by Faizan Docherty
Mon Sep 01, 2014 3:32 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 41.71.190.132
Originating ISP: Visafone
City: Lagos
Country of Origin: Nigeria
* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.80.134 with SMTP id r6csp84392pdx;
Fri, 29 Aug 2014 01:27:36 -0700 (PDT)
X-Received: by 10.66.121.137 with SMTP id lk9mr13669213pab.86.1409300856512;
Fri, 29 Aug 2014 01:27:36 -0700 (PDT)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (nov-007-i621.relay.mailchannels.net. [46.232.183.175])
by mx.google.com with ESMTP id gt3si10718429pbc.219.2014.08.29.01.27.33
for <snipped>;
Fri, 29 Aug 2014 01:27:36 -0700 (PDT)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=46.232.183.175;
Authentication-Results: mx.google.com;
spf=neutral (google.com: [email protected] does not designate permitted sender hosts) [email protected]
Message-Id: <54003978.e3be440a.0940.fffff827SMTPIN_ADDED_MISSING@mx.google.com>
Received: from r8-chicago.webserversystems.com (ip-10-220-9-73.us-west-2.compute.internal [10.220.9.73])
by relay.mailchannels.net (Postfix) with ESMTPA id 50327609D1
for <snipped>; Fri, 29 Aug 2014 08:27:29 +0000 (UTC)
Received: from r8-chicago.webserversystems.com ([UNAVAILABLE]. [10.252.32.37])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.2.12);
Fri, 29 Aug 2014 08:27:29 GMT
Received: from hunter-electronics.net ([5.77.44.66]:54099 helo=srv.hunter-electronics.info)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1XNHWl-000GSy-Tt
for <snipped>; Fri, 29 Aug 2014 03:27:25 -0500
Received: from [41.71.190.132] (port=57886)
by srv.hunter-electronics.info with esmtpa (Exim 4.82)
(envelope-from <[email protected]>)
id 1XNGXm-0000HR-Bs; Fri, 29 Aug 2014 07:24:22 +0000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
To: Recipients <[email protected]>
From: "Dr. Habib" <[email protected]>
Date: Fri, 29 Aug 2014 08:24:39 +0100
Reply-To: [email protected]
X-Antivirus: avast! (VPS 140828-3, 08/28/2014), Outbound message
X-Antivirus-Status: Clean
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv.hunter-electronics.info
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - info.net
X-Get-Message-Sender-Via: srv.hunter-electronics.info: authenticated_id: [email protected]
X-Spam-Status: Yes, score=9.5
X-Spam-Score: 95
X-Spam-Bar: +++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: I’m Dr Habib Abdulridha, a professional medical doctor working
with Al Jumla Neuro - surgical Hospital in Iraq. I have summoned up courage
to contact you after two of my children were beheaded by the ISIS militants.
I am desperately in need of your assistance to relocate my remaining family.
[...]
Content analysis details: (9.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[5.77.44.66 listed in psbl.surriel.com]
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
0.5 MISSING_MID Missing Message-Id: header
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_HK_NAME_DR T_HK_NAME_DR
2.0 MONEY_FROM_41 Lots of money from Africa
0.5 CRM114_PROB_SPAM CRM114: CRM114_PROB_SPAM
X-Spam-Flag: YES
Subject: ***SPAM*** From: Dr Habib Abdulridha
X-MC-Forward: <snipped>
X-AuthUser: @r8-chicago.webserversystems.com
I’m Dr Habib Abdulridha, a professional medical doctor working with Al Jumla Neuro - surgical Hospital in Iraq.
I have summoned up courage to contact you after two of my children were beheaded by the ISIS militants. I am desperately in need of your assistance to relocate my remaining family.
I have some kilos of gold and $6,500.000 that I wish to move into your country immediately before I come over with my wife and my only remaining child..
You can read through this world news to ascertain more information. http://www.theguardian.com/world/2014/a ... ian-exodus
Expecting your reply soonest for time is not on my side.
Dr. H. Abdulridha
Email: [email protected]
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
