20181021_PHISHING_SCAM_1

1. Received: from MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Sun, 21 Oct 2018 22:25:27 -0500
4. Received: from MBX07C-ORD1.mex08.mlsrvr.com (172.29.9.29) by
5. MBX05D-ORD1.mex08.mlsrvr.com (172.29.9.24) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Sun, 21 Oct 2018 22:25:27 -0500
7. Received: from gate.forward.smtp.iad3a.emailsrvr.com (204.232.172.40) by
8. MBX07C-ORD1.mex08.mlsrvr.com (172.29.9.29) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Sun, 21 Oct 2018 22:25:20 -0500
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [24.230.157.150]
18. Authentication-Results: smtp32.gate.iad3a.rsapps.net; iprev=pass policy.iprev="24.230.157.150"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="mail.maycore.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=maycore.com
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 199d3536-d5aa-11e8-b31f-5254001741cc-1-1
21. Received: from [24.230.157.150] ([24.230.157.150:55099] helo=mail.maycore.com)
22. by smtp32.gate.iad3a.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=AES128-SHA)
24. id A7/DA-18226-F134DCB5; Sun, 21 Oct 2018 23:25:20 -0400
25. Received: from [127.0.0.1] (191.53.104.183) by main.maycore.com
26. (24.230.157.150) with Microsoft SMTP Server (TLS) id 14.3.399.0; Sun, 21 Oct
27. 2018 22:24:42 -0500
28. Date: Mon, 22 Oct 2018 05:25:04 +0200
29. Subject: yuor password OLD_PASSWORD_HERE
30. From: <[email protected]>
31. To: REMOVED
32. Message-ID: <[email protected]>
33. MIME-Version: 1.0
34. X-MS-Exchange-Organization-Network-Message-Id: 689590b9-fb79-4b81-4aa6-08d637ce02f8
35. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1457700;0;This mail has
36. been scanned by Trend Micro ScanMail for Microsoft Exchange;
37. X-MS-Exchange-Organization-SCL: 5
38. X-MS-Exchange-Organization-AuthSource: MBX07C-ORD1.mex08.mlsrvr.com
39. X-MS-Exchange-Organization-AuthAs: Anonymous
40. Content-type: text/plain;
41. charset="UTF-8"
42. Content-transfer-encoding: 7bit
43.  
44. Hi, my victim.
45. I know your password - OLD_PASSWORD_HERE
46.  
47. This is my last warning.
48.  
49. I write you inasmuch as I put a trojan on the web page with pornography which you have visited.
50. My malware grabbed all your personal data and switched on your webcam which captured the process of your masturbation. Just after that the trojan saved your contact list.
51. I will remove the compromising video and data if you pay me 700 USD in bitcoin. This is wallet address for payment : 1MAM6oPcycTrfiLPS9tjtAR8t6KDmL91fr
52. (you can google on "how to buy bitcoin")
53.  
54. I give you 24 hours after you view my message to make the payment.
55. As soon as you view the message I'll know it right away.
56. It is not necessary to tell me that you have sent money to me. This address is connected to you, my system will delete everything automatically after transfer confirmation.
57. You can visit the police office but no one can't help you.
58. If you try to cheat me, I'll see it immediately!
59. I don't live in your country. So nobody can't track my location even for 9 months.
60. Don't forget about the disgrace and to ignore, Your life can be ruined.