20180214_PHISHING

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1293.2 via Mailbox Transport; Wed, 14 Feb 2018 15:40:51 -0600
4. Received: from MBX09C-ORD1.mex08.mlsrvr.com (172.29.9.34) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1293.2; Wed, 14 Feb 2018 15:40:50 -0600
7. Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by
8. MBX09C-ORD1.mex08.mlsrvr.com (172.29.9.34) with Microsoft SMTP Server (TLS)
9. id 15.0.1293.2 via Frontend Transport; Wed, 14 Feb 2018 15:40:50 -0600
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. Authentication-Results: smtp21.gate.ord1c.rsapps.net x-tls.subject="/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=*.smtp.rzone.de"; auth=pass (cipher=DHE-RSA-AES256-GCM-SHA384)
16. X-Virus-Scanned: OK
17. X-Orig-To: REMOVED
18. X-Originating-Ip: [81.169.146.216]
19. Authentication-Results: smtp21.gate.ord1c.rsapps.net; iprev=pass policy.iprev="81.169.146.216"; spf=neutral smtp.mailfrom="[email protected]" smtp.helo="mo4-p00-ob.smtp.rzone.de"; dkim=pass header.d=rottweiler-vom-koenigsforst.de; dmarc=none (p=nil; dis=none) header.from=rottweiler-vom-koenigsforst.de
20. X-Classification-ID: b890dd40-11cf-11e8-93b1-a0369f0d8808-1-1
21. Received: from [81.169.146.216] ([81.169.146.216:29743] helo=mo4-p00-ob.smtp.rzone.de)
22. by smtp21.gate.ord1c.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384
24. subject="/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=*.smtp.rzone.de")
25. id DE/ED-21035-1ECA48A5; Wed, 14 Feb 2018 16:40:50 -0500
26. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1518644448;
27. s=strato-dkim-0002; d=rottweiler-vom-koenigsforst.de;
28. h=Content-Type:Message-Id:Date:Subject:To:From:X-RZG-CLASS-ID:
29. X-RZG-AUTH;
30. bh=sWn5chEEJI9y/6MN6Bdi5ESkTOqg9khM38m/BUYPW0o=;
31. b=k6hSd7ota5NtBBrJNIvr5plVUTiGUwPt5Gi3/W4DgWxmec9NMGlVelHPeq+NRzdAyR
32. lOHnbqG+7W3Nt08KzSj7BxvoeEEvJ0Ej0DLYcEcIQmoyPsUcD2gaSVNKCJnK6oTxshac
33. wSFk67Eg9QJX+NB61J5fVvTR73xGPR5RzrkNdAieU+USho3PiPzeOVmUsLA6UqODqfR5
34. Im7bx+vINbJqGLEBi0Rm6th1lJ6pInRtxPaCsMy9kv3IzgMaQwE214X2zVxYEtD1uMXT
35. WAIMl63GoLRKJ2nL/xH4dDzV7PpYMnKaqhpYZfXEFhgnL/Ivym//0Uva4jv+jBwQLfj6
36. eBYg==
37. X-RZG-AUTH: :O2kGeEG7b/pS1F+2X2ukjCeAVHRYtUtcbu1uIKhDOnKCazBR9oh9pxdcdJJ8uMg2MlQY0vD7rYjUxUYvFfg4S9qz5AdtqxlvQXM0VeCgGBmfwPs1DRg9vpt80Q==
38. X-RZG-CLASS-ID: mo00
39. Received: from smtp.strato.de ([2402:3a80:992:fb5c:0:4e:49db:f701])
40. by smtp.strato.de (RZmta 42.18 AUTH)
41. with ESMTPSA id w08affu1ELeiSKR
42. (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA))
43. (Client did not present a certificate)
44. for <REMOVED>;
45. Wed, 14 Feb 2018 22:40:44 +0100 (CET)
46. From: cathy charles <[email protected]>
47. To: REMOVED
48. Subject:
49. Date: Wed, 14 Feb 2018 21:40:21 +0000
50. Message-ID: <84791f78f062$06988e36$4d8bf2d6$@rottweiler-vom-koenigsforst.deIris-PC>
51. MIME-Version: 1.0
52. X-Mailer: Microsoft Outlook 15.0
53. Thread-Index: UUN0R1JUV3cyZkEyQmxwbjV3OU5jVQ==
54. Content-Language: en-us
55. X-MS-Exchange-Organization-Network-Message-Id: 1fd3492c-9050-4aea-3b61-08d573f39e08
56. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1396500;0;This mail has
57. been scanned by Trend Micro ScanMail for Microsoft Exchange;
58. X-MS-Exchange-Organization-SCL: 5
59. X-MS-Exchange-Organization-AuthSource: MBX09C-ORD1.mex08.mlsrvr.com
60. X-MS-Exchange-Organization-AuthAs: Anonymous
61. Content-type: multipart/alternative;
62. boundary="B_3601480426_947913999"
63.  
