#191479 by Faizan Docherty
Tue Feb 18, 2014 12:21 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 41.138.177.21<br>Originating ISP: Visafone Communications Limited<br> City: Lagos<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.126.40 with SMTP id mv8csp96767pdb;
Sun, 16 Feb 2014 16:47:05 -0800 (PST)
X-Received: by 10.50.47.79 with SMTP id b15mr13942881ign.12.1392598024671;
Sun, 16 Feb 2014 16:47:04 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id x10si17540207icp.121.2014.02.16.16.47.04
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sun, 16 Feb 2014 16:47:04 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
dkim=pass [email protected];
dmarc=pass (p=NONE dis=NONE) header.from=yahoo.com
Received: from nm36.bullet.mail.ne1.yahoo.com ([98.138.229.29]:45891)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1WFCMR-00032l-Fo
for <snipped>; Sun, 16 Feb 2014 18:47:04 -0600
Received: from [127.0.0.1] by nm36.bullet.mail.ne1.yahoo.com with NNFMP; 17 Feb 2014 00:47:02 -0000
Received: from [98.138.100.116] by nm36.bullet.mail.ne1.yahoo.com with NNFMP; 17 Feb 2014 00:44:02 -0000
Received: from [98.138.89.164] by tm107.bullet.mail.ne1.yahoo.com with NNFMP; 17 Feb 2014 00:44:02 -0000
Received: from [127.0.0.1] by omp1020.mail.ne1.yahoo.com with NNFMP; 17 Feb 2014 00:44:02 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 8665 invoked by uid 60001); 17 Feb 2014 00:44:02 -0000
DKIM-Signature: <snipped>
DomainKey-Signature: <snipped>
Received: from [41.138.177.21] by web120505.mail.ne1.yahoo.com via HTTP; Sun, 16 Feb 2014 16:44:02 PST
X-Rocket-MIMEInfo: <snipped>
X-Mailer: YahooMailWebService/0.8.177.636
Message-ID: <[email protected]>
Date: Sun, 16 Feb 2014 16:44:02 -0800 (PST)
From: sahlie duyan <[email protected]>
Reply-To: sahlie duyan <[email protected]>
Subject: Urgent Responds Needed.....sahlie duyan
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1874583742-2131469071-1392597842=:42217"
X-Spam-Status: No, score=2.0
X-Spam-Score: 20
X-Spam-Bar: ++
X-Ham-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Greetings, This message is coming to you with great depression
due to my state of discomfort. I came down here to KIEV, UKRAINE with my
family for a short vacation but unfortunately, we were mugged and robbed at
the park of the hotel where we stayed. All cash, credit cards and cell phones
were stolen away including some valuable items, but luckily for us we still
have our lives and passports. It was a terrible experience but the good thing
is that they didn't hurt anyone. The Embassy and Police have failed to be
effective in this matter, besides paper work would cost us days we can't
afford. Our return flight leaves in less than 12hrs from now but we are having
problems settling the hotel bills and the hotel manager won't let us leave
until we settle the bills. Please I need your financial assistance so we
can pay off the hotel bills and also get a return tickets back home. Can you
help us out? I'll refund the money as soon as we get back home. Get back
to me immediately to let you know the easiest way to get the fund to us. [...]
Content analysis details: (2.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[98.138.229.29 listed in list.dnswl.org]
0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[41.138.177.21 listed in zen.spamhaus.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(sahlie23[at]yahoo.com)
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(sahlie duyan <sahlie23[at]hotmail.com>
)
-0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (sahlie23[at]yahoo.com)
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - scamwarners.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.com
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
Greetings,
This message is coming to you with great depression due to my state of discomfort. I came down here to KIEV, UKRAINE with my family for a short vacation but unfortunately, we were mugged and robbed at the park of the hotel where we stayed. All cash, credit cards and cell phones were stolen away including some valuable items, but luckily for us we still have our lives and passports. It was a terrible experience but the good thing is that they didn't hurt anyone. The Embassy and Police have failed to be effective in this matter, besides paper work would cost us days we can't afford. Our return flight leaves in less than 12hrs from now but we are having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. Please I need your financial assistance so we can pay off the hotel bills and also get a return tickets back home. Can you help us out? I'll refund the money as soon as we get back home. Get back to me immediately to let you know the easiest way to get the fund to us.
We are depressed at the moment.
Best Regards,
SAHLIE BALQUIN
0922-8636515
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
