API tools faq
paste
Advertisement
benkow_

phishing

benkow_
Sep 6th, 2017
4,637
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.63 KB | None | 0 0
raw download clone embed print report
  1. Received: from HE1EUR01HT164.eop-EUR01.prod.protection.outlook.com
  2. (10.173.77.23) by VI1P195MB0221.EURP195.PROD.OUTLOOK.COM with HTTPS via
  3. VI1PR0701CA0037.EURPRD07.PROD.OUTLOOK.COM; Sun, 21 May 2017 22:14:19 +0000
  4. Received: from HE1EUR01FT061.eop-EUR01.prod.protection.outlook.com
  5. (10.152.0.53) by HE1EUR01HT164.eop-EUR01.prod.protection.outlook.com
  6. (10.152.1.120) with Microsoft SMTP Server (version=TLS1_2,
  7. cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1075.5; Sun, 21
  8. May 2017 22:14:18 +0000
  9. Authentication-Results: spf=softfail (sender IP is 52.215.90.148)
  10. smtp.mailfrom=update.com; outlook.fr; dkim=none (message not signed)
  11. header.d=none;outlook.fr; dmarc=none action=none header.from=update.com;
  12. Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
  13. update.com discourages use of 52.215.90.148 as permitted sender)
  14. Received: from COL004-MC5F31.hotmail.com (10.152.0.55) by
  15. HE1EUR01FT061.mail.protection.outlook.com (10.152.1.6) with Microsoft SMTP
  16. Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
  17. 15.1.1075.5 via Frontend Transport; Sun, 21 May 2017 22:14:16 +0000
  18. X-IncomingTopHeaderMarker: OriginalChecksum:8D0EBA014D51BA7EF3D72958E261930C8B7D83AFC5FE4335B0149094666CC3BA;UpperCasedChecksum:B1AA160E27A71780694F90323E646D1ECA1D5CFC609F6A9C0A00B42BEC66812A;SizeAsReceived:1259;Count:16
  19. Received: from ip-10-0-0-159 ([52.215.90.148]) by COL004-MC5F31.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143);
  20. Sun, 21 May 2017 15:14:14 -0700
  21. Received: from ip-10-0-0-159 (localhost [127.0.0.1])
  22. by ip-10-0-0-159 (8.14.4/8.14.4) with ESMTP id v4LMEDhD026306
  23. for <RETRACTED>; Sun, 21 May 2017 22:14:13 GMT
  24. Received: (from webapp@localhost)
  25. by ip-10-0-0-159 (8.14.4/8.14.4/Submit) id v4LMEDHJ026304;
  26. Sun, 21 May 2017 22:14:13 GMT
  27. X-Authentication-Warning: ip-10-0-0-159: webapp set sender to paypal-service@update.com using -f
  28. To: <RETRACTED>
  29. Subject: [PayPal User] : View your Recent activity .
  30. X-PHP-Originating-Script: 498:LeafPHPMailer.php(5491) : eval()'d code(2) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code
  31. Date: Sun, 21 May 2017 22:14:13 +0000
  32. From: PayPal Service <paypal-service@update.com>
  33. Message-ID: <1843937c1ee41d17c53066773333b14d@www.b2x.com>
  34. X-Mailer: Leaf PHPMailer 2.7 (leafmailer.pw)
