Scams operating under the guise of a charity.
#253980 by Tim Atem Tue Jun 02, 2015 7:12 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 150.140.129.41
Originating ISP: University Of Patras Network
City: Patras
Country of Origin: Greece
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.107.170.41 with SMTP id t41csp2631203ioe;
Mon, 1 Jun 2015 18:51:47 -0700 (PDT)
X-Received: by 10.194.90.171 with SMTP id bx11mr29757809wjb.129.1433209906954;
Mon, 01 Jun 2015 18:51:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nic.upatras.gr (nic.upatras.gr. [150.140.129.30])
by mx.google.com with ESMTP id ga2si14286759wjb.135.2015.06.01.18.51.43;
Mon, 01 Jun 2015 18:51:46 -0700 (PDT)
Received-SPF: neutral (google.com: 150.140.129.30 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=150.140.129.30;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 150.140.129.30 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from localhost (nic.upatras.gr [127.0.0.1])
by nic.upatras.gr (Postfix) with ESMTP id A3669277D27;
Tue, 2 Jun 2015 04:30:09 +0300 (EEST)
X-Virus-Scanned: amavisd-new at upatras.gr
Received: from nic.upatras.gr ([127.0.0.1])
by localhost (nic.upatras.gr [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Ar_F4nHWXVU1; Tue, 2 Jun 2015 04:30:09 +0300 (EEST)
Received: from mail.upatras.gr (patreas.upatras.gr [150.140.129.29])
by nic.upatras.gr (Postfix) with ESMTP;
Tue, 2 Jun 2015 04:30:09 +0300 (EEST)
Received: from mail1.upatras.gr (peacock.upnet.gr [150.140.129.41])
by mail.upatras.gr (Postfix) with ESMTP id EA152593E6F;
Tue, 2 Jun 2015 04:24:14 +0300 (EEST)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_634e347bc774952f2cea9d638125a3b8"
Date: Mon, 01 Jun 2015 18:24:11 -0700
From: Bill Groner <[email protected]>
To: undisclosed-recipients:;
Subject: (no subject)
Organization: Bill Groner
Reply-To: [email protected]
Mail-Reply-To: [email protected]
Message-ID: <[email protected]>
X-Sender: [email protected]
X-Orig-Sender: ckaratza
User-Agent: Roundcube Webmail/1.1.0


Dear Sir/Madam,

I saw your email address during the course of my research today. My name is Bill William Groner my wife and I won a Jackpot Lottery of $50 Million Dollars in December 2013, we are donating the sum of $1 million Dollars to 6 lucky individual all over the world as part of our charity project and if you received this email then you are one of the luck recipients and all you have to do is get back to us with your details so we can forward it directly to the payout bank.

You can verify this by visiting the web pages below.

http://www.huffingtonpost.ca/2014/07/22 ... 10890.html

http://cnews.canoe.ca/CNEWS/Canada/2014 ... 23476.html

Good luck,
Bill William And Andrea Groner

====================================
PLEASE DO NOT TELL A SCAMMER HE IS REPORTED HERE!

Learn what a scam is and how to protect yourself
https://www.scamwarners.com/forum/viewtopic.php?f=3&t=5
Advertisement

#255815 by Tim Atem Fri Jun 12, 2015 7:18 am
New email address: [email protected]

ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 41.203.71.249
Originating ISP: Globacom Ltd
City: Lagos
Country of Origin: Nigeria
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.107.170.28 with SMTP id t28csp501515ioe;
Fri, 12 Jun 2015 03:39:37 -0700 (PDT)
X-Received: by 10.194.89.225 with SMTP id br1mr24553337wjb.97.1434105576834;
Fri, 12 Jun 2015 03:39:36 -0700 (PDT)
Return-Path: <[email protected]>
Received: from geologie-c-130.geo.uaic.ro (geologie-c-130.geo.uaic.ro. [85.122.20.130])
by mx.google.com with ESMTP id d4si2674451wiy.1.2015.06.12.03.39.07;
Fri, 12 Jun 2015 03:39:36 -0700 (PDT)
Received-SPF: neutral (google.com: 85.122.20.130 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=85.122.20.130;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 85.122.20.130 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from geology.uaic.ro (localhost [127.0.0.1])
by geologie-c-130.geo.uaic.ro (Postfix) with ESMTP id 8AEF332E5C;
Fri, 12 Jun 2015 12:36:07 +0300 (EEST)
Received: from 41.203.71.249
(SquirrelMail authenticated user bogdan.ispas)
by geology.uaic.ro with HTTP;
Fri, 12 Jun 2015 12:36:07 +0300
Message-ID: <[email protected]>
Date: Fri, 12 Jun 2015 12:36:07 +0300
Subject: Charity Gift !!!
From: "Bill Groner" <[email protected]>
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;


Dear Sir/Madam,

I saw your email address during the course of my research today. My name
is Bill William Groner my wife and I won a Jackpot Lottery of $50 Million
Dollars in December 2013, we are donating the sum of $1 million Dollars to
6 lucky individual all over the world as part of our charity project and
if you received this email then you are one of the luck recipients and all
you have to do is get back to us with your details so we can forward it
directly to the payout bank.

You can verify this by visiting the web pages below.

http://www.huffingtonpost.ca/2014/07/22 ... 10890.html

http://cnews.canoe.ca/CNEWS/Canada/2014 ... 23476.html

Good luck,
Bill William And Andrea Groner.

====================================
PLEASE DO NOT TELL A SCAMMER HE IS REPORTED HERE!

Learn what a scam is and how to protect yourself
https://www.scamwarners.com/forum/viewtopic.php?f=3&t=5
#260677 by Tim Atem Sat Jul 18, 2015 8:07 am
Same scam with new email address [email protected]

IP Address 141.255.167.162
Location Switzerland, Zurich, Zurich
Connection through Private Layer INC
Usage Type (DCH) Data Center/Web Hosting/Transit


Delivered-To: <snipped>
Received: by 10.107.143.18 with SMTP id r18csp311766iod;
Sat, 18 Jul 2015 05:00:46 -0700 (PDT)
X-Received: by 10.55.54.65 with SMTP id d62mr32936108qka.59.1437220846699;
Sat, 18 Jul 2015 05:00:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from vmhosting02.localdomain (mx02.dpsit.sg.gba.gov.ar. [170.155.9.159])
by mx.google.com with ESMTP id o21si17421724qko.23.2015.07.18.05.00.45;
Sat, 18 Jul 2015 05:00:46 -0700 (PDT)
Received-SPF: neutral (google.com: 170.155.9.159 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=170.155.9.159;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 170.155.9.159 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: by vmhosting02.localdomain (Postfix, from userid 999)
id 290C5EF3E0; Sat, 18 Jul 2015 08:57:57 -0300 (ART)
Received: from webmail-h5.dpsit.sg.gba.gov.ar (webmail-h5.dpsit.sg.gba.gov.ar [10.1.7.68])
by vmhosting02.localdomain (Postfix) with ESMTPS id 01A50EF3DF;
Sat, 18 Jul 2015 08:57:57 -0300 (ART)
Received: from 141.255.167.162 ([141.255.167.162]) by webmail.gba.gob.ar
(Horde Framework) with HTTP; Sat, 18 Jul 2015 08:58:57 -0300
Date: Sat, 18 Jul 2015 08:58:57 -0300
Message-ID: <[email protected]>
From: Bill And Andrea Groner <[email protected]>
To:
Subject: Charity Project Worth $1,000,000.00 Dollars
Reply-to: [email protected]
User-Agent: Internet Messaging Program (IMP) H5 (6.1.6)
Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes
MIME-Version: 1.0
Content-Disposition: inline
X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm


--
I saw your email address during the course of my research today. My name is Bill William Groner my wife and I won a Jackpot Lottery of $50 Million Dollars in
December 2013, we are donating the sum of $1 million Dollars to 6 lucky individual all over the world as part of our charity project. Do get back to us for further

details on how to get the donation.

http://www.huffingtonpost.ca/2014/07/22 ... 10890.html

Good luck,
Bill William And Andrea Groner

----------------------------------------------------------------
Piense antes de imprimir.
Ahorrar papel es cuidar el medio ambiente.
Ley 14472
--

====================================
PLEASE DO NOT TELL A SCAMMER HE IS REPORTED HERE!

