by Faizan Docherty
Tue Dec 17, 2013 2:36 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 196.201.16.138<br>Originating ISP: Zimbabwe Online (private)<br> City: Harare<br>Country of Origin: Zimbabwe<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.58.38 with SMTP id n6csp59714pdq;
Tue, 17 Dec 2013 01:18:57 -0800 (PST)
X-Received: by 10.50.12.71 with SMTP id w7mr2143173igb.32.1387271936627;
Tue, 17 Dec 2013 01:18:56 -0800 (PST)
Return-Path: <administrator/IBM%[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id y2si13739529iga.30.2013.12.17.01.18.55
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 17 Dec 2013 01:18:56 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of administrator/IBM%[email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of administrator/IBM%[email protected]) smtp.mail=administrator/IBM%[email protected]
Received: from apollo.zol.co.zw ([196.201.1.2]:35607 helo=apollo-ptc.zol.co.zw)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <administrator/IBM%[email protected]>)
id 1Vsqnl-0006Bm-M1
for <snipped>; Tue, 17 Dec 2013 03:18:55 -0600
Received: from etrn.zol.co.zw ([196.201.1.37])
by apollo-ptc.zol.co.zw with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.63)
(envelope-from <administrator/IBM%[email protected]>)
id 1Vsqni-0002D4-UE
for <snipped>; Tue, 17 Dec 2013 11:18:50 +0200
Received: from [196.201.16.138] (helo=integra.co.zw)
by etrn.zol.co.zw with esmtp (Exim 4.63)
(envelope-from <administrator/IBM%[email protected]>)
id 1Vsqni-0003It-Ju
for <snipped>; Tue, 17 Dec 2013 11:18:50 +0200
X-Disclaimed: 1
MIME-Version: 1.0
Importance: Normal
X-Priority: 3 (Normal)
In-Reply-To:
References:
From: administrator/IBM%[email protected]
Message-ID: <[email protected]>
Date: Tue, 17 Dec 2013 11:16:20 +0200
X-Mailer: Lotus Domino Web Server Release 8.5.3FP3 November 15, 2012
X-MIMETrack: Serialize by HTTP Server on IBMZW/IBM(Release 8.5.3FP3|November 15, 2012) at
12/17/2013 11:16:20 AM,
Serialize complete at 12/17/2013 11:16:20 AM,
Serialize by Router on IBMZW/IBM(Release 8.5.3FP3|November 15, 2012) at 12/17/2013
11:17:35 AM
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Bcc: <snipped>
X-Notes-Item: <snipped>; name=AltBlindCopyTo
X-Spam-Status: Yes, score=5.4
X-Spam-Score: 54
X-Spam-Bar: +++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Hi Dear, Compliments of the season. How are you doing, i hope
it's well with you, I got your contact from a business consultant. I am writing
to inform you of my intention to establish a project in your country, i am
using this opportunity to solicit for your co-operation, i believe that your
participation as my partner will guarantee the success of this business,
please get back to me for more details,if my proposal is accepted. [...]
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 UNRESOLVED_TEMPLATE Headers contain an unresolved template
1.0 MISSING_HEADERS Missing To: header
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8651]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
X-Spam-Flag: YES
Subject: ***SPAM*** HI
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - co.zw
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Hi Dear,
Compliments of the season.
How are you doing, i hope it's well with you, I got your contact from a business consultant. I am writing to inform you of my intention to establish a project in your country, i am using this opportunity to solicit for your co-operation, i believe that your participation as my partner will guarantee the success of this business, please get back to me for more details,if my proposal is accepted.
You may reply to ( [email protected] )
Regards.
Aminata Conteh.
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