  35. Content-Type: text/html; charset=""
  36. Content-Transfer-Encoding: 8bit
  37. Return-Path: paypal-service@update.com
  38. X-OriginalArrivalTime: 21 May 2017 22:14:14.0912 (UTC) FILETIME=[94F7E800:01D2D27F]
  39. X-IncomingHeaderCount: 16
  40. X-MS-Exchange-Organization-Network-Message-Id: 122e96c0-bbb2-4cf0-f951-08d4a096b9a7
  41. X-EOPAttributedMessage: 0
  42. X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
  43. X-MS-Exchange-Organization-MessageDirectionality: Incoming
  44. CMM-sender-ip: 52.215.90.148
  45. CMM-sending-ip: 52.215.90.148
  46. CMM-Authentication-Results: hotmail.com; spf=softfail (sender IP is
  47. 52.215.90.148) smtp.mailfrom=paypal-service@update.com; dkim=none
  48. header.d=update.com; x-hmca=fail header.id=paypal-service@update.com
  49. CMM-X-SID-PRA: paypal-service@update.com
  50. CMM-X-AUTH-Result: FAIL
  51. CMM-X-SID-Result: FAIL
  52. CMM-X-Message-Status: n:n
  53. CMM-X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
  54. CMM-X-Message-Info: 11chDOWqoTllvCUu0h2huqcPMsuax2KUdnC5yBN8Vgxamom6XQJHi+k32fgPeI0kmtqq5GdDYHQFMrCb35kaJ5GZKXkHgYuGWPQbNQF2zGsvtpnNGikiuVrHYc9+svMbHZarcaFh50lDke+e6oo/gEvNHIpoDsZtRvYvo3jLULl9W0zTjHhqk4Bs/BXYBQZ2OUXMul4pktjT+AwFfaYTGZVrmft+wPZxsF9LcBv4F8DjK66DvYXrEMXmpZ433LFN
  55. X-MS-Exchange-Organization-SCL: 5
  56. X-MS-Exchange-Organization-PCL: 2
  57. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01FT061;1:6vXtSRztydlW9sWvMRfGq0w641K0auetjUJl78M92m+BiTlhFMO8hEhqU6tKmNm6xeIL9xRlXhfNsA0Wovs6V1zXJF6k6AcjoDAgiekKFzujXtQO++UrJjtH3ITTYlJJPV1BHyLq1bERTPdSWXqFG5EdTDTY3FqCPTZU+7t+VsgyED5WwMk2L+mVR/IGz+zy
  58. X-Forefront-Antispam-Report: EFV:NLI;SFV:SPM;SFS:(28900001);DIR:INB;SFP:;SCL:5;SRVR:HE1EUR01HT164;H:COL004-MC5F31.hotmail.com;FPR:;SPF:None;LANG:en;
  59. X-MS-Exchange-Organization-AuthSource: HE1EUR01FT061.eop-EUR01.prod.protection.outlook.com
  60. X-MS-Exchange-Organization-AuthAs: Anonymous
  61. X-MS-PublicTrafficType: Email
  62. X-MS-Office365-Filtering-Correlation-Id: 122e96c0-bbb2-4cf0-f951-08d4a096b9a7
  63. X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(22001)(8291500097)(8291501071);SRVR:HE1EUR01HT164;
  64. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;3:HTZe2En3ZGkDPR9oRpjT+UtMCcvaJa/s8syw7+eVDZ1IiJgzQ0ISGvjiwRunZ24TNdPiiNRFi4uYFLMBMT9EWBibEEaBQoFOTF3cepSCiq9Gqdci52UQm0Ol5Dsp7EgaENxAAzVoEqcEVqurFBf6uh0+6Xye2jw201CiZyiS7UkuQ91hqroZtByODhkQvGhbfIz8b3IMqHcWnNSm8ggqR/TQjUJHZnpWAuYwaMOepyfOB5j9nORzlJBrQEd2KijJyNMjcKgWRXKxNn1CtBWVx5SZ2yfYZacvcjCTPyesbfjcdDgXN7AA/PVWbIT7Qog7CvI1FbeOpZ0+KAweZ7bhMZUkgdorOhIBfBwClXQ6TUldjfDux0ZqAnszgez4TntAoV31CE/QxOjhRuJlRHlSMw==;25:o