20180407_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1293.2 via Mailbox Transport; Sat, 7 Apr 2018 06:09:39 -0500
4. Received: from MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1293.2; Sat, 7 Apr 2018 06:09:38 -0500
7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
8. MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) with Microsoft SMTP Server (TLS)
9. id 15.0.1293.2 via Frontend Transport; Sat, 7 Apr 2018 06:09:38 -0500
10. Return-Path: <ginamarie_herself@gothits.org>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 0
13. X-Spam-Flag: NO
14. X-Virus-Scanned: OK
15. X-Orig-To:
16. X-Originating-Ip: [108.60.222.168]
17. Authentication-Results: smtp33.gate.iad3b.rsapps.net; iprev=pass policy.iprev="108.60.222.168"; spf=pass smtp.mailfrom="ginamarie_herself@gothits.org" smtp.helo="server.gothits.org"; dkim=pass header.d=gothits.org; dmarc=none (p=nil; dis=none) header.from=gothits.org
18. X-Suspicious-Flag: NO
19. X-Classification-ID: 291cd80a-3a54-11e8-b9d3-525400fb5834-1-1
20. Received: from [108.60.222.168] ([108.60.222.168:50144] helo=server.gothits.org)
21. by smtp33.gate.iad3b.rsapps.net (envelope-from <ginamarie_herself@gothits.org>)
22. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
23. id E8/21-04584-2F6A8CA5; Sat, 07 Apr 2018 07:09:38 -0400
24. DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gothits.org
25. ; s=default; h=Content-Type:MIME-Version:Message-Id:Date:Subject:To:From:
26. Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
27. Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
28. In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
29. List-Post:List-Owner:List-Archive;
30. bh=T+bnV/wv74Vrz83dRxG+1EpF5XHiSK5qvV6uZbYzjA4=; b=f5LnIreXbv3aezmRk8LzKDPMNX
31. v8l7uTWKdR/2Z0YGvK7VYYzvjM4bw+TnYiMvRiPfCxC2XtNjki+aJbAxi0z6K9uVXR4jqUBSs0W5u
32. GkufOMQNblEpflHxPUWUNmhmpeCYLY+XnMsW8h9zKnWjcJQIEdaQmhUtvgSIXOwfqp30=;
33. Received: from [14.207.83.250] (port=55444 helo=gothits.org)
34. by server.gothits.org with esmtpsa (TLSv1:ECDHE-RSA-AES128-SHA:128)
35. (Exim 4.89_1)
36. (envelope-from <ginamarie_herself@gothits.org>)
37. id 1f4llE-0006T6-04
38. for REMOVED; Sat, 07 Apr 2018 06:11:56 -0500
39. From: "=?UTF-8?Q?ginamarie=5Fherself?=" <ginamarie_herself@gothits.org>
40. To: REMOVED
41. Subject:
42. Date: Sat, 7 Apr 2018 11:12:47 +0000
43. Message-ID: <48011555fkw1$k3be636g$6hptyunr$@gothits.org>
44. MIME-Version: 1.0
45. X-Mailer: Microsoft Outlook 16.0
46. Thread-Index: MSskKnU5dGN2eV5oNmgrKGR2cShjNA==
47. Content-Language: en-us
48. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
49. X-AntiAbuse: Primary Hostname - server.gothits.org
50. X-AntiAbuse: Original Domain - REMOVED
51. X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
52. X-AntiAbuse: Sender Address Domain - gothits.org
53. X-Get-Message-Sender-Via: server.gothits.org: authenticated_id: support@gothits.org
54. X-Authenticated-Sender: server.gothits.org: support@gothits.org
55. X-Source:
56. X-Source-Args:
57. X-Source-Dir:
58. X-MS-Exchange-Organization-Network-Message-Id: bb890216-4608-4b99-4506-08d59c780de6
59. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1417500;0;This mail has
60. been scanned by Trend Micro ScanMail for Microsoft Exchange;
61. X-MS-Exchange-Organization-SCL: 0
62. X-MS-Exchange-Organization-AuthSource: MBX03C-ORD1.mex08.mlsrvr.com
63. X-MS-Exchange-Organization-AuthAs: Anonymous
64. Content-type: multipart/alternative;
65. boundary="B_3605954630_126137113"
66.  
67. > This message is in MIME format. Since your mail reader does not understand
68. this format, some or all of this message may not be legible.
69.  
70. --B_3605954630_126137113
71. Content-type: text/plain;
72. charset="UTF-8"
73. Content-transfer-encoding: 7bit
74.  
75. Hi
76.  
77.  
78.  
79. https://goo.gl/W2qTMK
80.  
81.  
82.  
83.  
84.  
85.  
86.  
87.  
88.  
89.  
90.  
91. --B_3605954630_126137113
92. Content-type: text/html;
93. charset="UTF-8"
94. Content-transfer-encoding: quoted-printable
95.  
96. <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof=
97. t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=
98. =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org=
99. /TR/REC-html40">
100. <head>
101. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
102. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
103. <style><!--
104. /* Font Definitions */
105. @font-face
106. {font-family:"Cambria Math";
107. panose-1:2 4 5 3 5 4 6 3 2 4;}
108. @font-face
109. {font-family:Calibri;
110. panose-1:2 15 5 2 2 2 4 3 2 4;}
111. /* Style Definitions */
112. p.MsoNormal, li.MsoNormal, div.MsoNormal
113. {margin:0cm;
114. margin-bottom:.0001pt;
115. font-size:11.0pt;
116. font-family:"Calibri","sans-serif";}
117. a:link, span.MsoHyperlink
118. {mso-style-priority:99;
119. color:#0563C1;
120. text-decoration:underline;}
121. a:visited, span.MsoHyperlinkFollowed
122. {mso-style-priority:99;
123. color:#954F72;
124. text-decoration:underline;}
125. span.EmailStyle17
126. {mso-style-type:personal-compose;
127. font-family:"Calibri","sans-serif";
128. color:windowtext;}
129. .MsoChpDefault
130. {mso-style-type:export-only;
131. font-family:"Calibri","sans-serif";}
132. @page WordSection1
133. {size:612.0pt 792.0pt;
134. margin:2.0cm 42.5pt 2.0cm 3.0cm;}
135. div.WordSection1
136. {page:WordSection1;}
137. --></style><!--[if gte mso 9]><xml>
138. <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
139. </xml><![endif]--><!--[if gte mso 9]><xml>
140. <o:shapelayout v:ext=3D"edit">
141. <o:idmap v:ext=3D"edit" data=3D"1" />
142. </o:shapelayout></xml><![endif]-->
143. </head>
144. <body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
145. <div class=3D"WordSection1">
146. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
147. :sans-serif">Hi
148. <o:p></o:p></span></p>
149. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
150. :sans-serif"><o:p>&nbsp;</o:p></span></p>
151. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
152. :sans-serif"><a href=3D"https://goo.gl/W2qTMK">https://goo.gl/W2qTMK</a><o:p><=
153. /o:p></span></p>
154. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
155. :sans-serif"><o:p>&nbsp;</o:p></span></p>
156. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
157. :sans-serif"><o:p>&nbsp;</o:p></span></p>
158. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
159. :sans-serif"><o:p>&nbsp;</o:p></span></p>
160. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
161. :sans-serif"><o:p>&nbsp;</o:p></span></p>
162. <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.3pt;font-family=
163. :sans-serif"><o:p></o:p></span></p>
164. </div>
165. </body>
166. </html>
167.  
168.  
169. --B_3605954630_126137113--