by Faizan Docherty
Sun Sep 15, 2013 5:50 am
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 197.220.169.15<br>Originating ISP: Glo Mobile Ghana Ltd<br> City: Accra<br>Country of Origin: Ghana<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.54.202 with SMTP id l10csp26978pdp;
Sat, 14 Sep 2013 11:18:41 -0700 (PDT)
X-Received: by 10.182.166.40 with SMTP id zd8mr17854352obb.25.1379182721215;
Sat, 14 Sep 2013 11:18:41 -0700 (PDT)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id f9si10486042obv.23.1969.12.31.16.00.00
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sat, 14 Sep 2013 11:18:41 -0700 (PDT)
Received-SPF: fail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) [email protected]
Received: from 10ibl20ser04.datacenter.cha.cantv.net ([200.11.173.11]:55575)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1VKuQZ-0005VT-8z
for <snipped>; Sat, 14 Sep 2013 13:18:40 -0500
X-Virus-Scanned: amavisd-new at cantv.net
Received: from webmail-03.datacenter.cha.cantv.net (webmail-03.datacenter.cha.cantv.net [200.11.153.86])
(authenticated bits=0)
by 10ibl20ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with ESMTP id r8EI3q6i006026;
Sat, 14 Sep 2013 13:33:52 -0430
X-Matched-Lists: []
Received: from 197.220.169.15 ([197.220.169.15]) by webmail-03.datacenter.cha.cantv.net (Cantv Webmail) with HTTP; Sat, 14 Sep 2013 13:33:52 -0430 (VET)
Date: Sat, 14 Sep 2013 13:33:52 -0430 (VET)
From: General Susan <[email protected]>
Reply-To: [email protected]
To: [email protected]
Message-ID: <1208906941.1003789.1379181832849.JavaMail.gess@webmail-03.datacenter.cha.cantv.net>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: Cantv Webmail
X-Originating-IP: [197.220.169.15]
X-Spam-Status: Yes, score=8.9
X-Spam-Score: 89
X-Spam-Bar: ++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Good Day, How r u doing? I hope u r doing fine,I very interesting
and happy to email you and i also decided to become your best closer friend,
i believe you are very nice person, My Name is General Susan Helms From America,
I am honest, caring lovely woman, calm and reasonable, Please It is my desire
to know everything about you, kindly contact me in my private ID([email protected])
and i will tell you more about me with my picture once i receive your interest.
so kindly reply me enable us have an important discussion and i will introduce
myself to you and my reason why i am contacting you. [...]
Content analysis details: (8.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[200.11.173.11 listed in psbl.surriel.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[200.11.173.11 listed in bb.barracudacentral.org]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?200.11.153.86>]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.9 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
X-Spam-Flag: YES
Subject: ***SPAM*** Good Day,
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - scamwarners.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cantv.net
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Good Day,
How r u doing? I hope u r doing fine,I very interesting and happy to email you and i also decided to become your best closer friend, i believe you are very nice person, My Name is General Susan Helms From America, I am honest, caring lovely woman, calm and reasonable, Please It is my desire to know everything about you, kindly contact me in my private ID([email protected]) and i will tell you more about me with my picture once i receive your interest. so kindly reply me enable us have an important discussion and i will introduce myself to you and my reason why i am contacting you.
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
