The email was sent on 2019-06-19 15:22:19 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 22.214.171.124 in Lagos, Nigeria - Click here to see the location on a map
Click here to leave a comment
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Wed, 19 Jun 2019 12:22:18 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||126.96.36.199|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of server.kritiprakashan.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||s_9E7zEWLDuDMpIVcd55X6icJ3dy48YjYVYvHjKEbtjGE3wE KFUJvVfwSzUPcQoCML4ZSdMoWKAwH3nDSQ4Lby2..nQDtC0R_qEjI7i5A2R4 rq7ahuaVsKpL9S5au21sL_rbVZiRinc51NcgoNgUWfI5cVo2tBmKzg79v1ZE gnQ6rLp.yVzryAJKXT0BLG0nV6AHzauOkKHkmuUdu77sk2QTk5pohvJgxNo. rKXVX7sAi3aHv_pzDm3.Xglm5Ynwlzriw7uW7KtAQ315vXPKKBx2A1Ba7zT4 mCVKbNIGlq_IaxDpez5f_LH2pmYgquuP2jdu90GUBHegi_Yx8IqOsJuW90.a TwuSzZPYV79MkzDhtlR7Ww9a5I_a3Sq8XkFzUA1K7pAzRF7y2sCQlOFA6pll XUu_wTyCSsh_S5j1glgQHQtpvt9r.QWTs9DDyGoq_NRxrqtPDa.JU6pXfYYX BOwq4OepOwBL8ZwQoruYy09gwxHup2GA8Tx.J8JYqjfQ_rx9fRL_m3F3KMXU .VXCxu_BYzsOeyIID3KeocOtG91n42oSNLjLqS2ncZSOZ7wsTKoMH7wUMIo3 XqAL2GWJ93Guq5TTxaqDy2V1DdhKDByDhP.ssUUUxPt4kwSHNnuasit9Xuef QYqi6UnnpX6Cja_ddHhhb0q1VtzpimAqbrT2ZukYQpAjGq1d0H356Z90H5ce Pv47H33X.aQE3QbTq5bAVnroytlIxADTrf8N90xGJz36t0TMBedT1UD0kbo0 jeEtOB8PfuFrCUIBNoqveEq6Qba8aUSxrs.xodDY6o.SRh6PvcK4Syij0qyx zQc3wsE8UvS_dRtkfyZpu5_NHeIqd5PsEVpZ1VYmz.5jQJPrb3VsGm2Xpf6s 5Xlh3aIh86caHyeKgOvw_uaXsmYk2Isdqra91NGe99_mB.oe2CUdiPe6JOf6 WVpdZDKJhJ3XOHfwdKm1eiE4V2lX8jh81FsTrYSALK3q99yT51TnKHeCpwPQ pG0qfQQkfLsEJxlWsZ3tCv6vzDdgDwcIs6rRn_JrxhMBepnO3C0Y|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[188.8.131.52]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4314.mail.ne1.yahoo.com from=gmail.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO server.kritiprakashan.com) (184.108.40.206) by mta4314.mail.ne1.yahoo.com with SMTPS; Wed, 19 Jun 2019 12:22:18 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from kcadmin by server.kritiprakashan.com with local (Exim 4.92) (envelope-from [email address removed] id 1hdZbV-0007hl-97 for [email address removed] Wed, 19 Jun 2019 17:52:17 +0530|
|To:||The email address(es) the email was sent to||[email address removed]|
|Subject:||The subject of the email||CONGRATULATIONS.. Call +1 213 419 1698 to claim your Winning..|
|X-PHP-Script:||The web address of the PHP script used to send the email||www.kritieducation.co.in/who.php for 220.127.116.11 X-PHP-Originating-Script: 500:who.php|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0 Content-type: text/html; charset=iso-8859-1|
|From:||This is the address the email was apparently sent from||Facebook Verification Dpt. [email address removed]|
|Message-Id:||A unique ID assigned to the email for reference purposes||[email address removed]|
|Date:||The date/time the email was sent||Wed, 19 Jun 2019 17:52:17 +0530|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||This header was added to track abuse, please include it with any abuse report|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||Primary Hostname - server.kritiprakashan.com|
|X-AntiAbuse:||If this email was sent through a web hosting account the host will have added these lines in case the email is forwarded to them to report abuse. They contain personally identifiable information which the host would use to identify the sender||Original Domain - yahoo.com|
|X-AntiAbuse:||Originator/Caller UID/GID - [500 500] / [47 12]|
|X-AntiAbuse:||Sender Address Domain - server.kritiprakashan.com|
|X-Get-Message-Sender-Via:||The server the email was sent from, complete with username (this field is often added by web hosting control panels like Cpanel)||server.kritiprakashan.com: authenticated_id: kcadmin/only user confirmed/virtual account not confirmed X-Authenticated-|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||server.kritiprakashan.com: kcadmin|
|X-Source:||Server path to the PHP installation used by the script||/opt/cpanel/ea-php54/root/usr/bin/php-cgi|
|X-Source-Args:||Server path to PHP script used to send this email||/opt/cpanel/ea-php54/root/usr/bin/php-cgi|
|X-Source-Dir:||Web address of the PHP script used to send this email||kritiprakashan.com:/public_html/www.kritieducation.co.in|
|Content-Length:||The size of the email, in bytes||4292|
Facebook Lottery & Charity Award Office,
1 Hacker Way Menlo Park,
California 94025 United States.
