20180912_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Wed, 12 Sep 2018 22:43:55 -0500
4. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Wed, 12 Sep 2018 22:43:54 -0500
7. Received: from gate.forward.smtp.ord1d.emailsrvr.com (161.47.34.7) by
8. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Wed, 12 Sep 2018 22:43:54 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [142.0.40.83]
18. Authentication-Results: smtp28.gate.ord1d.rsapps.net; iprev=pass policy.iprev="142.0.40.83"; spf=softfail smtp.mailfrom="[email protected]" smtp.helo="support.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=support.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 3ccb9366-b707-11e8-b5aa-525400ea129b-1-1
21. Received: from [142.0.40.83] ([142.0.40.83:51515] helo=support.com)
22. by smtp28.gate.ord1d.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
24. id B6/11-04245-AFCD99B5; Wed, 12 Sep 2018 23:43:54 -0400
25. From: REMOVED <[email protected]>
26. To: REMOVED
27. Subject: =?UTF-8?B?4pyJIERFQVIg?=UPDATE YOUR MAILBOX TO AVOID TERMINATION.
28. Date: Wed, 12 Sep 2018 23:43:52 -0400
29. Message-ID: <[email protected]>
30. MIME-Version: 1.0
31. X-MS-Exchange-Organization-Network-Message-Id: 199b24b2-96ab-4ab1-30ae-08d6192b20fd
32. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1449900;0;This mail has
33. been scanned by Trend Micro ScanMail for Microsoft Exchange;
34. X-MS-Exchange-Organization-SCL: 5
35. X-MS-Exchange-Organization-AuthSource: MBX05C-ORD1.mex08.mlsrvr.com
36. X-MS-Exchange-Organization-AuthAs: Anonymous
37. Content-type: multipart/alternative;
38. boundary="B_3619932291_10748427"
39.  
40. > This message is in MIME format. Since your mail reader does not understand
41. this format, some or all of this message may not be legible.
42.  
43. --B_3619932291_10748427
44. Content-type: text/plain;
45. charset="UTF-8"
46. Content-transfer-encoding: 7bit
47.  
48. Microsoft account
49. Verify your account
50. We detected something unusual about a recent sign-in your Microsoft account For example, you might be signing in from a new location, device, or app.
51. To help keep you safe, we'll block access to your inbox, contacts list, and calendar for that sign-in. To regain access, We need to verify your identity if there's ever a problem with your account.
52. If you don't verify before the next 24 hours your account will be permanently deleted.
53. Verify Account Here
54. Thanks,
55. The Microsoft account team
56.  
57.  
58.  
59. --B_3619932291_10748427
60. Content-type: text/html;
61. charset="UTF-8"
62. Content-transfer-encoding: quoted-printable
63.  
64. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.=
65. w3.org/TR/html4/loose.dtd">
66. <html>
67. <head>
68. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
69. <meta name=3D"GENERATOR" content=3D"MSHTML 11.00.9600.19003">
70. </head>
71. <body style=3D"MARGIN: 0.5em">
72. <div style=3D"FONT-SIZE: 13px; FONT-FAMILY: 'Helvetica Neue', Helvetica, Aria=
73. l, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none;=
74. FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; ORPHANS: 2; WIDOWS=
75. : 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT=
76. : 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-te=
77. xt-stroke-width: 0px; text-decoration-style: initial; text-decoration-color:=
78. initial" dir=3D"ltr">
79. <div class=3D"ox-b815bf7aa4-gmail_quote">
80. <div dir=3D"ltr">
81. <div class=3D"ox-b815bf7aa4-gmail_quote">
82. <div dir=3D"ltr">
83. <div class=3D"ox-b815bf7aa4-gmail_quote">
84. <div dir=3D"ltr">
85. <table style=3D"BORDER-LEFT-WIDTH: 0px; FONT-SIZE: 11px; FONT-FAMILY: 'Lucida=
