SHARE
TWEET

phishing

benkow_ Sep 6th, 2017 3,721 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Received: from HE1EUR01HT164.eop-EUR01.prod.protection.outlook.com
  2.  (10.173.77.23) by VI1P195MB0221.EURP195.PROD.OUTLOOK.COM with HTTPS via
  3.  VI1PR0701CA0037.EURPRD07.PROD.OUTLOOK.COM; Sun, 21 May 2017 22:14:19 +0000
  4. Received: from HE1EUR01FT061.eop-EUR01.prod.protection.outlook.com
  5.  (10.152.0.53) by HE1EUR01HT164.eop-EUR01.prod.protection.outlook.com
  6.  (10.152.1.120) with Microsoft SMTP Server (version=TLS1_2,
  7.  cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1075.5; Sun, 21
  8.  May 2017 22:14:18 +0000
  9. Authentication-Results: spf=softfail (sender IP is 52.215.90.148)
  10.  smtp.mailfrom=update.com; outlook.fr; dkim=none (message not signed)
  11.  header.d=none;outlook.fr; dmarc=none action=none header.from=update.com;
  12. Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
  13.  update.com discourages use of 52.215.90.148 as permitted sender)
  14. Received: from COL004-MC5F31.hotmail.com (10.152.0.55) by
  15.  HE1EUR01FT061.mail.protection.outlook.com (10.152.1.6) with Microsoft SMTP
  16.  Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
  17.  15.1.1075.5 via Frontend Transport; Sun, 21 May 2017 22:14:16 +0000
  18. X-IncomingTopHeaderMarker: OriginalChecksum:8D0EBA014D51BA7EF3D72958E261930C8B7D83AFC5FE4335B0149094666CC3BA;UpperCasedChecksum:B1AA160E27A71780694F90323E646D1ECA1D5CFC609F6A9C0A00B42BEC66812A;SizeAsReceived:1259;Count:16
  19. Received: from ip-10-0-0-159 ([52.215.90.148]) by COL004-MC5F31.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
  20.      Sun, 21 May 2017 15:14:14 -0700
  21. Received: from ip-10-0-0-159 (localhost [127.0.0.1])
  22.     by ip-10-0-0-159 (8.14.4/8.14.4) with ESMTP id v4LMEDhD026306
  23.     for <RETRACTED>; Sun, 21 May 2017 22:14:13 GMT
  24. Received: (from webapp@localhost)
  25.     by ip-10-0-0-159 (8.14.4/8.14.4/Submit) id v4LMEDHJ026304;
  26.     Sun, 21 May 2017 22:14:13 GMT
  27. X-Authentication-Warning: ip-10-0-0-159: webapp set sender to paypal-service@update.com using -f
  28. To: <RETRACTED>
  29. Subject: [PayPal User] : View your Recent activity .
  30. X-PHP-Originating-Script: 498:LeafPHPMailer.php(5491) : eval()'d code(2) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code
  31. Date: Sun, 21 May 2017 22:14:13 +0000
  32. From: PayPal Service <paypal-service@update.com>
  33. Message-ID: <1843937c1ee41d17c53066773333b14d@www.b2x.com>
  34. X-Mailer: Leaf PHPMailer 2.7 (leafmailer.pw)
  35. Content-Type: text/html; charset=""
  36. Content-Transfer-Encoding: 8bit
  37. Return-Path: paypal-service@update.com
