20181127_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Tue, 27 Nov 2018 22:01:31 -0600
4. Received: from MBX06D-ORD1.mex08.mlsrvr.com (172.29.9.27) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Tue, 27 Nov 2018 22:01:31 -0600
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX06D-ORD1.mex08.mlsrvr.com (172.29.9.27) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Tue, 27 Nov 2018 22:01:31 -0600
10. Return-Path: <moktm@hmeranti.com>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [68.64.155.162]
18. Authentication-Results: smtp37.gate.ord1d.rsapps.net; iprev=pass policy.iprev="68.64.155.162"; spf=neutral smtp.mailfrom="moktm@hmeranti.com" smtp.helo="h152.cpanellogin.net"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=hmeranti.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 493d0944-f2c2-11e8-bd54-525400a11cf3-1-1
21. Received: from [68.64.155.162] ([68.64.155.162:57865] helo=h152.cpanellogin.net)
22. by smtp37.gate.ord1d.rsapps.net (envelope-from <moktm@hmeranti.com>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-SHA)
24. id 02/AF-18017-A131EFB5; Tue, 27 Nov 2018 23:01:31 -0500
25. Received: from [127.0.0.1] (port=43748 helo=webmail.dynamicjo.com)
26. by h152.cpanellogin.net with esmtpa (Exim 4.87)
27. (envelope-from <moktm@hmeranti.com>)
28. id 1gRqv8-0006Mb-KD; Tue, 27 Nov 2018 19:53:50 -0800
29. MIME-Version: 1.0
30. Date: Wed, 28 Nov 2018 05:53:50 +0200
31. From: Rana Rahaman <moktm@hmeranti.com>
32. To: undisclosed-recipients:;
33. Subject: PLS KNDLY CFM QOUTE
34. Reply-To: <carmen.corbera@sothebys.fun>
35. Mail-Reply-To: carmen.corbera@sothebys.fun
36. Message-ID: <a7c33da1b5cc5987a667b6774c07a1b5@dynamicjo.com>
37. X-Sender: moktm@hmeranti.com
38. User-Agent: Roundcube Webmail/0.9.5
39. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
40. X-AntiAbuse: Primary Hostname - h152.cpanellogin.net
41. X-AntiAbuse: Original Domain - REMOVED
42. X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
43. X-AntiAbuse: Sender Address Domain - hmeranti.com
44. X-Get-Message-Sender-Via: h152.cpanellogin.net: authenticated_id: lana@dynamicjo.com
45. X-Authenticated-Sender: h152.cpanellogin.net: lana@dynamicjo.com
46. X-Source:
47. X-Source-Args:
48. X-Source-Dir:
49. X-MS-Exchange-Organization-Network-Message-Id: 218f41d5-25ef-4153-d9a8-08d654e62e2b
50. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1465100;0;This mail has
51. been scanned by Trend Micro ScanMail for Microsoft Exchange;
52. X-MS-Exchange-Organization-SCL: 5
53. X-MS-Exchange-Organization-AuthSource: MBX06D-ORD1.mex08.mlsrvr.com
54. X-MS-Exchange-Organization-AuthAs: Anonymous
55. Content-type: multipart/mixed;
56. boundary="B_3626446943_786630211"
57.  
58. > This message is in MIME format. Since your mail reader does not understand
59. this format, some or all of this message may not be legible.
60.  
61. --B_3626446943_786630211
62. Content-type: multipart/alternative;
63. boundary="B_3626446943_710103333"
64.  
65.  
66. --B_3626446943_710103333
67. Content-type: text/plain;
68. charset="UTF-8"
69. Content-transfer-encoding: 7bit
70.  
71. Hello, Good day.
72.  
73. I noticed an email from you confirm rates for the products which we requested for from your good company.
74.  
75. I have had some issues with my PC and now the mail has gone from my in box
76.  
77. Sorry to ask but confirm to us once more? Kindly find our attached RFQ once more for your kind reference.
78.  
79. I look forward to receiving your kind confirmation.
80.  
81.  
82.  
83. Thank you
84.  
85.  
86.  
87. Kind Regards
88.  
