Scam email #186405 - Dear Esteemed Customer.
The email was sent on 2016-04-21 11:50:26 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 184.108.40.206 in Unknown, Benin
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Thu, 21 Apr 2016 10:50:25 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||220.127.116.11|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of webs4.xindesigns.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||wVP0pXwWLDs2iI9Uavs_uE5CZKBgf8CqF4P6X_..ImKauAla CfwLA4e_yuItV45ZtCXlR_Mg6gMEiqz04AEq4MBcXcZYM4fHYvRTdRMTvqk3 MKKKy.JcbCoMrCXuCKnIg9sll9bWZcboWF0HTb5iqWBsdbLsu.sGKISbgSSZ Mj1BVcI4b1m0HSI1G0NbRBcGj2tZEapLY8DEA_0U2UpQu4ddgBxWXgxtMBh9 qVaPJl5.KxIKFuaWLzhJ67sdgkRcZCjmM2fqvvT8hCxqlLW8iiVhALvyS3Ix 9AcOcWjN.TZQ6QJ9g9yUPDzKDmKt5mEbt5uC9ahbgspQTK81JDeDx3yPNMbA VjTq6AgzFQ7.XZMRQAe5NhrxChSMlk_LuEqnl6z.JhSvThTJDS1WRzCTpLiO B.kjGJTlbi5axYHWt7RFVzgakSnLVfpvn9lFSL1xqWmP3JTFdNc9ti8sbL2N tr0omN6WnQDZQ_JFy2W5k9kWsxoVkfrLi7b6GE__Mg1tualGHR0Y84UtxAx9 kjbyOPRORXovrwgODUqR7jht1L20dA.a4waR7aalgr6IwWKHjKoQ6vT0jB0j rLgk2sf._HWGm2WdOUkIsYal0pfAaXdSuYjnzRXT932_IN7vFpCzGF.rYRf_ WdpHbK97lsLLXMcTC9kKlXuCau0QfxtKWWS7z16LO5zpk44oTKBTzG3YUQX. fDGy3mTsUCKjVKvtSeaRZKy_I07HkNBmdYNlOtBTytdj7mmCx8BLtAfX9h2Y N1AZ9heybmVgIupKkomCsmYiwUzYW00QSt_3j3cNPMUQLVp0okmvbI7K7qgo mGDXb3YymtJXs4LAJhzl5nwXN5eQCpzEmI7EULQDzv0d5wEbizWYgq8TizBr R68pQDgBaLs_i1E6W060z.A0F8KdTm40edoTN6F77DFJPJ_hqPhbc1Q0p7ft fsfFkx8fe0YYBvklQquDEXuz0FX2qpDW724FeMSbAP3eLbcbCvymeGunrPFE HbJVove_aduAXy4yeNkJqRTHD90nRww0OPy.tzT34gD65RCOId4ctagzQec5 bR5O59PcLr4a4rHlGAygjiNtoXIW9ufu1Kdpd6S.6B38V.v4xd_6qrL9kHJv Eh822ERqoHCWJDdBMOnqfwvMHXzpLSSeJB85o3VsVR_jSrJe6_znGyorZO05 brRa8ATPpepRSKDT0Tm2HyepA2.QHOcaNikKSel8eooxCR2ykO7Xb9aKRdZt FWG6LcqRK6hgAyTQwWA0kGO546KCN01f6P2Ezl78R52eqpzSYruq6SMPvTfz XF6u.l1iVOvpz7MSgRPDGfjsmWtsLV4RPA3Rjm7hntobRm0ktHW74VhOLtNk LMr1pL6VcBKLSAbcE_Ur0TObaVdBq1hL98gx82ZAirg56mWSNVIm6Zvh2Ihj cjVN8Onxuj77LOWcZEQE5GNAK4WAib59Ci6VwDDK0mBQ7hNBm9mKKPCxnxCE Ybkac3nxp3GTGFCRm_gi|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[18.104.22.168]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta1189.mail.gq1.yahoo.com from=alice.it; domainkeys=neutral (no sig); from=alice.it; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO webs4.xindesigns.com) (22.214.171.124) by mta1189.mail.gq1.yahoo.com with SMTPS; Thu, 21 Apr 2016 10:50:24 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from floridanutritio by webs4.xindesigns.com with local (Exim 4.86_1) (envelope-from [email address removed] id 1arBDY-00033P-1W for [email address removed] Fri, 15 Apr 2016 14:23:56 -0700|
|To:||The email address(es) the email was sent to||[email address removed]|
|Subject:||The subject of the email||Dear Esteemed Customer.|
|X-PHP-Script:||The web address of the PHP script used to send the email||drmirkinnutritionflorida.com/wp-includes/Text/Diff/Renderer/hammmmed.php for 126.96.36.199|
|From:||This is the address the email was apparently sent from||Peter Amangbo [email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||[email address removed]|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||8bit|
|Message-Id:||A unique ID assigned to the email for reference purposes||[email address removed]|
|Date:||The date/time the email was sent||Fri, 15 Apr 2016 14:23:56 -0700|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||This header was added to track abuse, please include it with any abuse report|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||Primary Hostname - webs4.xindesigns.com|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||Original Domain - yahoo.com|