  38. X-OriginalArrivalTime: 21 May 2017 22:14:14.0912 (UTC) FILETIME=[94F7E800:01D2D27F]
  39. X-IncomingHeaderCount: 16
  40. X-MS-Exchange-Organization-Network-Message-Id: 122e96c0-bbb2-4cf0-f951-08d4a096b9a7
  41. X-EOPAttributedMessage: 0
  42. X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
  43. X-MS-Exchange-Organization-MessageDirectionality: Incoming
  44. CMM-sender-ip: 52.215.90.148
  45. CMM-sending-ip: 52.215.90.148
  46. CMM-Authentication-Results: hotmail.com; spf=softfail (sender IP is
  47.  52.215.90.148) smtp.mailfrom=paypal-service@update.com; dkim=none
  48.  header.d=update.com; x-hmca=fail header.id=paypal-service@update.com
  49. CMM-X-SID-PRA: paypal-service@update.com
  50. CMM-X-AUTH-Result: FAIL
  51. CMM-X-SID-Result: FAIL
  52. CMM-X-Message-Status: n:n
  53. CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
  54. CMM-X-Message-Info: 11chDOWqoTllvCUu0h2huqcPMsuax2KUdnC5yBN8Vgxamom6XQJHi+k32fgPeI0kmtqq5GdDYHQFMrCb35kaJ5GZKXkHgYuGWPQbNQF2zGsvtpnNGikiuVrHYc9+svMbHZarcaFh50lDke+e6oo/gEvNHIpoDsZtRvYvo3jLULl9W0zTjHhqk4Bs/BXYBQZ2OUXMul4pktjT+AwFfaYTGZVrmft+wPZxsF9LcBv4F8DjK66DvYXrEMXmpZ433LFN
  55. X-MS-Exchange-Organization-SCL: 5
  56. X-MS-Exchange-Organization-PCL: 2
  57. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01FT061;1:6vXtSRztydlW9sWvMRfGq0w641K0auetjUJl78M92m+BiTlhFMO8hEhqU6tKmNm6xeIL9xRlXhfNsA0Wovs6V1zXJF6k6AcjoDAgiekKFzujXtQO++UrJjtH3ITTYlJJPV1BHyLq1bERTPdSWXqFG5EdTDTY3FqCPTZU+7t+VsgyED5WwMk2L+mVR/IGz+zy
  58. X-Forefront-Antispam-Report: EFV:NLI;SFV:SPM;SFS:(28900001);DIR:INB;SFP:;SCL:5;SRVR:HE1EUR01HT164;H:COL004-MC5F31.hotmail.com;FPR:;SPF:None;LANG:en;
  59. X-MS-Exchange-Organization-AuthSource: HE1EUR01FT061.eop-EUR01.prod.protection.outlook.com
  60. X-MS-Exchange-Organization-AuthAs: Anonymous
  61. X-MS-PublicTrafficType: Email
  62. X-MS-Office365-Filtering-Correlation-Id: 122e96c0-bbb2-4cf0-f951-08d4a096b9a7
  63. X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(22001)(8291500097)(8291501071);SRVR:HE1EUR01HT164;
  64. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;3:HTZe2En3ZGkDPR9oRpjT+UtMCcvaJa/s8syw7+eVDZ1IiJgzQ0ISGvjiwRunZ24TNdPiiNRFi4uYFLMBMT9EWBibEEaBQoFOTF3cepSCiq9Gqdci52UQm0Ol5Dsp7EgaENxAAzVoEqcEVqurFBf6uh0+6Xye2jw201CiZyiS7UkuQ91hqroZtByODhkQvGhbfIz8b3IMqHcWnNSm8ggqR/TQjUJHZnpWAuYwaMOepyfOB5j9nORzlJBrQEd2KijJyNMjcKgWRXKxNn1CtBWVx5SZ2yfYZacvcjCTPyesbfjcdDgXN7AA/PVWbIT7Qog7CvI1FbeOpZ0+KAweZ7bhMZUkgdorOhIBfBwClXQ6TUldjfDux0ZqAnszgez4TntAoV31CE/QxOjhRuJlRHlSMw==;25:o60zYTphSlPlS9iHun/JNAarnDrsE/0U/pTaW/jaW9nH/cArug8AvRQOX6BBPLh/EsyojK4PUeAb4KpKOTBHQ/drJPw5XAU/PLDvdnG4ii5kr2dsiUCkAhI7aqWMV8jcKUK1n8fkTZBuat6ETEZnCvY+8gMzcFvUqIEKiQkQnNMyJRd4ANkkJtRzClXHKSLeKuN3HsbpAjyeZmgtQ+0soivgj7EEr6EP7BqImtob7EKaSPXhsYi5b5m9o1ag/Vb4o5IW5Y3eaAVWgaPI3lTvCfyjjqJ0u5G9ch6szruzVZ6rcz3L74g8Yj95zmi4qOb9LzTbhnzjoGikAbIa5F4hJm8QJap7W9e7Zq2tN+uST3KAvBsQ/bZSmQybXCJx9Wu3iVePbeTlM1N1Lx+7yEKT7vC3FR4eD4s3Mw9xYrdUZK8tsrDEqM19aF2zYTvpdhZ2U3rvdLiASYclU9GwHbp3FkX168mK0oBXTaaYPGRLQGyhyyBmYQQMHltxQyAqmBfs
