I would call the number, at least google the number. Sent from my iPhone
> On Sep 18, 2020, at 12:51 PM, Nate Burke <n...@blastcomm.com> wrote: > > I got this message to the INFO mailbox of a company we acquired a year ago. > Everything about it says that it's spam, but the headers look legit. > Although the 153.31.119.142 IP address does not exist in the ARIN whois. > BGP.he.net says that it's part of a /17 assigned to the FBI. It has an > attached PDF that I have not yet opened. (file name SBP634366-WOW125412.pdf) > I can't imagine this is anything other than Spam/virus? Is it possible this > is how the FBI Actually sends out things? > > What's the best way to open a suspect PDF File? > > > _____________________ > > *** CHILD EXPLOITATION *** > > Good afternoon - please review the attached administrative subpoena and > proceed accordingly - thank you and have a great weekend! > > AS Jennifer L. Isom > FBI Chicago > Violent Crimes Against Children > 312-829-5835 > > > --------------------------------------------- > Email Headers: > Received: from mx-east-ic.fbi.gov ([153.31.119.142]) > Received: from unknown (HELO HQV2-UEMBX-401.fbi.gov) ([10.93.22.26]) > by mx-east-ic.fbi.gov with ESMTP; 18 Sep 2020 14:21:58 -0400 > Received: from hqv2-uembx-402.FBI.GOV (10.90.70.12) by hqv2-uembx-401.FBI.GOV > (10.90.70.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 18 Sep > 2020 14:21:57 -0400 > Received: from USG02-CY1-obe.outbound.protection.office365.us (10.90.70.8) by > hqv2-uembx-402.FBI.GOV (10.90.70.12) with Microsoft SMTP Server (TLS) id > 15.0.1497.2 via Frontend Transport; Fri, 18 Sep 2020 14:21:57 -0400 > > ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass > smtp.mailfrom=fbi.gov; dmarc=pass action=none header.from=fbi.gov; dkim=pass > header.d=fbi.gov; arc=none > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > d=dojfbi.onmicrosoft.com; s=selector1-dojfbi-onmicrosoft-com; > h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; > bh=vBv3/mLV7bc3i7PO8fotIxOyxMy562h5qqwbW3309QI=; > b=UqGJLZtTRQr6f1KaIJq/IjMFFc5skaGN4rQQMHgHWUAe4pw963vIjTILv/cQHH1CToFXgXUu980qar5uXnG7TKH5fVRIoVuWxu4VhWEEXZ8ePAQMkWXYdfKuR2NGS3cC3hVoxL6iHi/kXd5CKwbXopVnfiPgDuOFB84Rof0LTHk= > Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::14) > by CY1P110MB0567.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::18) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.17; Fri, 18 Sep > 2020 18:21:54 +0000 > Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM > ([fe80::75b8:922a:1a45:32c0]) by CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM > ([fe80::75b8:922a:1a45:32c0%10]) with mapi id 15.20.3391.017; Fri, 18 Sep > 2020 18:21:54 +0000 > > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
