<johnloanfirms1@gmail.com>

<[email protected]>

by Faizan Docherty Sun Nov 23, 2014 8:12 am

ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 212.26.6.12
Originating ISP: King Abdul Aziz City For Science And Technology
City: Riyadh
Country of Origin: Saudi Arabia
* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.70.50.233 with SMTP id f9csp64287pdo;
Wed, 19 Nov 2014 11:12:44 -0800 (PST)
X-Received: by 10.66.139.106 with SMTP id qx10mr23677435pab.138.1416424364527;
Wed, 19 Nov 2014 11:12:44 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (ar-005-i202.relay.mailchannels.net. [162.253.144.84])
by mx.google.com with ESMTP id fs12si57888pdb.73.2014.11.19.11.12.42
for <snipped>;
Wed, 19 Nov 2014 11:12:44 -0800 (PST)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=162.253.144.84;
Authentication-Results: mx.google.com;
spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected]
X-Sender-Id: _forwarded-from|134.177.200.56
Received: from r8-chicago.webserversystems.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183])
by relay.mailchannels.net (Postfix) with ESMTPA id 5713A4C98
for <snipped>; Wed, 19 Nov 2014 19:12:41 +0000 (UTC)
X-Sender-Id: _forwarded-from|134.177.200.56
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.245.49.62])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.1);
Wed, 19 Nov 2014 19:12:42 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|134.177.200.56
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1416424361949:3550221987
X-MC-Ingress-Time: 1416424361948
Received: from smtp.sfh.med.sa ([212.26.6.12]:20577 helo=SRV-SMTP1.SFH.MED.SA)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1XrAg8-000E69-W2
for <snipped>; Wed, 19 Nov 2014 13:12:39 -0600
Received: from SRV-OWA.SFH.MED.SA (unknown [134.177.200.56]) by SRV-SMTP1.SFH.MED.SA with smtp
(TLS: TLSv1/SSLv3,128bits,AES128-SHA)
id 3cfa_08b4_1710ec86_928a_47d0_8ee7_ebeedb00496b;
Wed, 19 Nov 2014 22:16:35 +0300
Received: from MAIL.SFH.MED.SA ([fe80::247a:5b3c:9f28:bc62]) by
SRV-OWA.SFH.MED.SA ([fe80::1df2:20e5:7476:afba%11]) with mapi; Wed, 19 Nov
2014 22:11:39 +0300
From: "Mohammad H. Al zahrani" <[email protected]>
Date: Wed, 19 Nov 2014 22:11:38 +0300
Subject: [spam] loan offer
Thread-Topic: loan offer
Thread-Index: AQHQBCyk6pfuJre/ikuErS5XzK7oqg==
Message-ID: <[email protected]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-NAI-Spam-Rules: 9 Rules triggered
SUB_SPEAR_4=2, SUB_SPEAR_4_SHTTP=2, SUBJ_DEBT_LOAN_2_5_LCWRDS=1.5,
SUB_SPEAR_4_W_GEN_SPAM_FEATRE=1, SUSPECT_EMAIL=0.5, GEN_SPAM_FEATRE=0.2,
NOFROM_SGMAIL=0.2, NOFROM_SGMAIL_W_GEN_SPAM_FEATRE=0.2, RV5130=0
X-NAI-Spam-Version: 2.3.0.9378 : core <5130> : inlines <1544> : streams
<1345265> : uri <1835328>
X-Spam-Status: No, score=3.0
X-Spam-Score: 30
X-Spam-Bar: +++
X-Ham-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: if you need a loan,contact us via email? [email protected]
Disclaimer: This message is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material.
Any use of this information by persons or entities other than the intended
recipient is prohibited. If you have received this by error, please contact
the sender and delete the material from your computer. Any opinions and other
information contained in this message that do not relate to the official
business of Security Forces Hospital (SFH) shall be understood as neither
given or endorsed by it. Although precautions have been taken to ensure no
viruses are present in this email, SFH cannot accept responsibility for any
loss or damage arising from the use of this email or attachments. Ø¥Ù† Ù‡Ø°Ø§
Ø§Ù„Ø¨Ø±ÙŠØ¯ Ø§Ù„Ø§Ù„ÙƒØªØ±ÙˆÙ†ÙŠ Ù…ÙˆØ¬Ù‡ ÙˆÙ…Ø±Ø³Ù„ ÙÙ‚Ø· Ø¥Ù„Ù‰ Ø£Ø´Ø®Ø§Øµ
Ø£Ùˆ Ø¥Ù„Ù‰ Ø¬Ù‡Ø§Øª Ù…Ø¹ÙŠÙ†Ø© ØŒ ÙˆÙ‚Ø¯ ÙŠØØªÙˆÙŠ Ø¹Ù„Ù‰ Ù…Ø¹Ù„ÙˆÙ…Ø§Øª
Ø³Ø±ÙŠØ© ÙˆÙ„Ø§ ÙŠØµØ±Ø Ù„Ø£ÙŠ Ø´Ø®Øµ Ø¢Ø®Ø± Ø§Ù„Ø§Ø·Ù„Ø§Ø¹ Ø¹Ù„ÙŠÙ‡Ø§ØŒ
ÙˆÙÙŠ ØØ§Ù„ Ø§Ø³ØªÙ„Ø§Ù… Ù‡Ø°Ø§ Ø§Ù„Ø¨Ø±ÙŠØ¯ Ø§Ù„Ø§Ù„ÙƒØªØ±ÙˆÙ†ÙŠ Ø¹Ù†
Ø·Ø±ÙŠÙ‚ Ø§Ù„Ø®Ø·Ø£ØŒ ÙØ¥Ù†Ù‡ ÙŠØ¬Ø¨ ØØ°ÙÙ‡ Ù…Ù† Ø§Ù„ØØ§Ø³ÙˆØ¨ ÙˆØ¥Ø¨Ù„Ø§Øº
Ø§Ù„Ù…Ø±Ø³Ù„ØŒ ÙƒÙ…Ø§ Ø£Ù† Ø§Ù„Ø¢Ø±Ø§Ø¡ Ø§Ù„Ù…Ø°ÙƒÙˆØ±Ø© ÙÙŠ Ù‡Ø°Ø§ Ø§Ù„Ø¨Ø±ÙŠØ¯
ØªÙ…Ø«Ù„ Ø±Ø£ÙŠ Ù…Ø±Ø³Ù„Ù‡Ø§ ÙˆÙ„Ø§ ØªØ¹Ø¨Ø± Ø¨Ø§Ù„Ø¶Ø±ÙˆØ±Ø© Ø¹Ù† Ø±Ø£ÙŠ
Ù…Ø³ØªØ´ÙÙ‰ Ù‚ÙˆÙ‰ Ø§Ù„Ø£Ù…Ù†. ÙˆØ¨Ø§Ù„Ø±ØºÙ… Ù…Ù† Ø§Ø®Ø° ÙƒØ§ÙØ© Ø§Ù„Ø§ØØªÙŠØ§Ø·Ø§Øª
Ø§Ù„Ù„Ø§Ø²Ù…Ø© Ù„Ù„ØªØ£ÙƒØ¯ Ù…Ù† Ø®Ù„Ùˆ Ù‡Ø°Ø§ Ø§Ù„Ø¨Ø±ÙŠØ¯ Ø§Ù„Ø§Ù„ÙƒØªØ±ÙˆÙ†ÙŠ
Ù…Ù† Ø§Ù„ÙÙŠØ±ÙˆØ³Ø§ØªØŒ Ø¥Ù„Ø§Ù‘ Ø£Ù† Ù…Ø³ØªØ´ÙÙ‰ Ù‚ÙˆÙ‰ Ø§Ù„Ø£Ù…Ù† Ù„Ø§
ÙŠØªØÙ…Ù„ Ø£ÙŠ Ù…Ø³Ø¤ÙˆÙ„ÙŠØ© ÙÙŠ ØØ§Ù„ ØØµÙˆÙ„ Ø£ÙŠØ© Ø®Ø³Ø§Ø±Ø© Ø£Ùˆ
Ø¶Ø±Ø± Ù†Ø§ØªØ¬ÙŠÙ† Ø¹Ù† Ø§Ø³ØªØ®Ø¯Ø§Ù… Ù‡Ø°Ø§ Ø§Ù„Ø¨Ø±ÙŠØ¯ Ø§Ù„Ø§Ù„ÙƒØªØ±ÙˆÙ†ÙŠ
Ø£Ùˆ Ù…Ø§ÙÙŠÙ‡ Ù…Ù† Ù…Ù„ØÙ‚Ø§Øª. [...]