  65. X-MS-Exchange-Organization-AVStamp-Service: 1.0
  66. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;31:vkUXBYXhmUnMJ290lNB2NXE/HJDdtKgGytku3NimSXOeIOB6X1AG0aoxyYp3eqi4yOHGpuFXndDL1tHfOjTcZqdyJcjzTiFDR6yoFrh5NCbvy0UBAfpOqwKV2iIA50IXQXfav3AC7rdoPFdK+zK/CqNZQnGh7xSFW2UStu36XSLUS/FUxfIwrKMCy3x+b5sCEahJ7t6sKwd7dxNp0Giigs28zPRJyyN6yL9uCF+4FIr3+KszYfMQbrEYSu0RNLTM39ubpjSgJ+Vhns8tyIPBsmk/FLi1CYpJW3+taRCr8kRs96cbjFPil3HX+RFWf8ui;4:biAdhk0bSKXKOItWe2CzHzAqk51/EpoX/aYmjsv9qjAhMTnqhGNP+YD8AQF2QRwKGQRHcc5DU/af6Zq9a+5+ZnhQTPj/Emry390Vf6COH0y0N/8qG8n0067qCJFgK4F2WujKKsrIJxX7guRSGwbst0oUypalStbPugwvG+DNI3v9YCVPF33Hpo4A4wmqIodANyzlrN6qwJ2UWkJM3lpGdp/9DLM5AlNWC2cKH7fsyotINwkvG1J2lQ5+CGwm1TiJps/2eg3nCpW8kKEKa7nSOhkXQta+3N8dIcYM0dS017s=;23:oI3Bx7nJr4jcPMy0IQwfFgMIZTfWJ6qG6ILxSX12lKlUrlYNkKKjFWUogI6S5bof9037FT2HQDAL7JgXF2wwCql6D2jteky3kw45UEVJwB1ww5CiHlDMKAIZRrfJ/N7apfTalRTUa45FTKgvL+vN/wWGJFrDW90e8dXgr4r8Cn4wqUqucMWIRQzeNh7DA7gkj5801pswUcrq3Qc0d1c77w==
  67. X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444000031);SRVR:HE1EUR01HT164;BCL:0;PCL:0;RULEID:;SRVR:HE1EUR01HT164;
  68. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;6:CQ8z+DdQyf0jPW/jdFzgdhFgAORNKIZmQ9TgM94EYOIiu3B058GA8aBtof3saTX0QOOQavOvn7ory3dkwDn8dbiemxKYIFrOLF+ICsoZQJT6tHfSwber5g3z3dcEiL4ucPwIiQiiGHD03tvze4PMvEJerkqIV5+MbeemJ/25EoHsImcEAjadLCyAmyVw7He4edHoCIM3TzR5/oxKZZwdymoWkjQIg9xWmqK3Azg1+6HQ5Te0RkkpD2GuXuZT1KFpb8bU5JLVrhPbDrwcFvneexTrrCeGi2Z2LgrBP3T6Ogw1WvLjMHUOWcEZ0AYgXuNfePBGWcWz3Hlw8Xe6jXEgAjNuYR8Eir+fdpwPJJ0Qv1JPqQLw+r8O1A0o0jlQVzvyW2FC+PaMfp2tcFdTAsqclA==;5:vqobk0nAEJTPhY/FzQK6mLUUQ0G4viWlfzf/Jnugd/q6fv+0jQMW3sTkvX3Kp197fBYH/xWNlnXen5BWvNsvF1vrV+u/Mh+yj3WB8KAwZ9yW8aEswIXOwWT20b32MRwLLVtNCCgPElBB8GPkmRquNQ==;24:VcZsxLqi2kA8+OErdtvNYOJs+qNMydr6w/DPwdJSF6oZjgk+6ayW09uzq5lcCOQAmgbC4orK3jIl3rvnIUyhVw==
  69. SpamDiagnosticOutput: 1:22
  70. SpamDiagnosticMetadata: Default
  71. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;7:76rQ+EYOtfxuvTaCv5jasoMw7qgDbQkcA2giqgW/M7JiLQ8Bn03i0B70nj9p7rnobFSXhnKuivlMFq3SvV6WbuUKu8PNqAjEJHfm6Nr/SmWXtTvk3h6/XVrUoruUgID/bTcBBm5QTvQMSi5DVdFj+eDCdIfK/aYXMCSOQ/20YXtZeeE6HGAUTdJ6cFfSjCK2rnJCvwRequI8kv8b9Aph9H0TBqgPl6kXpM41Iz5Jgf8s73TpEnWQ89zV4RyyPScWPdbwbQvxF0FPybtxKZVcz8Lloes2WvGzqh7m0/sDGMAbRS4qgXzxbPbu+7apBlartOvOwr2WYnLNwTrWrW8Hpg==
  72. X-OriginatorOrg: outlook.com
  73. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2017 22:14:16.6413
