20180905_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Wed, 5 Sep 2018 23:41:56 -0500
4. Received: from MBX11D-ORD1.mex08.mlsrvr.com (172.29.8.36) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Wed, 5 Sep 2018 23:41:56 -0500
7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
8. MBX11D-ORD1.mex08.mlsrvr.com (172.29.8.36) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Wed, 5 Sep 2018 23:41:56 -0500
10. Return-Path: <iris.carabal@ono.com>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [62.42.230.179]
18. Authentication-Results: smtp36.gate.iad3b.rsapps.net; iprev=pass policy.iprev="62.42.230.179"; spf=pass smtp.mailfrom="iris.carabal@ono.com" smtp.helo="smtp2.ono.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=ono.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 2ebc1bb0-b18f-11e8-932a-5254003a7283-1-1
21. Received: from [62.42.230.179] ([62.42.230.179:49941] helo=smtp2.ono.com)
22. by smtp36.gate.iad3b.rsapps.net (envelope-from <iris.carabal@ono.com>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
24. id 75/81-07616-310B09B5; Thu, 06 Sep 2018 00:41:56 -0400
25. X-Junkmail-Premium-Raw: score=15/50,refid=2.7.2:2018.9.6.35715:17:15.447,ip=,rules=__HAS_FROM,
26. FROM_NAME_ONE_WORD, __TO_MALFORMED_2, __TO_NAME, __HAS_REPLYTO,
27. __FRAUD_WEBMAIL_REPLYTO, BLANK_SUBJECT, __HAS_MSGID, __SANE_MSGID,
28. __MIME_VERSION, __CT, __CTYPE_MULTIPART_ALT, __CTYPE_HAS_BOUNDARY,
29. __CTYPE_MULTIPART, __HAS_X_MAILER, __OUTLOOK_MUA_1, __USER_AGENT_MS_GENERIC,
30. __MIME_TEXT_P2, __MIME_TEXT_H2, __KNOWN_FREEWEB_URI2[https://goo.gl/kyNcgq
31. [goo.gl] [goo.gl]], __ANY_URI, __HTTPS_URI, __URI_WITH_PATH, GOO_GL_URI,
32. __URI_NO_MAILTO, __URI_NO_WWW, __CP_URI_IN_BODY, GOO_GL_URI_RAW,
33. __MULTIPLE_URI_TEXT, __HTML_MSWORD, __URI_IN_BODY, __URI_NOT_IMG,
34. __HTML_AHREF_TAG, __STYLE_RATWARE_NEG, __STYLE_TAG, __HAS_HTML,
35. __HTML_TAG_DIV, BODYTEXTP_SIZE_400_LESS, BODYTEXTP_SIZE_3000_LESS,
36. BODY_SIZE_3000_3999, BODYTEXTH_SIZE_10000_LESS, __MIME_TEXT_H1,
37. __MIME_TEXT_P1, __MIME_HTML, __TAG_EXISTS_HTML, __URI_NS, HTML_90_100,
38. HTML_95_100, BODY_SIZE_5000_LESS, __FRAUD_WEBMAIL, WEBMAIL_REPLYTO_NOT_FROM,
39. __OUTLOOK_MUA, FRAUD_WEBMAIL_R_NOT_F, __MIME_TEXT_P, __MIME_TEXT_H,
40. __SINGLE_URI_MPART_BOTH, SINGLE_URI_IN_BODY, KNOWN_FREEWEB_URI,
41. FORGED_MUA_OUTLOOK, REPLYTO_FROM_DIFF_ADDY, BODY_SIZE_7000_LESS,
42. URI_WITH_PATH_ONLY
43. Received: from smtp.ono.com (138.204.69.188) by smtp2.ono.com (9.0.019.09-1) (authenticated as iris.carabal@ono.com)
44. id 5AB4D1C70C5E11DA for REMOVED; Thu, 6 Sep 2018 08:35:00 +0200
45. From: ldanakos <iris.carabal@ono.com>
46. To: REMOVED
47. Reply-To: ldanakos <ldanakosv@yahoo.com>
48. Subject:
49. Date: Thu, 6 Sep 2018 04:44:15 +0000
50. Message-ID: <784626m2w1f5$ke78y82a$ntmabvg0$@ono.com>
51. MIME-Version: 1.0
52. X-Mailer: Microsoft Outlook 15.0
53. Thread-Index: YjBfNypmKGYpMGNoeWUrKDBydm4zZw==
54. Content-Language: en-us
55. X-MS-Exchange-Organization-Network-Message-Id: 130485b4-0314-409b-0253-08d613b3134f
56. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1448500;0;This mail has
57. been scanned by Trend Micro ScanMail for Microsoft Exchange;
58. X-MS-Exchange-Organization-SCL: 5
59. X-MS-Exchange-Organization-AuthSource: MBX11D-ORD1.mex08.mlsrvr.com
60. X-MS-Exchange-Organization-AuthAs: Anonymous
61. Content-type: multipart/alternative;
62. boundary="B_3619060022_1129846743"
63.  