60zYTphSlPlS9iHun/JNAarnDrsE/0U/pTaW/jaW9nH/cArug8AvRQOX6BBPLh/EsyojK4PUeAb4KpKOTBHQ/drJPw5XAU/PLDvdnG4ii5kr2dsiUCkAhI7aqWMV8jcKUK1n8fkTZBuat6ETEZnCvY+8gMzcFvUqIEKiQkQnNMyJRd4ANkkJtRzClXHKSLeKuN3HsbpAjyeZmgtQ+0soivgj7EEr6EP7BqImtob7EKaSPXhsYi5b5m9o1ag/Vb4o5IW5Y3eaAVWgaPI3lTvCfyjjqJ0u5G9ch6szruzVZ6rcz3L74g8Yj95zmi4qOb9LzTbhnzjoGikAbIa5F4hJm8QJap7W9e7Zq2tN+uST3KAvBsQ/bZSmQybXCJx9Wu3iVePbeTlM1N1Lx+7yEKT7vC3FR4eD4s3Mw9xYrdUZK8tsrDEqM19aF2zYTvpdhZ2U3rvdLiASYclU9GwHbp3FkX168mK0oBXTaaYPGRLQGyhyyBmYQQMHltxQyAqmBfs
  65. X-MS-Exchange-Organization-AVStamp-Service: 1.0
  66. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;31:vkUXBYXhmUnMJ290lNB2NXE/HJDdtKgGytku3NimSXOeIOB6X1AG0aoxyYp3eqi4yOHGpuFXndDL1tHfOjTcZqdyJcjzTiFDR6yoFrh5NCbvy0UBAfpOqwKV2iIA50IXQXfav3AC7rdoPFdK+zK/CqNZQnGh7xSFW2UStu36XSLUS/FUxfIwrKMCy3x+b5sCEahJ7t6sKwd7dxNp0Giigs28zPRJyyN6yL9uCF+4FIr3+KszYfMQbrEYSu0RNLTM39ubpjSgJ+Vhns8tyIPBsmk/FLi1CYpJW3+taRCr8kRs96cbjFPil3HX+RFWf8ui;4:biAdhk0bSKXKOItWe2CzHzAqk51/EpoX/aYmjsv9qjAhMTnqhGNP+YD8AQF2QRwKGQRHcc5DU/af6Zq9a+5+ZnhQTPj/Emry390Vf6COH0y0N/8qG8n0067qCJFgK4F2WujKKsrIJxX7guRSGwbst0oUypalStbPugwvG+DNI3v9YCVPF33Hpo4A4wmqIodANyzlrN6qwJ2UWkJM3lpGdp/9DLM5AlNWC2cKH7fsyotINwkvG1J2lQ5+CGwm1TiJps/2eg3nCpW8kKEKa7nSOhkXQta+3N8dIcYM0dS017s=;23:oI3Bx7nJr4jcPMy0IQwfFgMIZTfWJ6qG6ILxSX12lKlUrlYNkKKjFWUogI6S5bof9037FT2HQDAL7JgXF2wwCql6D2jteky3kw45UEVJwB1ww5CiHlDMKAIZRrfJ/N7apfTalRTUa45FTKgvL+vN/wWGJFrDW90e8dXgr4r8Cn4wqUqucMWIRQzeNh7DA7gkj5801pswUcrq3Qc0d1c77w==
  67. X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444000031);SRVR:HE1EUR01HT164;BCL:0;PCL:0;RULEID:;SRVR:HE1EUR01HT164;
  68. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;6:CQ8z+DdQyf0jPW/jdFzgdhFgAORNKIZmQ9TgM94EYOIiu3B058GA8aBtof3saTX0QOOQavOvn7ory3dkwDn8dbiemxKYIFrOLF+ICsoZQJT6tHfSwber5g3z3dcEiL4ucPwIiQiiGHD03tvze4PMvEJerkqIV5+MbeemJ/25EoHsImcEAjadLCyAmyVw7He4edHoCIM3TzR5/oxKZZwdymoWkjQIg9xWmqK3Azg1+6HQ5Te0RkkpD2GuXuZT1KFpb8bU5JLVrhPbDrwcFvneexTrrCeGi2Z2LgrBP3T6Ogw1WvLjMHUOWcEZ0AYgXuNfePBGWcWz3Hlw8Xe6jXEgAjNuYR8Eir+fdpwPJJ0Qv1JPqQLw+r8O1A0o0jlQVzvyW2FC+PaMfp2tcFdTAsqclA==;5:vqobk0nAEJTPhY/FzQK6mLUUQ0G4viWlfzf/Jnugd/q6fv+0jQMW3sTkvX3Kp197fBYH/xWNlnXen5BWvNsvF1vrV+u/Mh+yj3WB8KAwZ9yW8aEswIXOwWT20b32MRwLLVtNCCgPElBB8GPkmRquNQ==;24:VcZsxLqi2kA8+OErdtvNYOJs+qNMydr6w/DPwdJSF6oZjgk+6ayW09uzq5lcCOQAmgbC4orK3jIl3rvnIUyhVw==
  69. SpamDiagnosticOutput: 1:22
  70. SpamDiagnosticMetadata: Default
  71. X-Microsoft-Exchange-Diagnostics: 1;HE1EUR01HT164;7:76rQ+EYOtfxuvTaCv5jasoMw7qgDbQkcA2giqgW/M7JiLQ8Bn03i0B70nj9p7rnobFSXhnKuivlMFq3SvV6WbuUKu8PNqAjEJHfm6Nr/SmWXtTvk3h6/XVrUoruUgID/bTcBBm5QTvQMSi5DVdFj+eDCdIfK/aYXMCSOQ/20YXtZeeE6HGAUTdJ6cFfSjCK2rnJCvwRequI8kv8b9Aph9H0TBqgPl6kXpM41Iz5Jgf8s73TpEnWQ89zV4RyyPScWPdbwbQvxF0FPybtxKZVcz8Lloes2WvGzqh7m0/sDGMAbRS4qgXzxbPbu+7apBlartOvOwr2WYnLNwTrWrW8Hpg==