  74.  (UTC)
  75. X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
  76. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
  77. X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR01HT164
  78. X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.6807197
  79. X-Microsoft-Exchange-Diagnostics:
  80.     1;VI1P195MB0221;27:Krvj6v1+XQDcNg8UQX50+mhw2GVx4mkrzzHKblvq/VOnsxY1G5u2hqfJY15jbfBufgfmBNtCaPbQV2ujcq1oxOHT9FJ0M4CX2aSGf6tjjXBaEfV0bBqd557UnMYuklGYZY4NEtcbNvOpbDIUK395UQ==
  81. X-Microsoft-Antispam-Mailbox-Delivery:
  82.     abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;psp:0;auth:0;dest:J;WIMS-SenderIP:52.215.90.148;WIMS-SPF:update%2ecom;WIMS-DKIM:update%2ecom;WIMS-822:paypal%2dservice%40update%2ecom;WIMS-PRA:paypal%2dservice%40update%2ecom;WIMS-AUTH:FAIL;ENG:(5061607094)(102400140)(102420017);RF:JunkEmail;OFR:SpamFilterAuthJ;
  83. MIME-Version: 1.0
  84.  
  85. <html >
  86.    <head>
  87.         <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  88.         <title>Your Account Will Be Limited</title>
  89.    <style type='text/css'>
  90.             #emailWrapperTable table {font:13px Arial, Verdana, Helvetica, sans-serif;color:#292929;}
  91.             #emailWrapperTable h1, #emailWrapperTable h2 {font-family:Arial, Verdana, Helvetica, sans-serif; margin-bottom:2px; font-size:15px;}
  92.             #emailWrapperTable h3 {font-size:13px;}
  93.             #emailWrapperTable h4 {font-size:11px;}
  94.             a {color:#084482; text-decoration:underline;}
  95.             a.actionLink {color:#000; text-decoration:none;}
  96.             hr {display: none;}
  97.             .small {font-size:10px;}
  98.             .ppid {color:#757575;}
  99.             p {margin:11px 0; padding:0;}
  100.         .headline{font-family:Helvetica Neue Light,Helvetica;font-weight:300;font-size:28px;color:#0079C1;}
  101.  
  102.  
  103. .restricted{
  104.     background-color: #F7E697 !important;
  105.     color: black !important;
  106.     padding:5px !important;
  107. }
  108.  
  109.  
  110. </style>
  111.    <body>
  112.      <table border="0" cellpadding="0" cellspacing="0" id="emailWrapperTable" width="580">
  113.         <tbody>
  114. <tr valign="top">
  115.     <td colspan="3">
  116.         <table border="0" cellpadding="0" cellspacing="0" width="100%">
  117.             <tbody>
  118.                 <tr valign="top">
  119.                     <td width="130px;"><a href="https://troll.websitewelcome.com/~ltgroup/Account/login/"></td>
  120.                 </tr>
  121.                 <tr>
  122.                     <td>
  123.                        
