Nate, Doing a google search on that phone number doesn't return anything useful. Doing a search on the name doesn't return anything useful. So, I'm voting SPAM.
I keep a virtualbox windows guest just for these type of things. Don't even have to have the guest connected to the internet. -- Best regards, Mark mailto:m...@mailmt.com Myakka Technologies, Inc. www.Myakka.com ------ Friday, September 18, 2020, 2:49:49 PM, you wrote: NB> I got this message to the INFO mailbox of a company we acquired a year NB> ago. Everything about it says that it's spam, but the headers look NB> legit. Although the 153.31.119.142 IP address does not exist in the NB> ARIN whois. BGP.he.net says that it's part of a /17 assigned to the NB> FBI. It has an attached PDF that I have not yet opened. (file name NB> SBP634366-WOW125412.pdf) I can't imagine this is anything other than NB> Spam/virus? Is it possible this is how the FBI Actually sends out things? NB> What's the best way to open a suspect PDF File? NB> _____________________ NB> *** CHILD EXPLOITATION *** NB> Good afternoon - please review the attached administrative NB> subpoena and proceed accordingly - thank you and have a great weekend! NB> AS Jennifer L. Isom NB> FBI Chicago NB> Violent Crimes Against Children NB> 312-829-5835 NB> --------------------------------------------- NB> Email Headers: NB> Received: from mx-east-ic.fbi.gov ([153.31.119.142]) NB> Received: from unknown (HELO HQV2-UEMBX-401.fbi.gov) ([10.93.22.26]) NB> by mx-east-ic.fbi.gov with ESMTP; 18 Sep 2020 14:21:58 -0400 NB> Received: from hqv2-uembx-402.FBI.GOV (10.90.70.12) by NB> hqv2-uembx-401.FBI.GOV NB> (10.90.70.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 18 Sep NB> 2020 14:21:57 -0400 NB> Received: from USG02-CY1-obe.outbound.protection.office365.us NB> (10.90.70.8) by NB> hqv2-uembx-402.FBI.GOV (10.90.70.12) with Microsoft SMTP Server (TLS) id NB> 15.0.1497.2 via Frontend Transport; Fri, 18 Sep 2020 14:21:57 -0400 NB> ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass NB> smtp.mailfrom=fbi.gov; dmarc=pass action=none header.from=fbi.gov; NB> dkim=pass NB> header.d=fbi.gov; arc=none NB> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; NB> d=dojfbi.onmicrosoft.com; s=selector1-dojfbi-onmicrosoft-com; NB> NB> h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; NB> bh=vBv3/mLV7bc3i7PO8fotIxOyxMy562h5qqwbW3309QI=; NB> NB> b=UqGJLZtTRQr6f1KaIJq/IjMFFc5skaGN4rQQMHgHWUAe4pw963vIjTILv/cQHH1CToFXgXUu980qar5uXnG7TKH5fVRIoVuWxu4VhWEEXZ8ePAQMkWXYdfKuR2NGS3cC3hVoxL6iHi/kXd5CKwbXopVnfiPgDuOFB84Rof0LTHk= NB> Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM NB> (2001:489a:200:404::14) NB> by CY1P110MB0567.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:404::18) with NB> Microsoft SMTP Server (version=TLS1_2, NB> cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.17; Fri, NB> 18 Sep NB> 2020 18:21:54 +0000 NB> Received: from CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM NB> ([fe80::75b8:922a:1a45:32c0]) by NB> CY1P110MB0551.NAMP110.PROD.OUTLOOK.COM NB> ([fe80::75b8:922a:1a45:32c0%10]) with mapi id 15.20.3391.017; Fri, 18 Sep NB> 2020 18:21:54 +0000 -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
