Information on romance scams and scammers.
#215499 by Faizan Docherty Wed Aug 20, 2014 10:20 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 41.82.143.177
Originating ISP: Clients-adsl
City: Dakar
Country of Origin: Senegal
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.70.80.134 with SMTP id r6csp142097pdx;
Mon, 18 Aug 2014 09:54:42 -0700 (PDT)
X-Received: by 10.50.61.138 with SMTP id p10mr275896igr.20.1408380881088;
Mon, 18 Aug 2014 09:54:41 -0700 (PDT)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id a3si9204544igg.60.2014.08.18.09.54.40
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 18 Aug 2014 09:54:41 -0700 (PDT)
Received-SPF: fail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) smtp.mail=hassan14_20555555544444444444 ... @libero.it;
dkim=fail [email protected]
Received: from outrelay05.libero.it ([212.52.84.106]:39590)
by r8-chicago.webserversystems.com with esmtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1XJQCZ-0000mg-DA; Mon, 18 Aug 2014 11:54:40 -0500
X-CTCH-Spam: Unknown
X-CTCH-RefID: str=0001.0A0C0204.53F22FCA.0091,ss=1,re=0.000,fgs=0
X-libjamoibt: 1933
Received: from outrelay03.libero.it (192.168.34.12) by outrelay05.libero.it (8.5.140.03)
id 53D22AAC02BF720A; Mon, 18 Aug 2014 18:54:34 +0200
DKIM-Signature: <snipped>
X-CTCH-Spam: Unknown
X-CTCH-RefID: str=0001.0A0C0206.53F22FCA.0051,ss=1,re=0.000,fgs=0
X-libjamoibt: 1587
Received: from webmail-02.iol.local (10.248.16.2) by outrelay03.libero.it (8.5.140.03)
id 53DA354D014A987A; Mon, 18 Aug 2014 18:54:34 +0200
Message-ID: <[email protected]>
Date: Mon, 18 Aug 2014 18:54:34 +0200 (CEST)
From: hassan14_20 <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain;charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-SenderIP: 41.82.143.177
X-libjamv: 4YByV+Wctko=
X-libjamsun: BkY4xfyREQD/3YAYKNVWu9yrmD/MMzJr
X-Spam-Status: Yes, score=5.3
X-Spam-Score: 53
X-Spam-Bar: +++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: I believe you are the one i'm searching for Assalamu"alaikum,
I am miss zainab from the country Iran, your profile caught my attraction,
please reply to my email address ([email protected])so we can communicate
easily to know each other the more, i promise to also send you my photo for
you to know me. Remember that distance, religion or tribe does not matter
in life but true affection is everything we need to live our life and be
happy. Yours new found friend, Miss zainab. ([email protected]) [...]


Content analysis details: (5.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[212.52.84.106 listed in list.dnswl.org]
0.0 FROM_LOCAL_DIGITS From: localpart has long digit sequence
0.0 FROM_LOCAL_HEX From: localpart has long hexadecimal sequence
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(hassan14_20555555544444444444444444444444444[at]libero.it)
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(zainabhassan74[at]hotmail.com
)
-0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
(hassan14_20555555544444444444444444444444444[at]libero.it)
1.0 MISSING_HEADERS Missing To: header
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
X-Spam-Flag: YES
Subject: ***SPAM*** HI
X-MC-Forward: <snipped>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - libero.it
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: redirect/forwarder owner <snipped> -> <snipped>


I believe you are the one i'm searching for
Assalamu"alaikum,
I am miss zainab from the country Iran, your profile caught my attraction,
please reply to my email address ([email protected])so we can
communicate easily to know each other the more, i promise to also send you my
photo for you to know me. Remember that distance, religion or tribe does not
matter in life but true affection is everything we need to live our life and
be
happy.
Yours new found friend,
Miss zainab.
([email protected])

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.
Advertisement

Who is online

Users browsing this forum: No registered users and 36 guests