  72. X-OriginatorOrg: outlook.com
  73. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2017 22:14:16.6413
  74. (UTC)
  75. X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
  76. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
  77. X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR01HT164
  78. X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.6807197
  79. X-Microsoft-Exchange-Diagnostics:
  80. 1;VI1P195MB0221;27:Krvj6v1+XQDcNg8UQX50+mhw2GVx4mkrzzHKblvq/VOnsxY1G5u2hqfJY15jbfBufgfmBNtCaPbQV2ujcq1oxOHT9FJ0M4CX2aSGf6tjjXBaEfV0bBqd557UnMYuklGYZY4NEtcbNvOpbDIUK395UQ==
  81. X-Microsoft-Antispam-Mailbox-Delivery:
  82. abwl:0;wl:0;pcwl:0;kl:0;iwl:0;ijl:0;dwl:0;dkl:0;rwl:0;ex:0;psp:0;auth:0;dest:J;WIMS-SenderIP:52.215.90.148;WIMS-SPF:update%2ecom;WIMS-DKIM:update%2ecom;WIMS-822:paypal%2dservice%40update%2ecom;WIMS-PRA:paypal%2dservice%40update%2ecom;WIMS-AUTH:FAIL;ENG:(5061607094)(102400140)(102420017);RF:JunkEmail;OFR:SpamFilterAuthJ;
  83. MIME-Version: 1.0
  84.  
  85. <html >
  86. <head>
  87. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  88. <title>Your Account Will Be Limited</title>
  89. <style type='text/css'>
  90. #emailWrapperTable table {font:13px Arial, Verdana, Helvetica, sans-serif;color:#292929;}
  91. #emailWrapperTable h1, #emailWrapperTable h2 {font-family:Arial, Verdana, Helvetica, sans-serif; margin-bottom:2px; font-size:15px;}
  92. #emailWrapperTable h3 {font-size:13px;}
  93. #emailWrapperTable h4 {font-size:11px;}
  94. a {color:#084482; text-decoration:underline;}
  95. a.actionLink {color:#000; text-decoration:none;}
  96. hr {display: none;}
  97. .small {font-size:10px;}
  98. .ppid {color:#757575;}
  99. p {margin:11px 0; padding:0;}
  100. .headline{font-family:Helvetica Neue Light,Helvetica;font-weight:300;font-size:28px;color:#0079C1;}
  101.  
  102.  
  103. .restricted{
  104. background-color: #F7E697 !important;
  105. color: black !important;
  106. padding:5px !important;
  107. }
  108.  
  109.  
  110. </style>
  111. <body>
  112. <table border="0" cellpadding="0" cellspacing="0" id="emailWrapperTable" width="580">
  113. <tbody>
  114. <tr valign="top">
  115. <td colspan="3">
  116. <table border="0" cellpadding="0" cellspacing="0" width="100%">
  117. <tbody>
  118. <tr valign="top">
  119. <td width="130px;"><a href="https://troll.websitewelcome.com/~ltgroup/Account/login/"></td>
  120. </tr>
  121. <tr>
  122. <td>
  123.  