Learn what a scam is and how to protect yourself
https://www.scamwarners.com/forum/viewtopic.php?f=3&t=5
#267401 by Faizan Docherty Sat Sep 12, 2015 9:56 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 14.3.123.3
Originating ISP: Asahi Net,inc.
City: Tokyo
Country of Origin: Japan
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.28.54.101 with SMTP id d98csp879706wma;
Fri, 11 Sep 2015 00:59:57 -0700 (PDT)
X-Received: by 10.69.3.228 with SMTP id bz4mr94111945pbd.79.1441958397782;
Fri, 11 Sep 2015 00:59:57 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nov-007-i540.relay.mailchannels.net (nov-007-i540.relay.mailchannels.net. [46.232.183.94])
by mx.google.com with ESMTPS id hz2si633361pbc.62.2015.09.11.00.59.52
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 11 Sep 2015 00:59:57 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 46.232.183.94 as permitted sender) client-ip=46.232.183.94;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 46.232.183.94 as permitted sender) [email protected]
X-Sender-Id: _forwarded-from|195.76.107.100
Received: from relay.mailchannels.net (localhost [127.0.0.1])
by relay.mailchannels.net (Postfix) with ESMTP id F1A1D100500
for <snipped>; Fri, 11 Sep 2015 07:59:50 +0000 (UTC)
Received: from r8-chicago.webserversystems.com (ip-10-237-13-110.us-west-2.compute.internal [10.237.13.110])
by relay.mailchannels.net (Postfix) with ESMTPA id CC3EB100769
for <snipped>; Fri, 11 Sep 2015 07:59:48 +0000 (UTC)
X-Sender-Id: _forwarded-from|195.76.107.100
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.89.138.154])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.5.1) ;
Fri, 11 Sep 2015 07:59:50 +0000
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|195.76.107.100
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1441958389017:2878396372
X-MC-Ingress-Time: 1441958389017
Received: from mx8.diba.cat ([195.76.107.100]:59899 helo=SWCS494.diba.cat)
by r8-chicago.webserversystems.com with esmtps (TLSv1:AES128-SHA:128)
(Exim 4.85)
(envelope-from <[email protected]>)
id 1ZaJFK-000Gz8-Cw
for <snipped>; Fri, 11 Sep 2015 02:59:47 -0500
Received: from SWCS500.corpo.ad.diba.es (192.168.57.224) by mx8.diba.cat
(195.76.107.100) with Microsoft SMTP Server (TLS) id 14.3.181.6; Fri, 11 Sep
2015 09:58:12 +0200
Received: from [192.168.0.3] (192.168.32.58) by SWCS500.corpo.ad.diba.es
(192.168.57.3) with Microsoft SMTP Server (TLS) id 14.3.123.3; Fri, 11 Sep
2015 09:58:12 +0200
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
To: Recipients <[email protected]>
From: Bill Williams And Andrea Groner <[email protected]>
Date: Fri, 11 Sep 2015 08:57:30 +0100
Reply-To: <[email protected]>
Message-ID: <[email protected]>
X-Originating-IP: [192.168.32.58]
X-Spam-Status: Yes, score=7.4
X-Spam-Score: 74
X-Spam-Bar: +++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Dear Sir/Madam, I saw your email address during the course
of my research today. My name is Bill William Groner my wife and I won a
Jackpot Lottery of $50 Million Dollars in December 2013, we are donating the
sum of $1 million Dollars to 6 lucky individual all over the world as part
of our charity project and if you received this email then you are one of
the luck recipients and all you have to do is get back to us with your details
so we can forward it directly to the payout bank. You can verify this by
visiting the web pages below. [...]