64. > This message is in MIME format. Since your mail reader does not understand
65. this format, some or all of this message may not be legible.
66.  
67. --B_3601480426_947913999
68. Content-type: text/plain;
69. charset="UTF-8"
70. Content-transfer-encoding: 7bit
71.  
72. sup
73.  
74.  
75.  
76.  
77.  
78.  
79.  
80. https://goo.gl/6gafK4
81.  
82.  
83.  
84.  
85.  
86.  
87.  
88.  
89. cathy
90.  
91.  
92.  
93. --B_3601480426_947913999
94. Content-type: text/html;
95. charset="UTF-8"
96. Content-transfer-encoding: quoted-printable
97.  
98. <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof=
99. t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=
100. =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org=
101. /TR/REC-html40">
102. <head>
103. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
104. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
105. <style><!--
106. /* Font Definitions */
107. @font-face
108. {font-family:"Cambria Math";
109. panose-1:2 4 5 3 5 4 6 3 2 4;}
110. @font-face
111. {font-family:Calibri;
112. panose-1:2 15 5 2 2 2 4 3 2 4;}
113. /* Style Definitions */
114. p.MsoNormal, li.MsoNormal, div.MsoNormal
115. {margin:0cm;
116. margin-bottom:.0001pt;
117. font-size:11.0pt;
118. font-family:"Calibri","sans-serif";}
119. a:link, span.MsoHyperlink
120. {mso-style-priority:99;
121. color:#0563C1;
122. text-decoration:underline;}
123. a:visited, span.MsoHyperlinkFollowed
124. {mso-style-priority:99;
125. color:#954F72;
126. text-decoration:underline;}
127. span.EmailStyle17
128. {mso-style-type:personal-compose;
129. font-family:"Calibri","sans-serif";
130. color:windowtext;}
131. .MsoChpDefault
132. {mso-style-type:export-only;
133. font-family:"Calibri","sans-serif";}
134. @page WordSection1
135. {size:612.0pt 792.0pt;
136. margin:2.0cm 42.5pt 2.0cm 3.0cm;}
137. div.WordSection1
138. {page:WordSection1;}
139. --></style><!--[if gte mso 9]><xml>
140. <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
141. </xml><![endif]--><!--[if gte mso 9]><xml>
142. <o:shapelayout v:ext=3D"edit">
143. <o:idmap v:ext=3D"edit" data=3D"1" />
144. </o:shapelayout></xml><![endif]-->
145. </head>
146. <body link=3D"#0563C1" vlink=3D"#954F72">
147. <div class=3D"WordSection1">
148. <p class=3D"MsoNormal"><span style=3D"font-size:10.4pt;font-family:Verdana">sup=
149. </p>
150. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Tahoma"><o:p=
151. >&nbsp;</o:p></span></p>
152. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Tahoma"><o:p=
153. >&nbsp;</o:p></span></p>
154. <p class=3D"MsoNormal"><span style=3D"font-size:10.2pt;font-family:Tahoma"><o:p=
155. >&nbsp;</o:p></span></p>
156. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Tahoma"><a h=
157. ref=3D"https://goo.gl/6gafK4">https://goo.gl/6gafK4</a><o:p></o:p></span></p>
158. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Verdana"><o:=
159. p>&nbsp;</o:p></span></p>
160. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Verdana"><o:=
161. p>&nbsp;</o:p></span></p>
162. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Verdana"><o:=
163. p>&nbsp;</o:p></span></p>
164. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Verdana"><o:=
165. p>&nbsp;</o:p></span></p>
166. cathy<o:p></o:p></span>
167. <p></p>
168. <p class=3D"MsoNormal"><span style=3D"font-size:10.3pt;font-family:Tahoma"><o:p=
169. ></o:p></span></p>
170. </div>
171. </body>
172. </html>
173.  
174.  
175. --B_3601480426_947913999--