20180418_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1293.2 via Mailbox Transport; Wed, 18 Apr 2018 06:40:35 -0500
4. Received: from MBX12D-ORD1.mex08.mlsrvr.com (172.29.9.42) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1293.2; Wed, 18 Apr 2018 06:40:34 -0500
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX12D-ORD1.mex08.mlsrvr.com (172.29.9.42) with Microsoft SMTP Server (TLS)
9. id 15.0.1293.2 via Frontend Transport; Wed, 18 Apr 2018 06:40:34 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [95.110.231.207]
18. Authentication-Results: smtp9.gate.ord1d.rsapps.net; iprev=pass policy.iprev="95.110.231.207"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mx.europatornei.it"; dkim=pass header.d=europatornei.it; dmarc=pass (p=none; dis=none) header.from=europatornei.it
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 4de32a84-42fd-11e8-9038-525400bd3b1f-1-1
21. Received: from [95.110.231.207] ([95.110.231.207:38204] helo=mx.europatornei.it)
22. by smtp9.gate.ord1d.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
24. id 6C/DB-11087-2BE27DA5; Wed, 18 Apr 2018 07:40:34 -0400
25. Received: from europatornei.it (unknown [190.152.49.40])
26. by mx.europatornei.it (Postfix) with ESMTPA id 797C2495E9A
27. for REMOVED; Wed, 18 Apr 2018 11:37:32 +0000 (UTC)
28. DKIM-Filter: OpenDKIM Filter v2.11.0 mx.europatornei.it 797C2495E9A
29. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=europatornei.it;
30. s=default; t=1524051453;
31. bh=rPcgqcFOMkdIZuTq/tnUZi0K1poolh0RtsmZx3nYToU=;
32. h=To:From:Subject:Date:From;
33. b=bIMzh3EXWo4W4f1RieKMYqV60XWXN8HP8g6YUtvmNaCLyAUlu7Xqnvr55O+XcyUkP
34. wu02+VOgvHYUcEMhMHh6c8k3hS+i8aQjt88AYUWSbplVLlxd1xpGrrMUQpUAAojB5O
35. hy5agZ0I6z+dI5WrVazHq28eJq0RLqkIjz7HGFaY=
36. To: REMOVED
37. From: Al Galaviz <[email protected]>
38. Subject: RE (2):
39. Message-ID: <[email protected]>
40. Date: Wed, 18 Apr 2018 07:37:31 -0400
41. User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101
42. Thunderbird/52.5.2
43. MIME-Version: 1.0
44. Content-Language: en
45. X-MS-Exchange-Organization-Network-Message-Id: 781e30a1-60e4-429d-c58d-08d5a52132ec
46. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1419700;0;This mail has
47. been scanned by Trend Micro ScanMail for Microsoft Exchange;
48. X-MS-Exchange-Organization-SCL: 5
49. X-MS-Exchange-Organization-AuthSource: MBX12D-ORD1.mex08.mlsrvr.com
50. X-MS-Exchange-Organization-AuthAs: Anonymous
51. Content-type: multipart/alternative;
52. boundary="B_3606932908_1148127466"
53.  
54. > This message is in MIME format. Since your mail reader does not understand
55. this format, some or all of this message may not be legible.
56.  
57. --B_3606932908_1148127466
58. Content-type: text/plain;
59. charset="UTF-8"
60. Content-transfer-encoding: 7bit
61.  
62.  
63.  
64.  
65.  
66. Click here!
67.  
68.  
69. --B_3606932908_1148127466
70. Content-type: text/html;
71. charset="UTF-8"
72. Content-transfer-encoding: quoted-printable
73.  
74. <html>
75. <head>
76. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
77. </head>
78. <body text=3D"#000000" bgcolor=3D"#FFFFFF">
79. <p><br>
80. </p>
81. <p><br>
82. </p>
83. <p><a href=3D"http://resursemedia.exploremedicinetv.ro/jvdmtw.php?lnqqnwz">Cl=
84. ick here!</a><br>
85. </p>
86. </body>
87. </html>
88.  
89.  
90. --B_3606932908_1148127466--