20181020_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sat, 20 Oct 2018 10:58:06 -0500
4. Received: from MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sat, 20 Oct 2018 10:58:06 -0500
7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
8. MBX03C-ORD1.mex08.mlsrvr.com (172.29.9.17) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sat, 20 Oct 2018 10:58:06 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [153.149.227.11]
18. Authentication-Results: smtp15.gate.iad3b.rsapps.net; iprev=pass policy.iprev="153.149.227.11"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mogw0905.ocn.ad.jp"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=forest.ocn.ne.jp
19. X-Suspicious-Flag: NO
20. X-Classification-ID: ee11cb36-d480-11e8-a418-5254003d6d3a-1-1
21. Received: from [153.149.227.11] ([153.149.227.11:42652] helo=mogw0905.ocn.ad.jp)
22. by smtp15.gate.iad3b.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
24. id 45/4C-00347-D805BCB5; Sat, 20 Oct 2018 11:58:05 -0400
25. Received: from mf-smf-unw006c2 (mf-smf-unw006c2.ocn.ad.jp [153.138.219.97])
26. by mogw0905.ocn.ad.jp (Postfix) with ESMTP id 81DEE10002EB;
27. Sun, 21 Oct 2018 00:58:04 +0900 (JST)
28. Received: from ocn-vc-mts-201c1.ocn.ad.jp ([153.138.219.212])
29. by mf-smf-unw006c2 with ESMTP
30. id Dtbngx0tHqvUbDtdcgqOXx; Sun, 21 Oct 2018 00:58:04 +0900
31. Received: from smtp.ocn.ne.jp ([153.149.227.133])
32. by ocn-vc-mts-201c1.ocn.ad.jp with ESMTP
33. id DtdZgWfLw63EtDtdZgGO8w; Sun, 21 Oct 2018 00:58:04 +0900
34. Message-ID: <[email protected]>
35. Received: from smtp.ocn.ne.jp (unknown [123.21.198.148])
36. by smtp.ocn.ne.jp (Postfix) with ESMTPA;
37. Sun, 21 Oct 2018 00:58:01 +0900 (JST)
38. MIME-Version: 1.0
39. To: REMOVED
40. From: K Williams <[email protected]>
41. Subject: Re:
42. Date: Sat, 20 Oct 2018 10:57:54 -0500
43. Importance: normal
44. X-Priority: 3
45. X-MS-Exchange-Organization-Network-Message-Id: 92a9af01-ae2e-4401-fd71-08d636a4d311
46. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1457500;0;This mail has
47. been scanned by Trend Micro ScanMail for Microsoft Exchange;
48. X-MS-Exchange-Organization-SCL: 5
49. X-MS-Exchange-Organization-AuthSource: MBX03C-ORD1.mex08.mlsrvr.com
50. X-MS-Exchange-Organization-AuthAs: Anonymous
51. Content-type: multipart/alternative;
52. boundary="B_3622871330_531326122"
53.  
54. > This message is in MIME format. Since your mail reader does not understand
55. this format, some or all of this message may not be legible.
56.  
57. --B_3622871330_531326122
58. Content-type: text/plain;
59. charset="UTF-8"
60. Content-transfer-encoding: 7bit
61.  
62. http://thrive.joeldeutser.net
63.  
64.  
65.  
66.  
67.  
68. K Williams
69.  
70.  
71. --B_3622871330_531326122
72. Content-type: text/html;
73. charset="UTF-8"
74. Content-transfer-encoding: quoted-printable
75.  
76. <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:schema=
77. s-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/office/20=
78. 04/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
79. <head>
80. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
81. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
82. <style><!--
83. /* Font Definitions */
84. @font-face
85. {font-family:"Cambria Math";
86. panose-1:2 4 5 3 5 4 6 3 2 4;}
87. @font-face
88. {font-family:Calibri;
89. panose-1:2 15 5 2 2 2 4 3 2 4;}
90. /* Style Definitions */
91. p.MsoNormal, li.MsoNormal, div.MsoNormal
92. {margin:0in;
93. margin-bottom:.0001pt;
94. font-size:11.0pt;
95. font-family:"Calibri",sans-serif;}
96. p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
97. {mso-style-priority:11;
98. mso-style-link:"Subtitle Char";
99. margin-top:0in;
100. margin-right:0in;
101. margin-bottom:8.0pt;
102. margin-left:0in;
103. font-size:11.0pt;
104. font-family:"Calibri",sans-serif;
105. color:#5A5A5A;
106. letter-spacing:.75pt;}
107. a:link, span.MsoHyperlink
108. {mso-style-priority:99;
109. color:#0563C1;
110. text-decoration:underline;}
111. a:visited, span.MsoHyperlinkFollowed
112. {mso-style-priority:99;
113. color:#954F72;
114. text-decoration:underline;}
115. span.SubtitleChar
116. {mso-style-name:"Subtitle Char";
117. mso-style-priority:11;
118. mso-style-link:Subtitle;
119. color:#5A5A5A;
120. letter-spacing:.75pt;}
121. ..MsoChpDefault
122. {mso-style-type:export-only;}
123. @page WordSection1
124. {size:8.5in 11.0in;
125. margin:1.0in 1.0in 1.0in 1.0in;}
126. div.WordSection1
127. {page:WordSection1;}
128. --></style>
129. </head>
130. <body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
131. <div class=3D"WordSection1">
132. <p class=3D"MsoSubtitle" style=3D"margin-bottom:0in;margin-bottom:.0001pt"><a h=
133. ref=3D"http://thrive.joeldeutser.net"><span style=3D"letter-spacing:0pt">http://=
134. thrive.joeldeutser.net</span></a></p>
135. <p class=3D"MsoSubtitle" style=3D"margin-bottom:0in;margin-bottom:.0001pt"><spa=
136. n style=3D"color:black"><o:p>&nbsp;</o:p></span></p>
137. <p class=3D"MsoSubtitle" style=3D"margin-bottom:0in;margin-bottom:.0001pt"><spa=
138. n style=3D"color:black"><o:p>&nbsp;</o:p></span></p>
139. <p class=3D"MsoNormal">K Williams<o:p></o:p></p>
140. </div>
141. </body>
142. </html>
143.  
144.  
145. --B_3622871330_531326122--