20190210_PHISHING_SCAM_2

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sun, 10 Feb 2019 18:37:09 -0600
4. Received: from MBX04D-ORD1.mex08.mlsrvr.com (172.29.9.21) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sun, 10 Feb 2019 18:37:09 -0600
7. Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by
8. MBX04D-ORD1.mex08.mlsrvr.com (172.29.9.21) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sun, 10 Feb 2019 18:37:09 -0600
10. Return-Path: <email@email.com>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 0
13. X-Spam-Flag: NO
14. X-Virus-Scanned: OK
15. X-Orig-To: email@email.com
16. X-Originating-Ip: [185.241.4.7]
17. Authentication-Results: smtp26.gate.ord1c.rsapps.net; iprev=pass policy.iprev="185.241.4.7"; spf=fail smtp.mailfrom="email@email.com" smtp.helo="were"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=domain.org
18. X-Suspicious-Flag: NO
19. X-Classification-ID: 298d4bb4-2d95-11e9-b86d-b8ca3a5bd12c-1-1
20. Received: from [185.241.4.7] ([185.241.4.7:32784] helo=were)
21. by smtp26.gate.ord1c.rsapps.net (envelope-from <email@email.com>)
22. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
23. id 18/D6-05125-5B3C06C5; Sun, 10 Feb 2019 19:37:09 -0500
24. Received: from oofioceupdaetowa by were with local (Exim 4.91)
25. (envelope-from <email@email.com>)
26. id 1grgUI-0006GG-4V
27. for email@email.com; Thu, 07 Feb 2019 05:00:54 -0500
28. To: <email@email.com>
29. Subject: IMPORTANT SECURITY ALERT
30. X-PHP-Script: 185.241.4.37/inbox.php for 159.69.177.182
31. X-PHP-Originating-Script: 1003:inbox.php
32. Date: Thu, 7 Feb 2019 10:00:54 +0000
33. From: domain Message Center <email@email.com>
34. Message-ID: <1e1bc2482987b7092f2792020b55e4dc@185.241.4.37>
35. X-Mailer: Microsoft Outlook Express 6.00.2600.0000
36. MIME-Version: 1.0
37. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
38. X-AntiAbuse: Primary Hostname - were
39. X-AntiAbuse: Original Domain - domain.org
40. X-AntiAbuse: Originator/Caller UID/GID - [1003 992] / [47 12]
41. X-AntiAbuse: Sender Address Domain - domain.org
42. X-Get-Message-Sender-Via: were: authenticated_id: oofioceupdaetowa/only user confirmed/virtual account not confirmed
43. X-Authenticated-Sender: were: oofioceupdaetowa
44. X-Source:
45. X-Source-Args:
46. X-Source-Dir:
47. X-MS-Exchange-Organization-Network-Message-Id: 255e68a2-8017-449b-5652-08d68fb90e93
48. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1480300;0;This mail has
49. been scanned by Trend Micro ScanMail for Microsoft Exchange;
50. X-MS-Exchange-Organization-SCL: 0
51. X-MS-Exchange-Organization-AuthSource: MBX04D-ORD1.mex08.mlsrvr.com
52. X-MS-Exchange-Organization-AuthAs: Anonymous
53. Content-type: multipart/alternative;
54. boundary="B_3632674070_2049477911"
55.  
56. > This message is in MIME format. Since your mail reader does not understand
57. this format, some or all of this message may not be legible.
58.  
59. --B_3632674070_2049477911
60. Content-type: text/plain;
61. charset="UTF-8"
62. Content-transfer-encoding: 7bit
63.  
64.  
65.  
66. This mail is from a trusted sender.
67.  
68.  
69.  
70. Dear email@email.com ,
71.  
72. Please confirm account email@email.com to enable a better service communication,
73. and avoid mail delivery malfunction.
74.  
75. Confirm email@email.com
76.  
77. Note: Office will always keep you posted of security updates.
78.  
79. Thanks and Regards,
80. email@email.com (C) 2019 Secured Service. - This email was sent to email@email.com
81.  
82.  
83. --B_3632674070_2049477911
84. Content-type: text/html;
85. charset="UTF-8"
86. Content-transfer-encoding: quoted-printable
87.  
88. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
89. <html>
90. <head>
91. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
92. <meta name=3D"GENERATOR" content=3D"MSHTML 11.00.10570.1001">
93. </head>
94. <body>
95. <p><br class=3D"Apple-interchange-newline">
96. <table class=3D"yiv6061570731ydp850c3b47yiv9171881082m_-8772752807624100762x_=
97. ecxmyTable" style=3D"FONT-SIZE: 13px; FONT-FAMILY: new; WIDTH: 700px; WHITE-SP=
98. ACE: normal; WORD-SPACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: n=
99. one; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-ALIGN:=
100. left; MIN-HEIGHT: 36px; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; LINE=
101. -HEIGHT: 1.6em; BACKGROUND-COLOR: rgb(238,238,238); TEXT-INDENT: 0px; font-v=
102. ariant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-wid=
103. th: 0px; text-decoration-style: initial; text-decoration-color: initial">
104. <tbody>
105. <tr>
106. <th style=3D"BORDER-TOP: rgb(0,0,0) 0px solid; BORDER-RIGHT: rgb(0,0,0) 0px s=
107. olid; WIDTH: 2px; BORDER-BOTTOM: rgb(0,0,0) 0px solid; COLOR: white; PADDING=
108. -BOTTOM: 4px; PADDING-TOP: 4px; PADDING-LEFT: 4px; BORDER-LEFT: rgb(0,0,0) 0=
109. px solid; PADDING-RIGHT: 4px; BACKGROUND-COLOR: rgb(2,151,64)">
110. <br>
111. </th>
112. <td style=3D"BORDER-TOP: rgb(0,0,0) 0px solid; BORDER-RIGHT: rgb(0,0,0) 0px s=
113. olid; BORDER-BOTTOM: rgb(0,0,0) 0px solid; PADDING-BOTTOM: 4px; PADDING-TOP:=
114. 4px; PADDING-LEFT: 4px; BORDER-LEFT: rgb(0,0,0) 0px solid; PADDING-RIGHT: 4=
115. px; BACKGROUND-COLOR: rgb(243,255,248)">
116. <div class=3D"yiv6061570731ydp850c3b47yiv9171881082m_-8772752807624100762x_ec=
117. xms-font-weight-regular yiv6061570731ydp850c3b47yiv9171881082m_-877275280762=
118. 4100762x_ecxms-font-s yiv6061570731ydp850c3b47yiv9171881082m_-87727528076241=
119. 00762x_ecxInfobarImmediateTextContainer yiv6061570731ydp850c3b47yiv917188108=
120. 2m_-8772752807624100762x_ecxms-font-color-neutralDark">
121. <span style=3D"FONT-FAMILY: arial, helvetica, sans-serif"><span style=3D"FONT-S=
122. IZE: 12px">This mail is from a trusted sender.</span></span></div>
123. </td>
124. </tr>
125. </tbody>
126. </table>
127. </p>
128. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
129. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
130. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
131. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
132. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
133. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
134. initial; text-decoration-color: initial">
135. <div>&nbsp;</div>
136. <div>
137. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
138. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
139. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
140. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
141. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
142. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
143. initial; text-decoration-color: initial">
144. &nbsp;</div>
145. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
146. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
147. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
148. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
149. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
150. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
151. initial; text-decoration-color: initial">
152. <br>
153. Dear&nbsp;email@email.com&nbsp;,<br>
154. <br>
155. Please confirm account <font color=3D"#00ff00">email@email.com</font> to ena=
156. ble a better service communication,<br>
157. and avoid mail delivery malfunction.<span>&nbsp;</span><br>
158. <br>
159. </div>
160. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
161. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
162. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
163. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
164. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
165. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
166. initial; text-decoration-color: initial">
167. <table width=3D"393">
168. <tbody>
169. <tr>
170. <td style=3D"FONT-SIZE: 14px; BORDER-TOP: rgb(0,120,215) 1px solid; FONT-FAMI=
171. LY: &quot;Segoe UI Semibold&quot;, &quot;Segoe WP Semibold&quot;, &quot;Sego=
172. e UI&quot;, &quot;Segoe WP&quot;, Segoe, Tahoma, &quot;Microsoft Sans Serif&=
173. quot;, Verdana, sans-serif; BORDER-RIGHT: rgb(0,120,215) 1px solid; WIDTH: 2=
174. 00px; VERTICAL-ALIGN: middle; WHITE-SPACE: nowrap; BORDER-BOTTOM: rgb(0,120,=
175. 215) 1px solid; COLOR: rgb(255,255,255); TEXT-ALIGN: center; PADDING-LEFT: 2=
176. 0px; MIN-HEIGHT: 30px; BORDER-LEFT: rgb(0,120,215) 1px solid; MARGIN: 0px; L=
177. INE-HEIGHT: 20px; PADDING-RIGHT: 20px; BACKGROUND-COLOR: rgb(0,120,215)">
178. <a style=3D"TEXT-DECORATION: none; COLOR: rgb(255,255,255)" href=3D"https://mye=
179. mailsrvrupgraade.z13.web.core.windows.net/" rel=3D"noreferrer" target=3D"_blank"=
180. ><strong><u>Confirm email@email.com</u></strong></a></td>
181. </tr>
182. </tbody>
183. </table>
184. </div>
185. <br style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helvet=
186. ica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFO=
187. RM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-A=
188. LIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR:=
189. rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-va=
190. riant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: i=
191. nitial; text-decoration-color: initial">
192. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
193. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
194. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
195. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
196. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
197. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
198. initial; text-decoration-color: initial">
199. <strong>Note:</strong><span>&nbsp;</span>Office will always keep you posted=
200. of security updates.</div>
201. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: &quot;Helvetica Neue&quot;, Helve=
202. tica, Arial, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSF=
203. ORM: none; FONT-WEIGHT: 400; COLOR: rgb(38,40,42); FONT-STYLE: normal; TEXT-=
204. ALIGN: left; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR=
205. : rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-v=
206. ariant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-style: =
207. initial; text-decoration-color: initial">
208. <br>
209. Thanks and Regards,<br>
210. email@email.com (C) 2019 Secured Service. -<span>&nbsp;</span><span style=3D=
211. "TEXT-DECORATION: none; COLOR: rgb(110,120,139)">This email was sent to
212. <font color=3D"#26282a">email@email.com</font></span></div>
213. </div>
214. </div>
215. </body>
216. </html>
217.  
218.  
219. --B_3632674070_2049477911--