86. Grande', Verdana, Arial, Helvetica, sans-serif; BORDER-RIGHT-WIDTH: 0px; BO=
87. RDER-BOTTOM-WIDTH: 0px; COLOR: rgb(51,51,51); LINE-HEIGHT: normal; BORDER-TO=
88. P-WIDTH: 0px">
89. <tbody>
90. <tr>
91. <td style=3D"FONT-SIZE: 17px; FONT-FAMILY: 'Segoe UI Semibold', 'Segoe UI Bol=
92. d', 'Segoe UI', 'Helvetica Neue Medium', Arial, sans-serif; COLOR: rgb(112,1=
93. 12,112); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-R=
94. IGHT: 0px">
95. Microsoft account</td>
96. </tr>
97. <tr>
98. <td style=3D"FONT-SIZE: 41px; FONT-FAMILY: 'Segoe UI Light', 'Segoe UI', 'Hel=
99. vetica Neue Medium', Arial, sans-serif; COLOR: rgb(38,114,236); PADDING-BOTT=
100. OM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
101. Verify your account</td>
102. </tr>
103. <tr>
104. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
105. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 25px; =
106. PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
107. We detected something unusual about a recent sign-in your Microsoft account=
108. For example, you might be signing in from a new location, device, or app.</=
109. td>
110. </tr>
111. <tr>
112. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
113. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 25px; =
114. PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
115. To help keep you safe, we'll block access to your inbox, contacts list, and=
116. calendar for that sign-in. To regain access, We need to verify your identit=
117. y if there's ever a problem with your account.</td>
118. </tr>
119. <tr>
120. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
121. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 25px; =
122. PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
123. If you don't verify before the next 24 hours your account will be permanent=
124. ly deleted.</td>
125. </tr>
126. <tr>
127. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
128. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 25px; =
129. PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
130. <table style=3D"BORDER-LEFT-WIDTH: 0px; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTO=
131. M-WIDTH: 0px; LINE-HEIGHT: normal; BORDER-TOP-WIDTH: 0px" cellspacing=3D"0" bo=
132. rder=3D"0">
133. <tbody>
134. <tr>
135. <td style=3D"MIN-WIDTH: 50px; PADDING-BOTTOM: 5px; PADDING-TOP: 5px; PADDING-=
136. LEFT: 20px; PADDING-RIGHT: 20px; BACKGROUND-COLOR: rgb(38,114,236)" bgcolor=3D=
137. "#2672ec">
138. <a style=3D"TEXT-DECORATION: underline; FONT-FAMILY: 'Segoe UI Semibold', 'Se=
139. goe UI Bold', 'Segoe UI', 'Helvetica Neue Medium', Arial, sans-serif; FONT-W=
140. EIGHT: 600; COLOR: rgb(255,255,255); TEXT-ALIGN: center; LETTER-SPACING: 0.0=
141. 2em" href=3D"https://gabrielbrunelli.com.br/escola/img-count/_notes/update?ema=
142. il=3DREMOVED" rel=3D"noopener" target=3D"_blank">Verify
143. Account Here</a></td>
144. </tr>
145. </tbody>
146. </table>
147. </td>
148. </tr>
149. <tr>
150. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
151. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 25px; =
152. PADDING-LEFT: 0px; PADDING-RIGHT: 0px">
153. Thanks,</td>
154. </tr>
155. <tr>
156. <td style=3D"FONT-SIZE: 14px; FONT-FAMILY: 'Segoe UI', Tahoma, Verdana, Arial=
157. , sans-serif; COLOR: rgb(42,42,42); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; P=
158. ADDING-LEFT: 0px; PADDING-RIGHT: 0px">
159. The Microsoft account team</td>
160. </tr>
161. </tbody>
162. </table>
163. </div>
164. </div>
165. </div>
166. </div>
167. </div>
168. </div>
169. </div>
170. <p><br class=3D"Apple-interchange-newline">
171. </p>
172. </body>
173. </html>
174.  
175.  
176. --B_3619932291_10748427--