Has someone offered you a huge sum of money or a valuable consignment? It's a 419 or advance fee fraud - find out how they work, and what to do to be safe.
#240103 by Faizan Docherty Wed Mar 04, 2015 6:57 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 66.85.139.244
Originating ISP: Secured Servers Llc
City: Tempe
Country of Origin: United States
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.70.23.65 with SMTP id k1csp657133pdf;
Tue, 3 Mar 2015 05:47:18 -0800 (PST)
X-Received: by 10.68.233.232 with SMTP id tz8mr55132986pbc.166.1425390438439;
Tue, 03 Mar 2015 05:47:18 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (tkt-001-i375.relay.mailchannels.net. [72.249.144.180])
by mx.google.com with ESMTP id a13si1225386pbu.17.2015.03.03.05.47.17
for <snipped>;
Tue, 03 Mar 2015 05:47:18 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 72.249.144.180 as permitted sender) client-ip=72.249.144.180;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 72.249.144.180 as permitted sender) [email protected];
dkim=fail [email protected]
X-Sender-Id: _forwarded-from|183.79.150.72
Received: from r8-chicago.webserversystems.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183])
by relay.mailchannels.net (Postfix) with ESMTPA id B880A1008AB
for <snipped>; Tue, 3 Mar 2015 13:47:15 +0000 (UTC)
X-Sender-Id: _forwarded-from|183.79.150.72
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.224.7.213])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.7);
Tue, 03 Mar 2015 13:47:16 +0000
X-MC-Relay: Junk
X-MailChannels-SenderId: _forwarded-from|183.79.150.72
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1425390435944:1345901664
X-MC-Ingress-Time: 1425390435944
Received: from web101513.mail.kks.yahoo.co.jp ([183.79.150.72]:40358)
by r8-chicago.webserversystems.com with smtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1YSnAG-0002ZO-3o
for <snipped>; Tue, 03 Mar 2015 07:47:14 -0600
Received: (qmail 64641 invoked by uid 60001); 3 Mar 2015 13:47:09 -0000
DKIM-Signature: <snipped>
DomainKey-Signature: <snipped>;
Message-ID: <[email protected]>
X-YMail-OSG: <snipped>
Received: from [66.85.139.244] by web101513.mail.kks.yahoo.co.jp via HTTP; Tue, 03 Mar 2015 22:47:09 JST
X-Mailer: YahooMailWebService/0.8.111_57
X-YMail-JAS: <snipped>
Date: Tue, 3 Mar 2015 22:47:09 +0900 (JST)
From: Rose John <[email protected]>
Reply-To: Rose John <[email protected]>
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1815126366-1408475669-1425390429=:58930"
X-Spam-Status: Yes, score=11.0
X-Spam-Score: 110
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: [...]

Content analysis details: (11.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.9 HK_SCAM_N2 BODY: HK_SCAM_N2
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(emm_john08[at]yahoo.co.jp)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[183.79.150.72 listed in list.dnswl.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (emm_john08[at]yahoo.co.jp)
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 MONEY_BARRISTER Lots of money from a UK lawyer
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 T_MONEY_PERCENT X% of a lot of money for you
3.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
1.7 MONEY_FRAUD_5 Lots of money and many fraud phrases
X-Spam-Flag: YES
Subject: ***SPAM*** Greetings, it's nice to have your email contact on the internet during my quest for a search of a sincere partner, I'm Rose John, a legal representative to a deceased client whom might be of same nationality with you", he dwelt and worked here in Togo for more than 20 years as a contractor. I am writing this letter to you because there is something important I want us to work on; regarding his left over estate. so I seek your consent to let me present you as a member of his family in order to claim the $8.7m he left behind in a bank here. I was his personal Attorney before he died and I have been mandated by his bank to present his next of kin or any member of his family to claim this fund. So I would like to present you as his cousin so we can claim this fund. If you are interested to work with me on this deal, get back to me as soon as possible for more details as we'll be sharing the fund equal(50/50). Thanks in advance as I await your positive re
sponse. Sincerely, Barr. Rose John

X-AuthUser:


Nothing in email body. Message is on subject line only.

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.
Advertisement

Who is online

Users browsing this forum: No registered users and 87 guests