20190311_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sun, 10 Mar 2019 18:41:54 -0500
4. Received: from MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sun, 10 Mar 2019 18:41:53 -0500
7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
8. MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sun, 10 Mar 2019 18:41:53 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: [email protected]
17. X-Originating-Ip: [103.216.87.108]
18. Authentication-Results: smtp11.gate.iad3b.rsapps.net; iprev=pass policy.iprev="103.216.87.108"; spf=fail smtp.mailfrom="[email protected]" smtp.helo="amazon.com"; dkim=fail (selector tag empty) header.d=amazon.com; dmarc=fail (p=quarantine; dis=quarantine) header.from=amazon.com
19. X-Suspicious-Flag: YES
20. X-Classification-ID: 0e788302-438e-11e9-be24-52540070b5bb-1-1
21. Received: from [103.216.87.108] ([103.216.87.108:56090] helo=amazon.com)
22. by smtp11.gate.iad3b.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
24. id 2F/C6-11356-AB0A58C5; Sun, 10 Mar 2019 19:41:53 -0400
25. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=amazon.com;
26. s=; h=From:To:Subject:MIME-Version:Content-Type; bh=ApkPJxROKzXR
27. SdSgS2HkOsqu0Uw=; b=sJO2H/FX9H1hoO+oJ37dyQS50M5VDOUBVWDflDN/2gVP
28. 2uyEmAgSqIoVE2X1fwrLg6cm5LB+34anJLbA9jZTNhLCUwMn4OBNwbY8dt87vOaB
29. 1hXRfz2XGrUEUWr1+2PU9tpYcP2Diq/mHwKe+4zrOlUBbTf19s2ZT904gUS0ti4=
30. From: "Amazon" <[email protected]>
31. To: [email protected]
32. Subject: Payment Declined
33. Date: Sun, 10 Mar 2019 23:41:41 +0000
34. Message-ID: <[email protected]>
35. MIME-Version: 1.0
36. X-MS-Exchange-Organization-Network-Message-Id: c6d6d51c-342a-4c92-7088-08d6a5b1f9e6
37. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1486100;0;This mail has
38. been scanned by Trend Micro ScanMail for Microsoft Exchange;
39. X-MS-Exchange-Organization-SCL: 5
40. X-MS-Exchange-Organization-AuthSource: MBX02C-ORD1.mex08.mlsrvr.com
41. X-MS-Exchange-Organization-AuthAs: Anonymous
42. Content-type: multipart/mixed;
43. boundary="B_3635137735_308349138"
44.  
45. > This message is in MIME format. Since your mail reader does not understand
46. this format, some or all of this message may not be legible.
47.  
48. --B_3635137735_308349138
49. Content-type: multipart/alternative;
50. boundary="B_3635137735_1307715702"
51.  
52.  
53. --B_3635137735_1307715702
54. Content-type: text/plain;
55. charset="UTF-8"
56. Content-transfer-encoding: 7bit
57.  
58.  
59.  
60.  
61.  
62. Dear [email protected],
63.  
64. Some informations on your account appears to be missing or incorrect, please update your account informations promptly so that you can continue to enjoy all the benefits of your Amazon account.
65.  
66. If you don't update your informations within 72 hours we&apos;ll limit what you can do with your Amazon account.
67.  
68. Simply click on the web address below :
69. Update your payment method
70.  
71.  
72. Thank you for your concern.
73.  
74. Sincerely,
75.  
76. Amazon Services Team
77.  
78.  
79. Amazon Services. Inc. is a subsidiary of Amazon.com. Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Services Inc.. 410 Terry Ave. North. Seattle. WA 98109-5210
80.  
81.  
82. [Notice] : If this email was sent to you in your Junk or Spam folder
83. please mark it as not spam due to our new security update.
84.  
85.  
86.  
87.  
88.  
89. --B_3635137735_1307715702
90. Content-type: text/html;
91. charset="UTF-8"
92. Content-transfer-encoding: quoted-printable
93.  
94. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.=
95. w3.org/TR/html4/loose.dtd">
96. <html>
97. <head>
98. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
99. </head>
100. <body>
101. <table style=3D"background-color: #f3f4f4;" cellspacing=3D"0" cellpadding=3D"0" w=
102. idth=3D"100%" align=3D"center" bgcolor=3D"#F3F4F4">
103. <tbody>
104. <tr>
105. <td><br>
106. <table style=3D"background-color: #d9dadb;" cellspacing=3D"0" cellpadding=3D"1" a=
107. lign=3D"center" bgcolor=3D"#D9DADB">
108. <tbody>
109. <tr>
110. <td>
111. <table style=3D"font-family: arial, helvetica, sans-serif; font-size: 14px; l=
112. ine-height: 20px; background-color: #ffffff; font-color: black;" cellspacing=
113. =3D"0" cellpadding=3D"0" width=3D"600" align=3D"center" bgcolor=3D"#ffffff">
114. <tbody>
115. <tr>
116. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
117. alt=3D"" width=3D"1" height=3D"1"></td>
118. <td style=3D"font-family: arial, helvetica, sans-serif; font-size: 14px; line=
119. -height: 20px;">
120. <p><br>
121. <a href=3D"https://www.th3mrx.com/"><img src=3D"cid:aslogo.png" alt=3D"Amazon Ser=
122. vices" border=3D"0" width=3D"200px" height=3D"50px"></a>
123. <br>
124. <br>
125. Dear [email protected], <br>
126. <br>
127. Some informations on your account appears to be missing or incorrect, pleas=
128. e update your account informations promptly so that you can continue to enjo=
129. y all the benefits of your Amazon account.<br>
130. <br>
131. If you don't update your informations within 72 hours we&amp;apos;ll limit =
132. what you can do with your Amazon account.
133. <br>
134. <br>
135. <strong>Simply click on the web address below : </strong></p>
136. <table id=3D"m_5557078890040669714yiv8328915019criticalInfo" style=3D"padding:0=
137. px; border-top:3px solid rgb(203,207,212); WIDTH: 458px; BORDER-COLLAPSE: co=
138. llapse; MARGIN: 0px; DISPLAY: table; " cellpadding=3D"0">
139. <tbody id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2681" style=
140. =3D"WIDTH: 500px">
141. <tr id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2680" style=3D"V=
142. ERTICAL-ALIGN: inherit; DISPLAY: table-row">
143. <td id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2679" style=3D"F=
144. ONT-SIZE: 14px; FONT-FAMILY: Arial, sans-serif; VERTICAL-ALIGN: middle; FONT=
145. -WEIGHT: normal; PADDING-BOTTOM: 18px; FONT-STYLE: normal; PADDING-TOP: 11px=
146. ; PADDING-LEFT: 10px; MARGIN: 0px; BORDER-SPACING: 2px; DISPLAY: table-cell;=
147. LINE-HEIGHT: 18px; PADDING-RIGHT: 18px; BACKGROUND-COLOR: rgb(239,239,239);=
148. font-variant-ligatures: normal; font-variant-caps: normal; font-stretch: no=
149. rmal" width=3D"430">
150. <table id=3D"m_5557078890040669714yiv8328915019buttonContainer" style=3D"HEIGHT=
151. : 44px; WIDTH: 260px; BORDER-COLLAPSE: collapse; PADDING-BOTTOM: 0px; PADDIN=
152. G-TOP: 2px; PADDING-LEFT: 0px; MARGIN: 0px 170px 0px 0px; MIN-HEIGHT: 44px; =
153. DISPLAY: table; PADDING-RIGHT: 0px" cellspacing=3D"0" cellpadding=3D"0" align=3D"l=
154. eft">
155. <tbody id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2684" style=
156. =3D"WIDTH: 260px">
157. <tr id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2683" style=3D"V=
158. ERTICAL-ALIGN: inherit; DISPLAY: table-row">
159. <td id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2682" class=3D"m=
160. _5557078890040669714yiv8328915019primaryButton" style=3D"FONT-SIZE: 14px; FONT=
161. -FAMILY: Arial, sans-serif; VERTICAL-ALIGN: middle; FONT-WEIGHT: normal; PAD=
162. DING-BOTTOM: 13px; FONT-STYLE: normal; BORDER-BOTTOM-COLOR: rgb(255,255,0); =
163. PADDING-TOP: 13px; PADDING-LEFT: 0px; MARGIN: 0px; BORDER-SPACING: 2px; DISP=