64. > This message is in MIME format. Since your mail reader does not understand
65. this format, some or all of this message may not be legible.
66.  
67. --B_3619060022_1129846743
68. Content-type: text/plain;
69. charset="UTF-8"
70. Content-transfer-encoding: 7bit
71.  
72. Greetings Bill
73.  
74.  
75.  
76.  
77.  
78.  
79.  
80. https://goo.gl/kyNcgq
81.  
82.  
83.  
84.  
85.  
86.  
87.  
88.  
89.  
90.  
91.  
92. ldanakos
93. Ldanakos
94.  
95.  
96. --B_3619060022_1129846743
97. Content-type: text/html;
98. charset="UTF-8"
99. Content-transfer-encoding: quoted-printable
100.  
101. <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsof=
102. t-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" xmlns:m=
103. =3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http://www.w3.org=
104. /TR/REC-html40">
105. <head>
106. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
107. <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
108. <style><!--
109. /* Font Definitions */
110. @font-face
111. {font-family:"Cambria Math";
112. panose-1:2 4 5 3 5 4 6 3 2 4;}
113. @font-face
114. {font-family:Calibri;
115. panose-1:2 15 5 2 2 2 4 3 2 4;}
116. /* Style Definitions */
117. p.MsoNormal, li.MsoNormal, div.MsoNormal
118. {margin:0cm;
119. margin-bottom:.0001pt;
120. font-size:11.0pt;
121. font-family:"Calibri","sans-serif";}
122. a:link, span.MsoHyperlink
123. {mso-style-priority:99;
124. color:#0563C1;
125. text-decoration:underline;}
126. a:visited, span.MsoHyperlinkFollowed
127. {mso-style-priority:99;
128. color:#954F72;
129. text-decoration:underline;}
130. span.EmailStyle17
131. {mso-style-type:personal-compose;
132. font-family:"Calibri","sans-serif";
133. color:windowtext;}
134. .MsoChpDefault
135. {mso-style-type:export-only;
136. font-family:"Calibri","sans-serif";}
137. @page WordSection1
138. {size:612.0pt 792.0pt;
139. margin:2.0cm 42.5pt 2.0cm 3.0cm;}
140. div.WordSection1
141. {page:WordSection1;}
142. --></style><!--[if gte mso 9]><xml>
143. <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
144. </xml><![endif]--><!--[if gte mso 9]><xml>
145. <o:shapelayout v:ext=3D"edit">
146. <o:idmap v:ext=3D"edit" data=3D"1" />
147. </o:shapelayout></xml><![endif]-->
148. </head>
149. <body link=3D"#0563C1" vlink=3D"#954F72">
150. <div class=3D"WordSection1">
151. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma">Gree=
152. tings Bill<o:p></o:p></span></p>
153. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
154. >&nbsp;</o:p></span></p>
155. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
156. >&nbsp;</o:p></span></p>
157. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
158. >&nbsp;</o:p></span></p>
159. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><a h=
160. ref=3D"https://goo.gl/kyNcgq">https://goo.gl/kyNcgq</a><o:p></o:p></span></p>
161. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
162. >&nbsp;</o:p></span></p>
163. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
164. >&nbsp;</o:p></span></p>
165. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
166. >&nbsp;</o:p></span></p>
167. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
168. >&nbsp;</o:p></span></p>
169. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma"><o:p=
170. >&nbsp;</o:p></span></p>
171. <p class=3D"MsoNormal"><span style=3D"font-size:10.1pt;font-family:Tahoma">ldan=
172. akos<br>
173. Ldanakos<o:p></o:p></span></p>
174. </div>
175. </body>
176. </html>
177.  
178.  
179. --B_3619060022_1129846743--