Transaction Alert Service <[email protected]>

Header Analysis Quick Report
Originating IP: 86.123.54.111
Originating ISP: Rcs & Rds Business
City: Pitesti
Country of Origin: Romania
* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.25.43.144 with SMTP id r138csp4700366lfr;
Sat, 28 Feb 2015 11:32:31 -0800 (PST)
X-Received: by 10.180.87.106 with SMTP id w10mr19249457wiz.62.1425151951156;
Sat, 28 Feb 2015 11:32:31 -0800 (PST)
Return-Path: <[email protected]>
Received: from smtp.rdslink.ro (smtp1.rdslink.ro. [81.196.12.70])
by mx.google.com with ESMTPS id q1si10274404wif.39.2015.02.28.11.32.30
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sat, 28 Feb 2015 11:32:31 -0800 (PST)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=81.196.12.70;
Authentication-Results: mx.google.com;
spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected]
Message-Id: <54f217cf.0118b40a.1f06.ffff86cdSMTPIN_ADDED_MISSING@mx.google.com>
Received: (qmail 22940 invoked from network); 28 Feb 2015 19:33:23 -0000
X-Mail-Scanner: Scanned by qSheff-II-2.1-r3 (http://www.enderunix.org/qsheff/)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on antispam-smtp-2
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=50.8 required=10.0 tests=ADVANCE_FEE_2_NEW_MONEY,
ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW,
ADVANCE_FEE_4_NEW_MONEY,AXB_XMAILER_MIMEOLE_OL_024C2,DOS_OE_TO_MX,
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FROM_MISSP_MSFT,
FROM_MISSP_PHISH,FROM_MISSP_REPLYTO,FSL_CTYPE_WIN1251,FSL_HELO_NON_FQDN_1,
FSL_MISSP_REPLYTO,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,LOTTO_AGENT,
MIME_HTML_ONLY,MISSING_HEADERS,MISSING_MID,MONEY_FRAUD_3,MONEY_FROM_MISSP,
NSL_RCVD_HELO_USER,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,
TO_NO_BRKTS_MSFT autolearn=spam version=3.3.1
X-Spam-Report:
* 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
* 0.3 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
* 3.9 NSL_RCVD_HELO_USER Received from HELO User
* 1.2 MISSING_HEADERS Missing To: header
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
* 0.1 MISSING_MID Missing Message-Id: header
* 0.0 LOTS_OF_MONEY Huge... sums of money
* 1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
* 3.8 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.6 FSL_NEW_HELO_USER FSL_NEW_HELO_USER
* 3.5 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
* 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
* 3.5 LOTTO_AGENT Claims Agent
* 2.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
* 3.7 MONEY_FROM_MISSP Lots of money and misspaced From
* 4.7 FROM_MISSP_PHISH Malformed, claims to be from financial organization
* - possible phish
* 1.5 FROM_MISSP_REPLYTO From misspaced, has Reply-To
* 0.5 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
* 0.2 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
* 2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
* 3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
* 3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
* 3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
* 0.0 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
* 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
* 0.3 MONEY_FRAUD_3 Lots of money and several fraud phrases
* 3.1 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Received: from unknown (HELO User) (86.123.54.111)
by smtp1.rdslink.ro with SMTP; 28 Feb 2015 19:33:19 -0000
Reply-To: <[email protected]>
From: "Transaction Alert Service"<[email protected]>
Subject: SUSPECT_SPAM_SA2-SMTP Transaction Details
Date: Sat, 28 Feb 2015 11:32:18 -0800
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Prev-Subject: Transaction Details

Attention ! ! !

Transaction Alert Service

Please be informed that a credit transaction just occurred in your favour, a compensation account which
has been created for you.

Please find details of the transaction below:


Attention ! ! !

Transaction Alert Service

Please be informed that a credit transaction just occurred in your favour,
a compensation account which has been created for you.

Please find details of the transaction below:


Transaction Details


Account Number: 000026264-0266

Description: 1547390/IMF/CASH DEPOSIT

Reference No: UNPAID/COMPENSATION/IMF

Transaction Branch: United Kingdom

Transaction Amount: 1,980,000.00 USD - United States Dollars

Transaction Date : 24-Feb-2015 @13:15

Value Date : 01-03-2015


As a result of this transaction, the balances on this account as at 20-Feb-2015 @14:14 are:

Available Balance:1,980,000.43 USD

Ledger Balance:1,980,000.43 USD


You are to contact your payment officer for further transfer. This is compensation from the IMF.

Name: Mr. Allen Frank.

Email:[email protected]

This is urgent and respond immediately.

Thanks.