by Faizan Docherty
Tue Jan 28, 2014 12:31 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 196.46.246.66<br>Originating ISP: Celtel Nigeria Limited T.a Zain<br> City: n/a<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.126.40 with SMTP id mv8csp20769pdb;
Tue, 28 Jan 2014 03:52:20 -0800 (PST)
X-Received: by 10.42.62.196 with SMTP id z4mr682556ich.49.1390909940170;
Tue, 28 Jan 2014 03:52:20 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id hy5si3991931igb.18.2014.01.28.03.52.19
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 28 Jan 2014 03:52:20 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from mail.americasbestshows.com ([69.49.148.3]:30774)
by r8-chicago.webserversystems.com with esmtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1W87DH-0004oH-3n
for <snipped>; Tue, 28 Jan 2014 05:52:19 -0600
Received: from [10.145.100.18] ([196.46.246.66]) by mail.americasbestshows.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 28 Jan 2014 06:56:06 -0500
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
To: <snipped>
From: Cash4U Investors LLC< [email protected]@yy>
Date: Tue, 28 Jan 2014 03:51:57 -0800
Reply-To: [email protected]
Message-ID: <[email protected]>
X-OriginalArrivalTime: 28 Jan 2014 11:56:09.0421 (UTC) FILETIME=[EEDF4FD0:01CF1C1F]
X-Spam-Status: Yes, score=9.5
X-Spam-Score: 95
X-Spam-Bar: +++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Do you need a loan now? No credit check, 95% approvals in
every 24hours. Low interest of 3% today! To apply, contact: [email protected]
[...]
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 BAD_CREDIT BODY: Eliminate Bad Credit
3.0 FROM_WSP_LEAD Leading whitespace after '<' in From header field
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[69.49.148.3 listed in bb.barracudacentral.org]
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[196.46.246.66 listed in dnsbl.sorbs.net]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[196.46.246.66 listed in zen.spamhaus.org]
X-Spam-Flag: YES
Subject: ***SPAM*** Are you looking for a Loan?
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cash4u.com
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Do you need a loan now? No credit check, 95% approvals in every 24hours. Low interest of 3% today!
To apply, contact: [email protected]
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
