by Faizan Docherty
Sat Feb 14, 2015 9:33 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 173.208.175.187
Originating ISP: Wholesale Internet
City: Kansas City
Country of Origin: United States
* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.23.65 with SMTP id k1csp646604pdf;
Sat, 14 Feb 2015 12:24:12 -0800 (PST)
X-Received: by 10.70.126.133 with SMTP id my5mr11157483pdb.139.1423945452143;
Sat, 14 Feb 2015 12:24:12 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (aso-006-i411.relay.mailchannels.net. [207.210.193.20])
by mx.google.com with ESMTP id ce2si4995665pdb.21.2015.02.14.12.24.10
for <snipped>;
Sat, 14 Feb 2015 12:24:12 -0800 (PST)
Received-SPF: neutral (google.com: 207.210.193.20 is neither permitted nor denied by domain of [email protected]) client-ip=207.210.193.20;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 207.210.193.20 is neither permitted nor denied by domain of [email protected]) [email protected]
X-Sender-Id: wwwh|x-authsender|[email protected]
Received: from r8-chicago.webserversystems.com (ip-10-33-12-218.us-west-2.compute.internal [10.33.12.218])
by relay.mailchannels.net (Postfix) with ESMTPA id 38F9EA0121
for <snipped>; Sat, 14 Feb 2015 20:24:03 +0000 (UTC)
X-Sender-Id: wwwh|x-authsender|[email protected]
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.245.0.49])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.3);
Sat, 14 Feb 2015 20:24:03 GMT
X-MC-Relay: Bad
X-MailChannels-SenderId: wwwh|x-authsender|[email protected]
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1423945443403:1416538112
X-MC-Ingress-Time: 1423945443402
Received: from mail.mastermind.hu ([193.138.125.6]:50222 helo=server.mastermind.hu)
by r8-chicago.webserversystems.com with esmtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1YMjFx-000BzE-2a
for <snipped>; Sat, 14 Feb 2015 14:24:02 -0600
Received: from localhost (localhost [127.0.0.1])
by server.mastermind.hu (Postfix) with ESMTP id DAFA383754
for <snipped>; Sat, 14 Feb 2015 20:04:43 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at server.mastermind.hu
Received: from server.mastermind.hu ([127.0.0.1])
by localhost (server.mastermind.hu [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id YfPeWbHQNDO9 for <snipped>;
Sat, 14 Feb 2015 20:04:43 +0100 (CET)
Received: from [173.208.175.187] (unknown [173.208.175.187])
(Authenticated sender: [email protected])
by server.mastermind.hu (Postfix) with ESMTPSA id 2B2BD8AB2E
for <snipped>; Sat, 14 Feb 2015 18:56:03 +0100 (CET)
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
To: <snipped>
From: "Mr. Tony" <[email protected]>
Date: Sat, 14 Feb 2015 09:55:53 -0800
Reply-To: [email protected]
Message-Id: <[email protected]>
X-Spam-Status: Yes, score=10.1
X-Spam-Score: 101
X-Spam-Bar: ++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: We offer loans to private individuals and corporate organizations
at 2% interest rate. Interested serious applicants should send the following
information: Names in full: Address: Gender: Email: Occupation: Monthly Income:
Phone Number: Amount Required: Loan Duration: Country: [...]
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[193.138.125.6 listed in bb.barracudacentral.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[193.138.125.6 listed in psbl.surriel.com]
0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
X-Spam-Flag: YES
Subject: ***SPAM*** LOAN
X-AuthUser:
We offer loans to private individuals and corporate organizations at 2% interest rate. Interested serious applicants should send the following information:
Names in full:
Address:
Gender:
Email:
Occupation:
Monthly Income:
Phone Number:
Amount Required:
Loan Duration:
Country:
Warm Regards,
Loan Team
E-mail: [email protected]
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