|X-AntiAbuse:||Originator/Caller UID/GID - [513 524] / [47 12]|
|X-AntiAbuse:||Sender Address Domain - webs4.xindesigns.com|
|X-Get-Message-Sender-Via:||The server the email was sent from, complete with username (this field is often added by web hosting control panels like Cpanel)||webs4.xindesigns.com: authenticated_id: floridanutritio/only user confirmed/virtual account not confirmed X-Authenticated-|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||webs4.xindesigns.com: floridanutritio|
|Content-Length:||The size of the email, in bytes||2000|
Your content is below the advert
Dear Esteemed Customer.
This is to officially inform that your compensation payment of US$7.5Million has been AWARDED in your names with UN government last week and it has been forwarded to our bank Zenith Bank Plc of Benin headquarter through the help of United Nation Organization/ Federal government of Benin Republic and International Monetary Fund (IMF) And the instruction was given to Zenith Bank Of Benin to Issue You ATM MASTER CARD payment of US$7.5Million and direct it to your nominated Address in your country as soon as you follow our directives in this message since this will be the best and easier way to move such amount to foreign country.
This instruction was given by United Nation Organization and Federal government of Benin to avoid further delay, since International Monitoring FUND (I.M.F) have help us to revert all payment files pending in UN which your names is among the list.
Therefore, for further more information's about your award payment file has been revert in your names. kindly get back to this Bank with below Information's so that we can issue you an ATM MASTER CARD to you without any hitch as the bank telex instruction has already been sent to our Zenith Bank Plc. NOTE: You will withdraw Hundred thousand dollars per day once you received your atm card from any ATM machine that has Visa Card Logo on it worldwide.
Reconfirm your Personal information's for the delivery of your ATM MASTER CARD See below Info.
Cell Phone no:_______
Home phone no:_______
Once you reconfirmed the above information's we will contact the shipping companies to deliver Your ATM MASTER CARD to your home address and
inform you what it will cost to get the Card to you. Sign/Approved by United Nation Organization, Federal government of Benin and IMF Group.
Yours in service.
Mr. Peter Amangbo
Office line +229-999-79138
Managing Director Zenith Bank of BENIN.
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 HK_SCAM_N8 BODY: HK_SCAM_N8
0.0 TVD_RCVD_IP4 Message was received from an IPv4 address
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[188.8.131.52 listed in bb.barracudacentral.org]
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
for more information.
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
1.2 MONEY_ATM_CARD Lots of money on an ATM card
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
2.2 FILL_THIS_FORM_LOAN Answer loan question(s)
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to
2.6 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of money
3.5 MONEY_FRAUD_3 Lots of money and several fraud phrases
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)