API tools faq
paste
Advertisement
wavellan

20181002_PHISHING_SCAM_1

wavellan
Oct 2nd, 2018
422
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.16 KB | None | 0 0
raw download clone embed print report
  1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
  2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
  3. id 15.0.1367.3 via Mailbox Transport; Tue, 2 Oct 2018 02:35:13 -0500
  4. Received: from MBX10D-ORD1.mex08.mlsrvr.com (172.29.9.40) by
  5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
  6. id 15.0.1367.3; Tue, 2 Oct 2018 02:35:12 -0500
  7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
  8. MBX10D-ORD1.mex08.mlsrvr.com (172.29.9.40) with Microsoft SMTP Server (TLS)
  9. id 15.0.1367.3 via Frontend Transport; Tue, 2 Oct 2018 02:35:12 -0500
  10. Return-Path: <Aaron794Smith@yahoo.jp>
  11. X-Spam-Threshold: 95
  12. X-Spam-Score: 100
  13. Precedence: junk
  14. X-Spam-Flag: YES
  15. X-Virus-Scanned: OK
  16. X-Orig-To: REMOVED
  17. X-Originating-Ip: [185.253.79.75]
  18. Authentication-Results: smtp16.gate.iad3b.rsapps.net; iprev=pass policy.iprev="185.253.79.75"; spf=softfail smtp.mailfrom="Aaron794Smith@yahoo.jp" smtp.helo="yahoo.jp"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=yahoo.jp
  19. X-Suspicious-Flag: NO
  20. X-Classification-ID: afbbae2a-c615-11e8-be1c-5254004ed364-1-1
  21. Received: from [185.253.79.75] ([185.253.79.75:12832] helo=yahoo.jp)
  22. by smtp16.gate.iad3b.rsapps.net (envelope-from <Aaron794Smith@yahoo.jp>)
  23. (ecelerity 4.2.38.62370 r(:)) with ESMTP
  24. id 04/A2-20340-DAF13BB5; Tue, 02 Oct 2018 03:35:12 -0400
  25. Received: from mail.webhostings4u.com ([Tue, 02 Oct 2018 03:19:06 -0400])
  26. by snmp.otwaloow.com with SMTP; Tue, 02 Oct 2018 03:19:06 -0400
  27. Received: from mail.naihautsui.co.kr [109.20.142.52] by mx.reskind.net with LOCAL; Tue, 02 Oct 2018 03:16:22 -0400
  28. Received: from mx.reskind.net [153.200.33.252] by group21.345mail.com with NNFMP; Tue, 02 Oct 2018 03:09:48 -0400
  29. Received: from [121.156.49.248] by smtp-server1.cfdenselr.com with SMTP; Tue, 02 Oct 2018 02:58:22 -0400
  30. Received: from rly04.hottestmile.com ([Tue, 02 Oct 2018 02:57:37 -0400])
  31. by nntp.pinxodet.net with LOCAL; Tue, 02 Oct 2018 02:57:37 -0400
  32. Message-ID: <99BC8974.1CF19439@yahoo.jp>
  33. Date: Tue, 2 Oct 2018 02:57:37 -0400
  34. From: REMOVED <Aaron794Smith@yahoo.jp>
  35. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.19) Gecko/20081209 Thunderbird/2.0.0.19
  36. MIME-Version: 1.0
  37. To: OLD_COMPROMISED_PASSWORD_HERE REMOVED
  38. Subject: OLD_COMPROMISED_PASSWORD_HERE REMOVED
  39. X-MS-Exchange-Organization-Network-Message-Id: a4aba9c2-8068-4545-3520-08d6283996c8
  40. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1453900;0;This mail has
  41. been scanned by Trend Micro ScanMail for Microsoft Exchange;
  42. X-MS-Exchange-Organization-SCL: 5
  43. X-MS-Exchange-Organization-AuthSource: MBX10D-ORD1.mex08.mlsrvr.com
  44. X-MS-Exchange-Organization-AuthAs: Anonymous
  45. Content-type: multipart/alternative;
  46. boundary="B_3621308230_1373997464"
  47.  
  48. > This message is in MIME format. Since your mail reader does not understand
  49. this format, some or all of this message may not be legible.
  50.  
  51. --B_3621308230_1373997464
  52. Content-type: text/plain;
  53. charset="UTF-8"
  54. Content-transfer-encoding: 7bit
  55.  
  56. I know OLD_COMPROMISED_PASSWORD_HERE REMOVED one of your pass word. Lets get directly to the purpose. You may not know me and you are probably thinking why you're getting this e mail? No-one has compensated me to check you.
  57.  