89. Asst. Manager, Commercial & Logistics Weber Solutions Ltd.
90.  
91. A House-10(2nd Floor), Road-06, Sector-01, Uttara, Dhaka.
92. M +8801977552228
93. W www.weberbd.com
94.  
95.  
96.  
97.  
98.  
99.  
100.  
101.  
102. --B_3626446943_710103333
103. Content-type: text/html;
104. charset="UTF-8"
105. Content-transfer-encoding: quoted-printable
106.  
107. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
108. <html>
109. <head>
110. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
111. </head>
112. <body style=3D"font-family: Verdana,Geneva,sans-serif">
113. <p>Hello, Good day.</p>
114. <p>I noticed an email from you confirm rates for the products which we requ=
115. ested for from your good company.</p>
116. <p>I have had some issues with my PC and now the mail has gone from my in b=
117. ox</p>
118. <p><span>Sorry to ask but confirm to us once more? Kindly find our attached=
119. RFQ once more for your kind&nbsp;reference.</span></p>
120. <p><span>I&nbsp;look&nbsp;forward to receiving your kind confirmation.</spa=
121. n></p>
122. <p><span style=3D"text-decoration: underline;"></span>&nbsp;<span style=3D"text=
123. -decoration: underline;"></span></p>
124. <p>Thank you<span style=3D"text-decoration: underline;"></span><span style=3D"t=
125. ext-decoration: underline;"></span></p>
126. <p><span style=3D"text-decoration: underline;"></span>&nbsp;<span style=3D"text=
127. -decoration: underline;"></span></p>
128. <p>Kind Regards</p>
129. <table>
130. <tbody>
131. <tr>
132. <td width=3D"328">
133. <table style=3D"width: 100%;">
134. <tbody>
135. <tr>
136. <td width=3D"328">
137. <table style=3D"width: 100%;">
138. <tbody>
139. <tr>
140. <td>
141. <p>Asst. Manager, Commercial &amp; Logistics</p>
142. <p>Weber Solutions Ltd.</p>
143. </td>
144. </tr>
145. </tbody>
146. </table>
147. </td>
148. </tr>
149. <tr>
150. <td width=3D"328">&nbsp;</td>
151. </tr>
152. <tr>
153. <td width=3D"328">
154. <table style=3D"width: 100%;">
155. <tbody>
156. <tr>
157. <td>
158. <p><strong>A&nbsp;</strong>&nbsp;House-10(2nd Floor), Road-06, Sector-01, U=
159. ttara, Dhaka.</p>
160. </td>
161. </tr>
162. <tr>
163. <td>
164. <table>
165. <tbody>
166. <tr>
167. <td>
168. <p><strong>M&nbsp;</strong><a>&#43;8801977552228&nbsp;</a></p>
169. </td>
170. </tr>
171. </tbody>
172. </table>
173. </td>
174. </tr>
175. <tr>
176. <td>
177. <table>
178. <tbody>
179. <tr>
180. <td>
181. <p><strong>W&nbsp;</strong><a href=3D"http://www.weberbd.com/">www.weberbd.co=
182. m</a></p>
183. </td>
184. </tr>
185. </tbody>
186. </table>
187. </td>
188. </tr>
189. <tr>
190. <td>&nbsp;</td>
191. </tr>
192. </tbody>
193. </table>
194. </td>
195. </tr>
196. </tbody>
197. </table>
198. </td>
199. </tr>
200. </tbody>
201. </table>
202. <div>&nbsp;</div>
203. <div>&nbsp;</div>
204. <div>&nbsp;</div>
205. <div>&nbsp;</div>
206. <div>&nbsp;</div>
207. </body>
208. </html>
209.  
210.  
211. --B_3626446943_710103333--
212.  
213.  
214. --B_3626446943_786630211
215. Content-type: application/zip; name="RFQ 218_1118.r00";
216. x-mac-creator="4F50494D"
217. Content-ID: <B43C6A8A0B55DA429F50D6DE30724D54@mex08.mlsrvr.com>
218. Content-disposition: attachment;
219. filename="RFQ 218_1118.r00"
220. Content-transfer-encoding: base64