Content analysis details: (7.4 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/Dns ... nsbl-block
for more information.
[URIs: canoe.ca]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[195.76.107.100 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
0.0 LOTS_OF_MONEY Huge... sums of money
0.4 FSL_BULK_SIG Bulk signature with no Unsubscribe
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.8 MONEY_FRAUD_3 Lots of money and several fraud phrases
X-Spam-Flag: YES
Subject: ***SPAM*** Dear Sir/Madam
X-AuthUser:


Dear Sir/Madam,

I saw your email address during the course of my research today. My name is Bill William Groner my wife and I won a Jackpot Lottery of $50 Million Dollars in December 2013, we are donating the sum of $1 million Dollars to 6 lucky individual all over the world as part of our charity project and if you received this email then you are one of the luck recipients and all you have to do is get back to us with your details so we can forward it directly to the payout bank.
You can verify this by visiting the web pages below.

http://www.huffingtonpost.ca/2014/07/22 ... 10890.html

http://cnews.canoe.ca/CNEWS/Canada/2014 ... 23476.html

Good luck,
Bill Williams And Andrea Groner

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.
#284231 by Tim Atem Thu Feb 11, 2016 10:07 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 197.211.52.50
Originating ISP: Globacom Ltd
City: n/a
Country of Origin: Nigeria
* For a complete report on this email header goto ipTRACKERonline


Delivered-To: <snipped>
Received: by 10.107.39.74 with SMTP id n71csp1898655ion;
Mon, 8 Feb 2016 14:07:53 -0800 (PST)
X-Received: by 10.195.11.100 with SMTP id eh4mr32741808wjd.83.1454969273809;
Mon, 08 Feb 2016 14:07:53 -0800 (PST)
Return-Path: <[email protected]>
Received: from smtp3-salida.ulpgc.es (smtp3-salida.ulpgc.es. [193.145.136.215])
by mx.google.com with ESMTP id g67si18953057wmi.14.2016.02.08.14.07.53;
Mon, 08 Feb 2016 14:07:53 -0800 (PST)
Received-SPF: neutral (google.com: 193.145.136.215 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=193.145.136.215;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 193.145.136.215 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from smtp3-salida.ulpgc.es (localhost.localdomain [127.0.0.1])
by smtp3-salida.ulpgc.es (Postfix) with ESMTP id D46AFA5163;
Mon, 8 Feb 2016 22:07:52 +0000 (WET)
Received: from [192.168.0.2] (unknown [197.211.52.50])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp3-salida.ulpgc.es (Postfix) with ESMTP id 703B9A5196;
Mon, 8 Feb 2016 22:07:39 +0000 (WET)
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Re: Dear Sir/Madam
To: Recipients <[email protected]>
From: "Bill William And Andrea Groner" <[email protected]>
Date: Mon, 08 Feb 2016 23:07:09 +0100
Reply-To: [email protected]
X-Antivirus: avast! (VPS 160207-1, 02/07/2016), Outbound message
X-Antivirus-Status: Clean
Message-Id: <[email protected]>
X-Virus-Scanned: ClamAV using ClamSMTP


My name is Bill William Groner my wife and I won Lottery in December 2013, we are donating the part of our winnings to 6 lucky people, from accross the world as part of our philanthropy project and if you received this email then you are one of the luck individuals to receive $1,000,000.00 USD Donation, for charity purpose, reply for more details.

Good luck,
Bill William And Andrea Groner

---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com

====================================
PLEASE DO NOT TELL A SCAMMER HE IS REPORTED HERE!

Learn what a scam is and how to protect yourself
https://www.scamwarners.com/forum/viewtopic.php?f=3&t=5

Who is online

Users browsing this forum: No registered users and 2 guests