: Dear Esteem Winner,
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.com.au
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Dear Esteem Winner,
This is to inform you that you have been selected for a cash prize of £4,000.000.00 (Four million Great British Pounds) in the EMIRATE GROUP COMPANY end of-Year Promo held this year in United Kingdom/United Arab Emirate.
The selection process was carried out through random selection in our computerized email selection system (es) from a database of over 400 email addresses drawn from all the continents of the world.
EMIRATE GROUP COMPANY Lottery is approved by the British Gaming Board and also licensed by the International Association of Gaming Regulators (IAGR). This promotion is the 2nd of its kind and we intend to sensitize the public.
Your winning details are:
Secret Pin Code: EMI/536/2013/005
Reference Number EMI: 12052012/21.
Batch No: 2nd Category.
To begin the processing of your winning funds, you are to complete the claims form below:
Your Full Names:
Place of Birth:
Present Country:
Age:
Sex:
Tel:
Please complete your claims form and submit to us immediately, for immediate processing of your winning funds.
Accept my hearty congratulations once again! Always Fly EMIRATE
I URGE YOU TO KEEP THIS CONFIDENTIAL AS THIS OFFICE WILL NOT BEEN HELD RESPONSIBLE IF HACKER REPLY THIS OFFICE WITH YOUR WINNING DETAILS.
With Best Regards
Mr. Sal-lam
Elie
Promotional Manager
© Emirates Airline
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.