  124. </td>
  125. </tr>
  126. </tbody>
  127. </table>
  128. </td>
  129. </tr>
  130. <tr>
  131. <td colspan="3">
  132.  
  133. </td>
  134. </tr>
  135. <tr>
  136. <td width="12" style="background:url(/i/scr/scr_emailLeftBorder_13wx1h.gif) left repeat-y;border-left: 1px solid #ddd;">
  137.  
  138. </td>
  139. <td class="contentArea" style="width:530px; word-wrap:break-word; padding:12px; margin:0" width="530">
  140. <table width="100%">
  141. <tbody>
  142. <tr>
  143. <td>
  144. <p style="line-height:10px;"></p>
  145. <span class='headline' style="font-family:Helvetica Neue Light,Helvetica;font-weight:300;font-size:28px;color:#0079C1;">
  146. <p>Update Your Account Information</p>
  147. </span><p>Hello PayPal User,</p><p>Your account access has been suspended ! </p>
  148. <p>You have received this email for security reasons. We will ask you to confirm your information to access again to your account.</p>
  149. <p>Click the button below and follow the steps to confirm your account.</p>
  150. <p>
  151.  
  152. <table align=left border="0" cellspacing="0" cellpadding="0" class="mobile_button" width="100%">
  153. <tbody>
  154. <tr>
  155. <td height="1" id="button_force_width">
  156.  
  157. </td>
  158. </tr>
  159. <tr>
  160. <td>
  161. <table border="0" cellspacing="0" cellpadding="0" class="mobile_button">
  162. <tbody>
  163. <tr>
  164. <td width="1" height="30" id="force_height">
  165.  
  166. </td>
  167. <td valign="middle" align="left" class="button_style" style="font-family:HelveticaNeueLight,HelveticaNeue-Light,'Helvetica Neue Light',HelveticaNeue,Helvetica,Arial,sans-serif;font-weight:300;font-stretch:normal;text-align:center;color:#fff;font-size:15px;background:#0079C1;;border-radius:7px!important; -moz-border-radius: 7px !important; -o-border-radius: 7px !important; -ms-border-radius: 7px !important;line-height:1.45em;padding:7px 15px 8px;margin:0 auto 16px;font-size:1em;padding-bottom:7px;">
  168. <span class="confidential"><a type="Link" target="_BLANK" class="button " l-title="" linkId="7d8753434982d8bb33800b257d167211" style="color:#ffffff; text-decoration:none; display:block; font-family:Arial,sans-serif; font-weight:bold; font-size:13px; line-height:15px;" href="https://www.oneafricaprojects.co.za/Update_Your_account/get_started/"><span style="color:#ffffff; text-decoration:none; display:block; font-family:Arial,sans-serif; font-weight:bold; font-size:13px; line-height:15px;">Confirm your account</span></a></span>
  169. </td>
  170. </tr>
  171. </tbody>
  172. </table>
  173. </td>
  174. </tr>
  175. </tbody>
  176. </table>
  177.  
  178. <br>
  179. <!--[if !mso]><!-->
  180. <br>
  181. <!--<![endif]--><p><p>Thanks,</p>
  182. <p>PayPal</p></p>
  183. </td>
  184. </tr>
  185. </tbody>
  186. </table>
  187. </td>
  188. <td width="12" style="background:url(/i/scr/scr_emailRightBorder_13wx1h.gif) left repeat-y;border-right: 1px solid #ddd;">
  189.  
  190. </td>
  191. </tr>
  192. </tbody>
  193. </table>
  194. <table border="0" cellpadding="0" cellspacing="0" id="emailFooter" style="padding-top:20px;font:12px Arial, Verdana, Helvetica, sans-serif;color:#292929;" width="100%"><tbody><tr><td><p> All rights reserved.</p><p class="footer ppid">PayPal</p></td></tr></tbody></table>
  195.  
  196. </body>
  197. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!