by Faizan Docherty
Sun Dec 01, 2013 12:22 am
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 196.46.245.122<br>Originating ISP: Airtel Networks Limited<br> City: n/a<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.68.233 with SMTP id z9csp86449pdt;
Fri, 29 Nov 2013 03:18:05 -0800 (PST)
X-Received: by 10.50.39.45 with SMTP id m13mr5980200igk.14.1385723885035;
Fri, 29 Nov 2013 03:18:05 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id ow5si46650418icc.142.2013.11.29.03.18.04
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 29 Nov 2013 03:18:05 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from mail.majumder.org ([202.4.107.90]:60189)
by r8-chicago.webserversystems.com with esmtp (Exim 4.80)
(envelope-from <[email protected]>)
id 1VmM5C-000Eln-Qp
for <snipped>; Fri, 29 Nov 2013 05:18:04 -0600
Received: from mail.majumder.org (localhost.localdomain [127.0.0.1])
by mail.majumder.org (Postfix) with ESMTP id 4DD19D0139B;
Fri, 29 Nov 2013 17:16:32 +0600 (BDT)
Received: (from apache@localhost)
by mail.majumder.org (8.13.8/8.13.8/Submit) id rATBGF2Z010391;
Fri, 29 Nov 2013 17:16:15 +0600
X-Authentication-Warning: mail.majumder.org: apache set sender to [email protected] using -f
Received: from 196.46.245.122
(SquirrelMail authenticated user mehdi)
by mail.majumder.org with HTTP;
Fri, 29 Nov 2013 17:16:15 +0600 (BDT)
Message-ID: <[email protected]>
Date: Fri, 29 Nov 2013 17:16:15 +0600 (BDT)
From: "Mr Rodrigo De Rato" <[email protected]>
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.8-4.0.1.el5.centos.2
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;
X-yoursite-MailScanner-Information: Please contact the ISP for more information
X-yoursite-MailScanner-ID: 4DD19D0139B.AC0B1
X-yoursite-MailScanner: Found to be clean
X-yoursite-MailScanner-From: [email protected]
X-Spam-Status: No
X-Spam-Status: Yes, score=9.4
X-Spam-Score: 94
X-Spam-Bar: +++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Attn: Beneficiary! This is to inform you that your funds valued
($3,000,000.00) has been Approved for immediate release to you. Please you
are advice reconfirm your full information once again such as listed below.
[...]
Content analysis details: (9.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 0.9998]
1.8 DEAR_BENEFICIARY BODY: Dear Beneficiary:
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(mrrodrigoderato3[at]yahoo.co.jp
)
-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 LOTS_OF_MONEY Huge... sums of money
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
X-Spam-Flag: YES
Subject: ***SPAM*** Mr Rodrigo De Rato//
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - majumder.org
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Attn: Beneficiary!
This is to inform you that your funds valued ($3,000,000.00) has
been Approved for immediate release to you. Please you are advice
reconfirm your full information once again such as listed below.
(1). Full Name:........
(2). Address: .........
(3). Telephone: .......
(4). Occupation: ......
(5). Age/Sex:..........
Thanks for your total co-operation to this notice.
Yours Sincerely,
Mr Rodrigo De Rato.
(Director of Operation) IMF.
Tel:+44 704 573 9063
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.