An
Email with the Subject "GET BACK TO ME NOW" was
received in one of Scamdex's honeypot email accounts on Sat, 02 Apr 2011 17:34:44 -0700
and has been classified as a Advance Fee Fraud/419 Scam Email.
The sender shows as Zhenyao Dong <dong.206@osu.edu>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
taylorbankcontactbusinessproposalusd
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scams@scamdex.com,scamdex@scamdex.com,paypal@scamdex.com
[delivery-date:] => Sat, 02 Apr 2011 17:34:44 -0700
[received:] => Array
(
[0] => from defang19.it.ohio-state.edu ([128.146.216.133])by chester.loopbiz.com with esmtp (Exim 4.69)(envelope-from )id 1Q6BHA-0008ON-1J; Sat, 02 Apr 2011 17:34:44 -0700
[1] => from defang10.it.ohio-state.edu (defang10.it.ohio-state.edu [128.146.216.79])by defang19.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id p330XIsu026987;Sat, 2 Apr 2011 20:33:18 -0400
[2] => from osu.edu (tnc-webmail-2.it.ohio-state.edu [140.254.54.152])by defang10.it.ohio-state.edu (8.13.7/8.13.1) with ESMTP id p330WRf3002796;Sat, 2 Apr 2011 20:32:28 -0400
[3] => from [140.254.54.152] by tnc-webmail-2.it.ohio-state.edu(mshttpd); Sun, 03 Apr 2011 01:32:27 +0100
)
[from:] => Zhenyao Dong
[bcc:] =>
[reply-to:] => weahtaylor7@gala.net
[message-id:] =>
[date:] => Sun, 03 Apr 2011 01:32:27 +0100
[x-mailer:] => Sun Java(tm) System Messenger Express 6.3-8.04 (built Jul 292009; 32bit)
[mime-version:] => 1.0
[content-language:] => en
[subject:] => GET BACK TO ME NOW
[x-accept-language:] => en
[priority:] => normal
[content-type:] => multipart/mixed; boundary="--3f40e06835092d193c"
[x-spam-flag:] => Array
(
[0] => YES
[1] => NO
)
[x-spam-score:] => Array
(
[0] => 5.00 (*****) [Tag at 4.50] ADVANCE_FEE_2,HTML_MESSAGE,SUBJ_ALL_CAPS,US_DOLLARS_3,SPF(pass,0)
[1] => -9
)
[x-canit-geo:] => ip=128.146.216.79; country=US; region=OH; city=Columbus; latitude=39.9968; longitude=-82.9882; metrocode=535; areacode=614; http://maps.google.com/maps?q=39.9968,-82.9882&z=6
[x-canitpro-stream:] => outbound
[x-scanned-by:] => CanIt (www . roaringpenguin . com) on 128.146.216.133
[x-spam-status:] => No, score=-1.0
[x-spam-bar:] => -
[x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Hello, I am Mr.Jin Jingze; I have a business proposal of $20,500.000.00USD, for you to handle with me from my bank. If interested, please send meyour full contact details and after that I shall provide you with more detailsof the business. [...] Content analysis details: (-1.0 points, 4.0 required)pts rule name description---- ---------------------- ---------------------------------------------------0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, lowtrust[128.146.216.133 listed in list.dnswl.org]-2.0 SUBJ_ALL_CAPS Subject is all capitals-0.0 SPF_PASS SPF: sender matches SPF record1.2 MISSING_HEADERS Missing To: header-2.0 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)0.0 HTML_MESSAGE BODY: HTML included in message0.0 LOTS_OF_MONEY Huge... sums of money1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Hello, I am Mr.Jin Jingze; I have a business proposal of $20,500.000.00 USD, for you to handle with me from my bank. If interested, please send me your full contact details and after that I shall provide you with more details of the business.
Hello, I am Mr.Jin Jingze; I have a business proposal of $20,500.000.00 USD, for you to handle with me from my bank. If interested, please send me your full contact details and after that I shall provide you with more details of the business.