Direct Line: +1 213 419 1698
Winning no: FB8701/LPRC
Ticket number; 85430000-07024570000
Serial number; 7755551111
This is to inform you that You have won the sum of $5.800,000.00 on OUR 2019 SWEEPSTAKES (Facebook Inc ) This is a bonus to promote our users worldwide through this online lottery, Which is fully based on an electronic selection . We Celebrating Facebook Inc.® Anniversary and reaching 1 Billion Users worldwide. We Embarked on a worldwide promotion for Disable, Unemployed, Worker's, Retired, Young & Old people, A Sophisticated Automated Database to Randomly select E-mail Accounts that frequently surf the Internet. Consequent upon this, Your Facebook Profile Account was picked for Category A Winners.
We hereby approve you the sum of $5.800,000.00 (Five Million Eight Hundred Thousand) in Cash Credit File from the total cash prize for eight lucky winners in this category.
All participant were selected through a computer balloting system drawn in Nine hundred thousand E-mail address on http://www.facebook.com website from the listed countries: Canada, Australia, United States, Asia, Europe, Middle East and Oceania as part of our international promotions program which is conducted annually.
This Lotto was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the Aspect that impacts people’s lifestyle worldwide.
Further more your details(e-mail address) falls within our American representative office in California, United States, as indicated in your play coupon and your prize of $5.800,000.00 (Five Million Eight Hundred Thousand) will be released to you from this regional branch office in United States .
This award fund MUST be claimed by the MOBILE Number Owner ONLY, within 7 Days from the day of notification. Facebook Inc.® Lottery Promo is the SOLE initiative of (Mr. Mark Zuckerberg) the CEO/Founder of Facebook Inc.® see details on the link: http://newsfeed.time.com/2010/12/09/mark-zuckerberg-to-donate-half-his-wealth-to-charity/
To proceed on your claim validation, we will need your particulars to verify your winning. This will be required to draw up the winning papers in your name. Please if you are not the certified owner of this email address, please do not respond as that will amount to impersonation which could lead to civil or/and criminal proceedings against you…
Attached here is a copy of our verification form; please fill accordingly so as to proceed with your winning validation. Please attach a recent passport photograph if available (For identification at payment point)
1. FULL NAMES:
2. DATE OF BIRTH:
4. MARITAL STATUS:
8.BRIEF DESCRIPTION OF
Please Note that we do not compromise our service and all instructions must be followed accordingly.
Upon receipt of the duly requested data which is to be sent via email, you will receive the contact information of the payment office to effect the release of your claim.
Bernard Wilson C.
Direct Line: +1 213 419 1698
Whatsapp: +1 213 419 1698
1 Hacker Way Menlo Park,
California 94025 United States.
pts rule description ---- ---------------------- -------------------------------------------------- -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (online.facebookinc[at]gmail.com) 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [18.104.22.168 listed in bl.score.senderscore.com] 2.8 MILLION_HUNDRED BODY: Million "One to Nine" Hundred 0.0 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 1.1 MALFORMED_FREEMAIL Bad headers on message from free email service 0.0 LOTS_OF_MONEY Huge... sums of money 1.0 HK_LOTTO No description available. 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 FILL_THIS_FORM Fill in a form with personal information 1.0 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of money 1.4 FORM_FRAUD_5 Fill a form and many fraud phrases
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
Please do not click on links in the above email or make use of any contact details in the above email.