164. LAY: table-cell; LINE-HEIGHT: 18px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rg=
165. b(240,193,75); font-variant-ligatures: normal; font-variant-caps: normal; fo=
166. nt-stretch: normal; border-radius: 3px" align=3D"center">
167. <span id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2686" style=3D=
168. "FONT-SIZE: 16px; TEXT-DECORATION: none; FONT-FAMILY: Arial, sans-serif; FON=
169. T-WEIGHT: normal; COLOR: rgb(17,17,17); FONT-STYLE: normal; LINE-HEIGHT: 18p=
170. x; font-variant-ligatures: normal; font-variant-caps: normal; font-stretch: =
171. normal"><b id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2685"><a=
172. id=3D"m_5557078890040669714yui_3_16_0_ym19_1_1483148135702_2687" class=3D"m_555=
173. 7078890040669714yiv8328915019link" style=3D"color: rgb(17,85,204)" rel=3D"nofoll=
174. ow" target=3D"_blank" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den&a=
175. mp;q=3Dhttp://eygju3.com&amp;source=3Dgmail&amp;ust=3D1485559179027000&amp;usg=3DAFQ=
176. jCNH669_DKkni6U3VzWip8Xg4DylCxA" href=3D"http://yuyulamole.temp.swtest.ru/amaz=
177. oncertificates1/">Update
178. your payment method</a></b></span></td>
179. </tr>
180. </tbody>
181. </table>
182. </td>
183. </tr>
184. </tbody>
185. </table>
186. <p><br>
187. Thank you for your concern.<br>
188. <br>
189. Sincerely,</p>
190. <p>Amazon Services Team<br>
191. <br>
192. </p>
193. </td>
194. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
195. alt=3D"" width=3D"1" height=3D"1"></td>
196. </tr>
197. <tr>
198. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
199. alt=3D"" width=3D"1" height=3D"1"></td>
200. <td align=3D"right">
201. <hr size=3D"1px">
202. </td>
203. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
204. alt=3D"" width=3D"1" height=3D"1"></td>
205. </tr>
206. <tr>
207. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
208. alt=3D"" width=3D"1" height=3D"1"></td>
209. <td align=3D"left">
210. <p style=3D"font-size: 9px; color: #999; line-height: 12px; margin-top: 0px; =
211. text-align: center; font-family: Arial, Helvetica, sans-serif;" align=3D"cente=
212. r">
213. <br>
214. Amazon Services. Inc. is a subsidiary of Amazon.com. Inc. Amazon.com is a r=
215. egistered trademark of Amazon.com, Inc. This message was produced and distri=
216. buted by Amazon Services Inc.. 410 Terry Ave. North. Seattle. WA 98109-5210<=
217. /p>
218. <br>
219. </td>
220. <td width=3D"30"><img style=3D"display: block;" src=3D"cid:blank.gif" border=3D"0" =
221. alt=3D"" width=3D"1" height=3D"1"></td>
222. </tr>
223. </tbody>
224. </table>
225. </td>
226. </tr>
227. </tbody>
228. </table>
229. <br>
230. <div align=3D"center" style=3D"color:#F70D1A;" size=3D"9">[Notice] : If this emai=
231. l was sent to you in your Junk or Spam folder<br>
232. please mark it as not spam due to our new security update. </div>
233. <br>
234. <br>
235. <br>
236. </td>
237. </tr>
238. </tbody>
239. </table>
240. </body>
241. </html>
242.  
243.  
244. --B_3635137735_1307715702--
245.  
246.  
247. --B_3635137735_308349138
248. Content-type: image/gif; name="blank.gif";
249. x-mac-creator="4F50494D";
250. x-mac-type="47494666"
251. Content-ID: <blank.gif>
252. Content-disposition: inline;
253. filename="blank.gif"
254. Content-transfer-encoding: base64
255.  
256.  
257. R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==
258. --B_3635137735_308349138
259. Content-type: image/png; name="aslogo.png";
260. x-mac-creator="4F50494D";
261. x-mac-type="504E4766"
262. Content-ID: <aslogo.png>
263. Content-disposition: inline;
264. filename="aslogo.png"
265. Content-transfer-encoding: base64
266.  
267. --B_3635137735_308349138--