#240104 by Faizan Docherty
Wed Mar 04, 2015 7:05 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 41.207.195.199
Originating ISP: Cote D'ivoire Telecom
City: n/a
Country of Origin: Cote D'Ivoire
* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.23.65 with SMTP id k1csp1156275pdf;
Tue, 3 Mar 2015 23:58:03 -0800 (PST)
X-Received: by 10.70.38.163 with SMTP id h3mr4527970pdk.95.1425455883046;
Tue, 03 Mar 2015 23:58:03 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (ftx-008-i895.relay.mailchannels.net. [50.61.143.195])
by mx.google.com with ESMTP id gs2si4040665pac.121.2015.03.03.23.58.01
for <snipped>;
Tue, 03 Mar 2015 23:58:03 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 50.61.143.195 as permitted sender) client-ip=50.61.143.195;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 50.61.143.195 as permitted sender) [email protected]
X-Sender-Id: _forwarded-from|117.52.3.215
Received: from r8-chicago.webserversystems.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133])
by relay.mailchannels.net (Postfix) with ESMTPA id 4F2494289
for <snipped>; Wed, 4 Mar 2015 07:57:59 +0000 (UTC)
X-Sender-Id: _forwarded-from|117.52.3.215
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.254.78.188])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.8 );
Wed, 04 Mar 2015 07:57:59 +0000
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|117.52.3.215
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1425455879485:3241528575
X-MC-Ingress-Time: 1425455879484
Received: from smail-33.daum.net ([211.43.197.215]:39368 helo=smail-33.hanmail.net)
by r8-chicago.webserversystems.com with esmtp (Exim 4.82)
(envelope-from <[email protected]>)
id 1YT4Bo-0000te-Uq
for <snipped>; Wed, 04 Mar 2015 01:57:58 -0600
Received: from wwl1765.hanmail.net ([117.52.3.215])
by smail-33.hanmail.net (8.12.1/8.9.1) with ESMTP id t247vNcS031714;
Wed, 4 Mar 2015 16:57:23 +0900
Received: (from hanadmin@localhost)
by wwl1765.hanmail.net (8.12.9/8.9.1) id t247vHU8025310
for <snipped>; Wed, 4 Mar 2015 16:57:17 +0900
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-Originating-IP: [41.207.195.199]
From: "Mrs. Rose Anuma" <[email protected]>
Sender: [email protected]
Organization:
To: <snipped>
Subject: From Mrs. Rose Anuma.
X-Mailer: Daum Web Mailer 1.2
Date: Wed, 04 Mar 2015 16:57:17 +0900 (KST)
Message-Id: <[email protected]>
Errors-To: <[email protected]>
X-HM-UT: EvDn5B4WXr2R++btAkDghV+DR8vdsuxUhTrCx31IHFo=
X-HM-FIGURE: EvDn5B4WXr3yRfP/lQwiVjh64n5mNRsc
MIME-Version: 1.0
X-Hanmail-Attr: fc=1
X-Spam-Status: No, score=3.9
X-Spam-Score: 39
X-Spam-Bar: +++
X-Ham-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: From Mrs. Rose Anuma. Dearest one, It is my pleasure to contact
you for a business venture which I and my son David intend to establish in
your country, though I have not met with you before but I believe one has
to risk in line in order to succeed sometimes in life. [...]
Content analysis details: (3.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mubadii04[at]live.fr)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[211.43.197.215 listed in list.dnswl.org]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (mubadii04[at]live.fr)
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 MONEY_FROM_41 Lots of money from Africa
0.0 T_MONEY_PERCENT X% of a lot of money for you
X-Spam-Flag: NO
X-AuthUser:
Dearest one,
It is my pleasure to contact you for a business venture which I and my son David intend to establish in your country, though I have not met with you before but I believe one has to risk in line in order to succeed sometimes in life.
I can confide in you for the brighter future of my child since you are a human being like me. There is this huge amount, Four Million Six Hundred Thousand Euros. (€4.600.000.00) which my late husband kept for us with a Security Company here in Cote D'Ivoire before his sudden death, Now I and my son David decided to invest these money in your country or anywhere safe enough for security reasons.
We want you to help us claim and retrieve this fund from the Security Company and transfer it into your personal account in your country for investment purposes in your country.
If you can be of assistance to us we will be pleased to offer you 15% of the total fund.
I await your soonest response.
Mrs. Rose Anuma.
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.