Content analysis details: (3.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.0 MISSING_HEADERS Missing To: header
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
X-Spam-Flag: NO
X-AuthUser:

if you need a loan,contact us via email? [email protected]

Disclaimer:
------------------------------------------------------------------------------------------------------------------
This message is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use of this information by persons or entities other than the intended recipient is prohibited. If you have received this by error, please contact the sender and delete the material from your computer. Any opinions and other information contained in this message that do not relate to the official business of Security Forces Hospital (SFH) shall be understood as neither given or endorsed by it. Although precautions have been taken to ensure no viruses are present in this email, SFH cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
إن هذا البريد الالكتروني موجه ومرسل فقط إلى أشخاص أو إلى جهات معينة ، وقد يحتوي على معلومات سرية ولا يصرح لأي شخص آخر الاطلاع عليها، وفي حال استلام هذا البريد الالكتروني عن طريق الخطأ، فإنه يجب حذفه من الحاسوب وإبلاغ المرسل، كما أن الآراء المذكورة في هذا البريد تمثل رأي مرسلها ولا تعبر بالضرورة عن رأي مستشفى قوى الأمن. وبالرغم من اخذ كافة الاحتياطات اللازمة للتأكد من خلو هذا البريد الالكتروني من الفيروسات، إلاّ أن مستشفى قوى الأمن لا يتحمل أي مسؤولية في حال حصول أية خسارة أو ضرر ناتجين عن استخدام هذا البريد الالكتروني أو مافيه من ملحقات.

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.

Username

Faizan Docherty

Rank

Registered Member

Posts

3176

Joined

Sun Mar 10, 2013 4:07 am

Location

Looking over scammers' shoulders...

<[email protected]>

<[email protected]>

<[email protected]>

Who is online