20190115_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Tue, 15 Jan 2019 11:01:37 -0600
4. Received: from MBX08C-ORD1.mex08.mlsrvr.com (172.29.9.32) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Tue, 15 Jan 2019 11:01:37 -0600
7. Received: from gate.forward.smtp.iad3a.emailsrvr.com (204.232.172.40) by
8. MBX08C-ORD1.mex08.mlsrvr.com (172.29.9.32) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Tue, 15 Jan 2019 11:01:37 -0600
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To:
17. X-Originating-Ip: [173.203.187.107]
18. Authentication-Results: smtp39.gate.iad3a.rsapps.net; iprev=pass policy.iprev="173.203.187.107"; spf=neutral smtp.mailfrom="[email protected]" smtp.helo="smtp107.iad3a.emailsrvr.com"; dkim=none (message not signed) header.d=none; dmarc=fail (p=none; dis=none) header.from=chainstore.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 38684bba-18e7-11e9-bbcc-525400eea4e4-1-1
21. Received: from [173.203.187.107] ([173.203.187.107:42101] helo=smtp107.iad3a.emailsrvr.com)
22. by smtp39.gate.iad3a.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
24. id E6/C7-24397-1F11E3C5; Tue, 15 Jan 2019 12:01:37 -0500
25. Received: from smtp38.relay.iad3a.emailsrvr.com (localhost [127.0.0.1])
26. by smtp38.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 12B505C1F;
27. Tue, 15 Jan 2019 12:01:37 -0500 (EST)
28. Received: from app20.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140])
29. by smtp38.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 904145C2E;
30. Tue, 15 Jan 2019 12:01:36 -0500 (EST)
31. X-Sender-Id: [email protected]
32. Received: from app20.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140])
33. by 0.0.0.0:25 (trex/5.7.12);
34. Tue, 15 Jan 2019 12:01:37 -0500
35. Received: from chainstore.com (localhost.localdomain [127.0.0.1])
36. by app20.wa-webapps.iad3a (Postfix) with ESMTP id 5497D20635;
37. Tue, 15 Jan 2019 12:01:36 -0500 (EST)
38. Received: by webmail.emailsrvr.com
39. (Authenticated sender: [email protected], from: [email protected])
40. with HTTP; Tue, 15 Jan 2019 12:01:36 -0500 (EST)
41. X-Auth-ID: [email protected]
42. Date: Tue, 15 Jan 2019 12:01:36 -0500
43. Subject: Voice message From IRS Service Number 1800-829-1040.
44. From: IRS VOICE +1-800-829-1040 <[email protected]>
45. MIME-Version: 1.0
46. Importance: Normal
47. X-Priority: 3 (Normal)
48. X-Type: html
49. Message-ID: <[email protected]>
50. X-Mailer: webmail/15.4.8-RC
51. To: undisclosed-recipients:;
52. X-MS-Exchange-Organization-Network-Message-Id: 23a5932e-7298-4439-ac4a-08d67b0b1cbc
53. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1475100;0;This mail has
54. been scanned by Trend Micro ScanMail for Microsoft Exchange;
55. X-MS-Exchange-Organization-SCL: 5
56. X-MS-Exchange-Organization-AuthSource: MBX08C-ORD1.mex08.mlsrvr.com
57. X-MS-Exchange-Organization-AuthAs: Anonymous
58. Content-type: multipart/alternative;
59. boundary="B_3630388220_710664903"
60.  
61. > This message is in MIME format. Since your mail reader does not understand
62. this format, some or all of this message may not be legible.
63.  
64. --B_3630388220_710664903
65. Content-type: text/plain;
66. charset="UTF-8"
67. Content-transfer-encoding: 7bit
68.  
69. Attn:
70.  
71. Missed a voice message from IRS.GOV 1-800-829-1040.
72.  
73. Mailbox: 105
74.  
75. Length: 0:25
76.  
77.  
78. VoiceMessage.wav
79.  
80.  
81. Thanks and Regards,
82. Office (C) 2019 Secured Service.
83.  
84.  
85.  
86. --B_3630388220_710664903
87. Content-type: text/html;
88. charset="UTF-8"
89. Content-transfer-encoding: quoted-printable
90.  
91. <html>
92. <head>
93. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
94. </head>
95. <body>
96. <font face=3D"times new roman" size=3D"2">
97. <div>
98. <p style=3D"margin:0;padding:0;margin: 0; padding: 0; font-family: times new =
99. roman; font-size: 10pt; overflow-wrap: break-word;">
100. Attn: <br>
101. <br>
102. Missed a voice message from <a href=3D"http://IRS.GOV" target=3D"_blank" data-s=
103. aferedirecturl=3D"https://www.google.com/url?q=3Dhttp://IRS.GOV&amp;source=3Dgmail=
104. &amp;ust=3D1547562508346000&amp;usg=3DAFQjCNHvCVbKb3os3kSGSepmGj6Q6o3Kvw">
105. IRS.GOV</a> 1-800-829-1040.<br>
106. <br>
107. Mailbox: 105<br>
108. <br>
109. Length: 0:25<br>
110. &nbsp;</p>
111. <table border=3D"0" cellspacing=3D"0" width=3D"109">
112. <tbody>
113. <tr>
114. <td style=3D"text-decoration: none; white-space: normal; min-width: 50px; pad=
115. ding: 5px 20px;" bgcolor=3D"#000080">
116. <a rel=3D"noopener noreferrer" href=3D"http://www.x.co/emai3srvr" target=3D"_blan=
117. k" data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttp://www.x.co/e3ails=
118. r3&amp;source=3Dgmail&amp;ust=3D1547562508346000&amp;usg=3DAFQjCNFFm9I1qlHOBnR9PA4=
119. nsPu-Zm1gLg"><span><span style=3D"color: white; font-size: small;"><span style=
120. =3D"text-decoration: none; font-family: 'Segoe UI',serif,'EmojiFont'; font-wei=
121. ght: bold;">VoiceMessage.wav</span></span></span></a></td>
122. </tr>
123. </tbody>
124. </table>
125. <p style=3D"margin:0;padding:0;margin: 0; padding: 0; font-family: times new =
126. roman; font-size: 10pt; overflow-wrap: break-word;">
127. <br>
128. Thanks and Regards,<br>
129. Office (C) 2019 Secured Service.</p>
130. </div>
131. <p style=3D"margin:0;padding:0;font-family: times new roman; font-size: 10pt;=
132. overflow-wrap: break-word;">
133. <span style=3D"font-family: times new roman; font-size: small;"><!--WM_COMPOS=
134. E_SIGNATURE_END--></span></p>
135. </font>
136. </body>
137. </html>
138.  
139.  
140. --B_3630388220_710664903--