Mr. Kary Ovii <[email protected]>

Has someone offered you a huge sum of money or a valuable consignment? It's a 419 or advance fee fraud - find out how they work, and what to do to be safe.

Mr. Kary Ovii <[email protected]>

by Faizan Docherty Tue Feb 04, 2014 1:55 am
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 209.85.215.195<br>Originating ISP: Google<br> City: Mountain View<br>Country of Origin: United States<br>* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.70.126.40 with SMTP id mv8csp145461pdb;
Mon, 3 Feb 2014 09:15:52 -0800 (PST)
X-Received: by 10.50.78.200 with SMTP id d8mr12889144igx.38.1391447752578;
Mon, 03 Feb 2014 09:15:52 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id mg9si29004530icc.128.2014.02.03.09.15.52
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 03 Feb 2014 09:15:52 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 184.154.1.124 as permitted sender) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 184.154.1.124 as permitted sender) [email protected];
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: from mail-ea0-f195.google.com ([209.85.215.195]:36261)
by r8-chicago.webserversystems.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1WAN7f-0009OA-QU
for <snipped>; Mon, 03 Feb 2014 11:15:52 -0600
Received: by mail-ea0-f195.google.com with SMTP id h14so1603025eaj.10
for <snipped>; Mon, 03 Feb 2014 09:15:50 -0800 (PST)
DKIM-Signature: <snipped>
MIME-Version: 1.0
X-Received: by 10.14.0.201 with SMTP id 49mr45165352eeb.38.1391447749939; Mon,
03 Feb 2014 09:15:49 -0800 (PST)
Received: by 10.14.122.134 with HTTP; Mon, 3 Feb 2014 09:15:49 -0800 (PST)
Date: Mon, 3 Feb 2014 17:15:49 +0000
Message-ID: <CACfiHP=otFOS=sBMyu9Xyom9W+KZRDZyzKdgnNc9rbC=r61Y5w@mail.gmail.com>
Subject: Good Day
From: kary ovii <[email protected]>
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary=047d7b66f68fdbdaaf04f183ac69
Bcc: <snipped>
X-Spam-Status: No, score=4.2
X-Spam-Score: 42
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Good Day I am Mr. Kary Ovii,a staff of Bank. I humbly ask
for your assistance in facilitating a monetary transaction. An asset was placed
under my management 12 years ago by a client who is deceased. I need your
help in investing these funds valued at US$6,500,000.00. Please reply with
your answer as soon as you are able, so that we may begin to arrange all
formalities. I encourage you to contact me with any questions or concerns.
[...]

Content analysis details: (4.2 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[209.85.215.195 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(oviikary65[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (oviikary65[at]gmail.com)
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
3.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gmail.com
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:


Good Day

I am Mr. Kary Ovii,a staff of Bank. I humbly ask for your assistance in facilitating a monetary transaction. An asset was placed under my management 12 years ago by a client who is deceased. I need your help in investing these funds valued at US$6,500,000.00. Please reply with your answer as soon as you are able, so that we may begin to arrange all formalities. I encourage you to contact me with any questions or concerns.

Kind Regards,

Mr. Kary Ovii

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.
Advertisement

Return to Advance fee fraud

Who is online

Users browsing this forum: ClaudeBot and 23 guests