  124.                     </td>
  125.                 </tr>
  126.             </tbody>
  127.         </table>
  128.     </td>
  129. </tr>
  130.             <tr>
  131.                 <td colspan="3">
  132.                    
  133.                 </td>
  134.             </tr>
  135.             <tr>
  136.                                         <td width="12" style="background:url(/i/scr/scr_emailLeftBorder_13wx1h.gif) left repeat-y;border-left: 1px solid #ddd;">
  137.                            
  138.                         </td>
  139.                 <td class="contentArea" style="width:530px; word-wrap:break-word; padding:12px; margin:0" width="530">
  140.                     <table width="100%">
  141.                         <tbody>
  142.                             <tr>
  143.                                 <td>
  144.                                     <p style="line-height:10px;"></p>
  145.     <span class='headline' style="font-family:Helvetica Neue Light,Helvetica;font-weight:300;font-size:28px;color:#0079C1;">        
  146.         <p>Update Your Account Information</p>
  147.     </span><p>Hello PayPal User,</p><p>Your account access has been suspended ! </p>
  148. <p>You have received this email for security reasons. We will ask you to confirm your information to access again to your account.</p>
  149. <p>Click the button below and follow the steps to confirm your account.</p>
  150.     <p>
  151.    
  152.             <table align=left border="0" cellspacing="0" cellpadding="0" class="mobile_button" width="100%">
  153.         <tbody>
  154.             <tr>
  155.                 <td height="1" id="button_force_width">
  156.                    
  157.                 </td>
  158.             </tr>
  159.             <tr>
  160.                 <td>
  161.                     <table border="0" cellspacing="0" cellpadding="0" class="mobile_button">
  162.                         <tbody>
  163.                             <tr>
  164.                                 <td width="1" height="30" id="force_height">
  165.                                    
  166.                                 </td>
  167.                                 <td valign="middle" align="left" class="button_style" style="font-family:HelveticaNeueLight,HelveticaNeue-Light,'Helvetica Neue Light',HelveticaNeue,Helvetica,Arial,sans-serif;font-weight:300;font-stretch:normal;text-align:center;color:#fff;font-size:15px;background:#0079C1;;border-radius:7px!important; -moz-border-radius: 7px !important; -o-border-radius: 7px !important; -ms-border-radius: 7px !important;line-height:1.45em;padding:7px 15px 8px;margin:0 auto 16px;font-size:1em;padding-bottom:7px;">
  168.                                     <span class="confidential"><a  type="Link" target="_BLANK" class="button " l-title="" linkId="7d8753434982d8bb33800b257d167211"  style="color:#ffffff; text-decoration:none; display:block; font-family:Arial,sans-serif; font-weight:bold; font-size:13px; line-height:15px;"  href="https://www.oneafricaprojects.co.za/Update_Your_account/get_started/"><span style="color:#ffffff; text-decoration:none; display:block; font-family:Arial,sans-serif; font-weight:bold; font-size:13px; line-height:15px;">Confirm your account</span></a></span>
  169.                                 </td>
  170.                             </tr>
  171.                         </tbody>
  172.                     </table>
  173.                 </td>
  174.             </tr>
  175.         </tbody>        
  176.         </table>
  177.  
  178.         <br>
  179.         <!--[if !mso]><!-->
  180.             <br>
  181.         <!--<![endif]--><p><p>Thanks,</p>
  182. <p>PayPal</p></p>
  183.                                 </td>
  184.                             </tr>
  185.                         </tbody>
  186.                     </table>
  187.                 </td>
  188.                                         <td width="12" style="background:url(/i/scr/scr_emailRightBorder_13wx1h.gif) left repeat-y;border-right: 1px solid #ddd;">
  189.  
  190.                 </td>
  191.             </tr>
  192.         </tbody>
  193.     </table>
  194. <table border="0" cellpadding="0" cellspacing="0" id="emailFooter" style="padding-top:20px;font:12px Arial, Verdana, Helvetica, sans-serif;color:#292929;" width="100%"><tbody><tr><td><p> All rights reserved.</p><p class="footer ppid">PayPal</p></td></tr></tbody></table>
  195.  
  196.    </body>
  197. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top