  58. In fact, I installed a software on the 18+ vids (porn) website and you know what, you visited this web site to experience fun (you know what I mean). While you were viewing video clips, your web browser initiated operating as a RDP having a keylogger which provided me with access to your display and web camera. after that, my software gathered all your contacts from your Messenger, FB, as well as email . After that I made a double video. 1st part displays the video you were viewing (you've got a fine taste omg), and 2nd part shows the view of your web camera, yeah it is you.
  59.  
  60. You get two alternatives. We are going to go through these solutions in particulars:
  61.  
  62. 1st solution is to skip this email message. In such a case, I am going to send your very own video to each one of your contacts and also you can easily imagine about the embarrassment you feel. Not to forget if you happen to be in a loving relationship, how it will affect?
  63.  
  64. Number two choice would be to pay me $3000. We are going to think of it as a donation. Subsequently, I will immediately remove your videotape. You could continue on your daily ro utine like this never occurred and you would never hear back again from me.
  65.  
  66. You'll make the payment via Bitcoin (if you do not know this, search "how to buy bitcoin" in Google).
  67.  
  68. BTC Address to send to: 1PNvvJVsxAAqXWys86sBRQXMCB9mgGyU5X
  69. [CASE-SENSITIVE, copy & paste it]
  70.  
  71. If you may be thinking about going to the law enforcement, look, this message cannot be traced back to me. I have dealt with my steps. I am not attempting to ask you for a lot, I wish to be compensated.
  72.  
  73. You have one day in order to pay. I have a unique pixel within this e mail, and at this moment I know that you have read this message. If I don't get the BitCoins, I will definitely send out your video to all of your contacts including friends and family, co-workers, and many others. Nonetheless, if I do get paid, I'll destroy the recording immediately. If you want evidence, reply with Yes & I definitely will send your video recording to your 9 contacts. It is a non-negotiable offer, so don't waste my personal time and yours by replying to this e mail.
  74.  
  75. --B_3621308230_1373997464
  76. Content-type: text/html;
  77. charset="UTF-8"
  78. Content-transfer-encoding: quoted-printable
  79.  
  80. <html>
  81. <head>
  82. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
  83. </head>
  84. <body>
  85. I know OLD_COMPROMISED_PASSWORD_HERE REMOVED one of your pass word. Lets get directly to the purpose. Yo=
  86. u may not know me and you are probably thinking why you're getting this e ma=
  87. il? No-one has compensated me to check you.
  88. <br>
  89. <br>
  90. In fact, I installed a software on the 18&#43; vids (porn) website and you =
  91. know what, you visited this web site to experience fun (you know what I mean=
  92. ). While you were viewing video clips, your web browser initiated operating =
  93. as a RDP having a keylogger which
  94. provided me with access to your display and web camera. after that, my sof=
  95. tware gathered all your contacts from your Messenger, FB, as well as email .=
  96. After that I made a double video. 1st part displays the video you were view=
  97. ing (you've got a fine taste omg),
  98. and 2nd part shows the view of your web camera, yeah it is you. <br>
  99. <br>
  100. You get two alternatives. We are going to go through these solutions in par=
  101. ticulars:
  102. <br>
  103. <br>
  104. 1st solution is to skip this email message. In such a case, I am going to s=
  105. end your very own video to each one of your contacts and also you can easily=
  106. imagine about the embarrassment you feel. Not to forget if you happen to be=
  107. in a loving relationship, how
  108. it will affect? <br>
  109. <br>
  110. Number two choice would be to pay me $3000. We are going to think of it as =
  111. a donation. Subsequently, I will immediately remove your videotape. You coul=
  112. d continue on your daily ro utine like this never occurred and you would nev=
  113. er hear back again from me.
  114. <br>
  115. <br>
  116. You'll make the payment via Bitcoin (if you do not know this, search &quot;=
  117. how to buy bitcoin&quot; in Google).
  118. <br>
  119. <br>
  120. BTC Address to send to: 1PNvvJVsxAAqXWys86sBRQXMCB9mgGyU5X <br>
  121. [CASE-SENSITIVE, copy &amp; paste it] <br>
  122. <br>
  123. If you may be thinking about going to the law enforcement, look, this messa=
  124. ge cannot be traced back to me. I have dealt with my steps. I am not attempt=
  125. ing to ask you for a lot, I wish to be compensated.
  126. <br>
  127. <br>
  128. You have one day in order to pay. I have a unique pixel within this e mail,=
  129. and at this moment I know that you have read this message. If I don't get t=
  130. he BitCoins, I will definitely send out your video to all of your contacts i=
  131. ncluding friends and family, co-workers,
  132. and many others. Nonetheless, if I do get paid, I'll destroy the recording=
  133. immediately. If you want evidence, reply with Yes &amp; I definitely will s=
  134. end your video recording to your 9 contacts. It is a non-negotiable offer, s=
  135. o don't waste my personal time and
  136. yours by replying to this e mail.
  137. </body>
  138. </html>
  139.  
  140.  
  141. --B_3621308230_1373997464--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!