20181012_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Fri, 12 Oct 2018 04:56:15 -0500
4. Received: from MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Fri, 12 Oct 2018 04:56:15 -0500
7. Received: from gate.forward.smtp.iad3a.emailsrvr.com (204.232.172.40) by
8. MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Fri, 12 Oct 2018 04:56:15 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [153.149.232.35]
18. Authentication-Results: smtp50.gate.iad3a.rsapps.net; iprev=pass policy.iprev="153.149.232.35"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mogw0734.ocn.ad.jp"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=tune.ocn.ne.jp
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 0e774824-ce05-11e8-bff1-525400c2fb51-1-1
21. Received: from [153.149.232.35] ([153.149.232.35:49343] helo=mogw0734.ocn.ad.jp)
22. by smtp50.gate.iad3a.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
24. id DF/27-17012-FBF60CB5; Fri, 12 Oct 2018 05:56:15 -0400
25. Received: from mf-smf-unw008c3 (mf-smf-unw008c3.ocn.ad.jp [153.138.219.104])
26. by mogw0734.ocn.ad.jp (Postfix) with ESMTP id 67DC91200297;
27. Fri, 12 Oct 2018 18:56:14 +0900 (JST)
28. Received: from ocn-vc-mts-202c1.ocn.ad.jp ([153.138.219.215])
29. by mf-smf-unw008c3 with ESMTP
30. id Au98gNPmXTDM2AuB4g97No; Fri, 12 Oct 2018 18:56:14 +0900
31. Received: from smtp.ocn.ne.jp ([153.149.227.135])
32. by ocn-vc-mts-202c1.ocn.ad.jp with ESMTP
33. id AuB2gZunfVBnyAuB2gF0qj; Fri, 12 Oct 2018 18:56:14 +0900
34. Message-ID: <[email protected]>
35. Received: from smtp.ocn.ne.jp (unknown [14.162.156.119])
36. by smtp.ocn.ne.jp (Postfix) with ESMTPA;
37. Fri, 12 Oct 2018 18:56:12 +0900 (JST)
38. MIME-Version: 1.0
39. To: REMOVED
40. From: Micah Bejoes <[email protected]>
41. Subject: Re:
42. Date: Fri, 12 Oct 2018 00:56:06 -0900
43. Importance: normal
44. X-Priority: 3
45. X-MS-Exchange-Organization-Network-Message-Id: 467af343-2cae-4c76-e2cd-08d63028f347
46. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1455700;0;This mail has
47. been scanned by Trend Micro ScanMail for Microsoft Exchange;
48. X-MS-Exchange-Organization-SCL: 5
49. X-MS-Exchange-Organization-AuthSource: MBX02C-ORD1.mex08.mlsrvr.com
50. X-MS-Exchange-Organization-AuthAs: Anonymous
51. Content-type: multipart/alternative;
52. boundary="B_3622201350_1607383606"
53.  
54. > This message is in MIME format. Since your mail reader does not understand
55. this format, some or all of this message may not be legible.
56.  
57. --B_3622201350_1607383606
58. Content-type: text/plain;
59. charset="UTF-8"
60. Content-transfer-encoding: 7bit
61.  
62.  
63.  
64. http://change.salonstaffingagency.com
65.  
66.  
67.  
68. Micah Bejoes
69.  
70.  
71.  
72.  
73.  
74.  
75. --B_3622201350_1607383606
76. Content-type: text/html;
77. charset="UTF-8"
78. Content-transfer-encoding: quoted-printable
79.  
80. <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schema=
81. s-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/20=
82. 04/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
83. <head>
84. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
85. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
86. <style><!--
87. /* Font Definitions */
88. @font-face
89. {font-family:"Cambria Math";
90. panose-1:2 4 5 3 5 4 6 3 2 4;}
91. @font-face
92. {font-family:Calibri;
93. panose-1:2 15 5 2 2 2 4 3 2 4;}
94. /* Style Definitions */
95. p.MsoNormal, li.MsoNormal, div.MsoNormal
96. {margin:0in;
97. margin-bottom:.0001pt;
98. font-size:11.0pt;
99. font-family:"Calibri",sans-serif;}
100. a:link, span.MsoHyperlink
101. {mso-style-priority:99;
102. color:#0563C1;
103. text-decoration:underline;}
104. a:visited, span.MsoHyperlinkFollowed
105. {mso-style-priority:99;
106. color:#954F72;
107. text-decoration:underline;}
108. span.MsoIntenseEmphasis
109. {mso-style-priority:21;
110. color:#4472C4;
111. font-style:italic;}
112. ..MsoChpDefault
113. {mso-style-type:export-only;}
114. @page WordSection1
115. {size:8.5in 11.0in;
116. margin:1.0in 1.0in 1.0in 1.0in;}
117. div.WordSection1
118. {page:WordSection1;}
119. --></style>
120. </head>
121. <body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
122. <div class=3D"WordSection1">
123. <p class=3D"MsoNormal"><span class=3D"MsoIntenseEmphasis"><span style=3D"font-fam=
124. ily:&quot;Arial&quot;,sans-serif;font-style:normal"><o:p>&nbsp;</o:p></span>=
125. </span></p>
126. <p class=3D"MsoNormal"><a href=3D"http://change.salonstaffingagency.com">http:/=
127. /change.salonstaffingagency.com</a></p>
128. <p class=3D"MsoNormal"><span class=3D"MsoIntenseEmphasis"><span style=3D"font-fam=
129. ily:&quot;Arial&quot;,sans-serif;font-style:normal"><o:p>&nbsp;</o:p></span>=
130. </span></p>
131. <p class=3D"MsoNormal">Micah Bejoes<o:p></o:p></p>
132. <p class=3D"MsoNormal"><span class=3D"MsoIntenseEmphasis"><o:p>&nbsp;</o:p></sp=
133. an></p>
134. <p class=3D"MsoNormal"><span class=3D"MsoIntenseEmphasis"><o:p>&nbsp;</o:p></sp=
135. an></p>
136. </div>
137. </body>
138. </html>
139.  
140.  
141. --B_3622201350_1607383606--