20181103_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sat, 3 Nov 2018 13:51:05 -0500
4. Received: from MBX04C-ORD1.mex08.mlsrvr.com (172.29.9.20) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sat, 3 Nov 2018 13:51:04 -0500
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX04C-ORD1.mex08.mlsrvr.com (172.29.9.20) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sat, 3 Nov 2018 13:51:04 -0500
10. Return-Path: <martina.hagemann@freenet.de>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 0
13. X-Spam-Flag: NO
14. Authentication-Results: smtp18.gate.ord1d.rsapps.net x-tls.subject="/C=DE/O=freenet.de GmbH/ST=Hamburg/L=Hamburg/CN=*.freenet.de"; auth=pass (cipher=DHE-RSA-AES128-GCM-SHA256)
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [195.4.92.92]
18. Authentication-Results: smtp18.gate.ord1d.rsapps.net; iprev=pass policy.iprev="195.4.92.92"; spf=pass smtp.mailfrom="martina.hagemann@freenet.de" smtp.helo="mout2.freenet.de"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=freenet.de
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 6a1a0388-df99-11e8-84c1-5254005167a7-1-1
21. Received: from [195.4.92.92] ([195.4.92.92:56680] helo=mout2.freenet.de)
22. by smtp18.gate.ord1d.rsapps.net (envelope-from <martina.hagemann@freenet.de>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES128-GCM-SHA256
24. subject="/C=DE/O=freenet.de GmbH/ST=Hamburg/L=Hamburg/CN=*.freenet.de")
25. id 3C/37-09768-81EEDDB5; Sat, 03 Nov 2018 14:51:04 -0400
26. Received: from [195.4.92.164] (helo=mjail1.freenet.de)
27. by mout2.freenet.de with esmtpa (ID martina.hagemann@freenet.de) (port 25) (Exim 4.90_1 #2)
28. id 1gJ10h-0006zg-Hh
29. for REMOVED; Sat, 03 Nov 2018 19:51:03 +0100
30. Received: from [::1] (port=47358 helo=mjail1.freenet.de)
31. by mjail1.freenet.de with esmtpa (ID martina.hagemann@freenet.de) (Exim 4.90_1 #2)
32. id 1gJ10h-00027M-Gb
33. for REMOVED; Sat, 03 Nov 2018 19:51:03 +0100
34. Received: from sub4.freenet.de ([195.4.92.123]:39486)
35. by mjail1.freenet.de with esmtpa (ID martina.hagemann@freenet.de) (Exim 4.90_1 #2)
36. id 1gJ0yU-0006Ud-Ll
37. for REMOVED; Sat, 03 Nov 2018 19:48:46 +0100
38. Received: from [175.110.201.158] (port=49589 helo=mx.freenet.de)
39. by sub4.freenet.de with esmtpsa (ID martina.hagemann@freenet.de) (TLSv1:ECDHE-RSA-AES128-SHA:128) (port 587) (Exim 4.90_1 #2)
40. id 1gJ0yR-0008Qe-UF
41. for REMOVED; Sat, 03 Nov 2018 19:48:46 +0100
42. From: Ryan Fiaschetti <martina.hagemann@freenet.de>
43. To: REMOVED
44. Reply-To: Ryan Fiaschetti <fiaschettirv@yahoo.com>
45. Subject:
46. Date: Sat, 3 Nov 2018 14:48:36 -0400
47. Message-ID: <4983416y9hmp$5u9ua7ht$56urfk3s$@freenet.de>
48. MIME-Version: 1.0
49. X-Mailer: Microsoft Outlook 15.0
50. Thread-Index: cipycyo3d3JlXzFja3ZtKilhMSs1eQ==
51. Content-Language: en-us
52. X-Originated-At: 175.110.201.158!49589
53. X-MS-Exchange-Organization-Network-Message-Id: 305edad9-9310-4970-4334-08d641bd4f03
54. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1460300;0;This mail has
55. been scanned by Trend Micro ScanMail for Microsoft Exchange;
56. X-MS-Exchange-Organization-SCL: 0
57. X-MS-Exchange-Organization-AuthSource: MBX04C-ORD1.mex08.mlsrvr.com
58. X-MS-Exchange-Organization-AuthAs: Anonymous
59. Content-type: multipart/alternative;
60. boundary="B_3624093405_1920503540"
61.  
62. > This message is in MIME format. Since your mail reader does not understand
63. this format, some or all of this message may not be legible.
64.  
65. --B_3624093405_1920503540
66. Content-type: text/plain;
67. charset="UTF-8"
68. Content-transfer-encoding: 7bit
69.  
70. REMOVED
71.  
72.  
73.  
74.  
75.  
76. https://goo.gl/AKBAfc
77.  
78.  
79.  
80.  
81.  
82.  
83.  
84.  
85.  
86.  
87.  
88.  
89. --B_3624093405_1920503540
90. Content-type: text/html;
91. charset="UTF-8"
92. Content-transfer-encoding: quoted-printable
93.  
94. <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof=
95. t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=
96. =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org=
97. /TR/REC-html40">
98. <head>
99. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
100. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
101. <style><!--
102. /* Font Definitions */
103. @font-face
104. {font-family:"Cambria Math";
105. panose-1:2 4 5 3 5 4 6 3 2 4;}
106. @font-face
107. {font-family:Calibri;
108. panose-1:2 15 5 2 2 2 4 3 2 4;}
109. /* Style Definitions */
110. p.MsoNormal, li.MsoNormal, div.MsoNormal
111. {margin:0cm;
112. margin-bottom:.0001pt;
113. font-size:11.0pt;
114. font-family:"Calibri","sans-serif";}
115. a:link, span.MsoHyperlink
116. {mso-style-priority:99;
117. color:#0563C1;
118. text-decoration:underline;}
119. a:visited, span.MsoHyperlinkFollowed
120. {mso-style-priority:99;
121. color:#954F72;
122. text-decoration:underline;}
123. span.EmailStyle17
124. {mso-style-type:personal-compose;
125. font-family:"Calibri","sans-serif";
126. color:windowtext;}
127. .MsoChpDefault
128. {mso-style-type:export-only;
129. font-family:"Calibri","sans-serif";}
130. @page WordSection1
131. {size:612.0pt 792.0pt;
132. margin:2.0cm 42.5pt 2.0cm 3.0cm;}
133. div.WordSection1
134. {page:WordSection1;}
135. --></style><!--[if gte mso 9]><xml>
136. <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
137. </xml><![endif]--><!--[if gte mso 9]><xml>
138. <o:shapelayout v:ext=3D"edit">
139. <o:idmap v:ext=3D"edit" data=3D"1" />
140. </o:shapelayout></xml><![endif]-->
141. </head>
142. <body link=3D"#0563C1" vlink=3D"#954F72">
143. <div class=3D"WordSection1">
144. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana">Bil=
145. l<o:p></o:p></span></p>
146. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
147. p>&nbsp;</o:p></span></p>
148. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
149. p>&nbsp;</o:p></span></p>
150. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><a =
151. href=3D"https://goo.gl/AKBAfc">https://goo.gl/AKBAfc</a><o:p></o:p></span></p>
152. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
153. p>&nbsp;</o:p></span></p>
154. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
155. p>&nbsp;</o:p></span></p>
156. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
157. p>&nbsp;</o:p></span></p>
158. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
159. p>&nbsp;</o:p></span></p>
160. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
161. p></o:p></span></p>
162. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Verdana"><o:=
163. p>&nbsp;</o:p></span></p>
164. </div>
165. </body>
166. </html>
167.  
168.  
169. --B_3624093405_1920503540--