API tools faq
paste
Advertisement
wavellan

20180724_PHISHING_SCAM_1

wavellan
Jul 24th, 2018
882
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.66 KB | None | 0 0
raw download clone embed print report
  1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
  2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
  3. id 15.0.1367.3 via Mailbox Transport; Mon, 23 Jul 2018 22:29:01 -0500
  4. Received: from MBX11C-ORD1.mex08.mlsrvr.com (172.29.9.41) by
  5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
  6. id 15.0.1367.3; Mon, 23 Jul 2018 22:29:01 -0500
  7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
  8. MBX11C-ORD1.mex08.mlsrvr.com (172.29.9.41) with Microsoft SMTP Server (TLS)
  9. id 15.0.1367.3 via Frontend Transport; Mon, 23 Jul 2018 22:29:01 -0500
  10. Return-Path: <[email protected]>
  11. X-Spam-Threshold: 95
  12. X-Spam-Score: 100
  13. Precedence: junk
  14. X-Spam-Flag: YES
  15. Authentication-Results: smtp36.gate.iad3b.rsapps.net x-tls.subject="/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=Microsoft Corporation/CN=mail.protection.outlook.com"; auth=pass (cipher=AES256-SHA256)
  16. X-Virus-Scanned: OK
  17. X-Orig-To: REMOVED
  18. X-Originating-Ip: [40.92.254.48]
  19. Authentication-Results: smtp36.gate.iad3b.rsapps.net; iprev=pass policy.iprev="40.92.254.48"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="apc01-pu1-obe.outbound.protection.outlook.com"; dkim=pass header.d=outlook.com; dmarc=pass (p=none; dis=none) header.from=outlook.com
  20. X-Suspicious-Flag: NO
  21. X-Classification-ID: b3a4150a-8ef1-11e8-9a7e-5254003a7283-1-1
  22. Received: from [40.92.254.48] ([40.92.254.48:7328] helo=APC01-PU1-obe.outbound.protection.outlook.com)
  23. by smtp36.gate.iad3b.rsapps.net (envelope-from <[email protected]>)
  24. (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=AES256-SHA256
  25. subject="/C=US/ST=WA/L=Redmond/O=Microsoft Corporation/OU=Microsoft Corporation/CN=mail.protection.outlook.com")
  26. id 11/5E-28812-CFC965B5; Mon, 23 Jul 2018 23:29:01 -0400
  27. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
  28. s=selector1;
  29. h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
  30. bh=6wJhktc+Ia5yySrFAN4wFvnHVoTwQcfWf//0ZsQ+r4o=;
  31. b=orWIMzdhkPopvNLNu4xSLieuThI6goSobMD7qW1V1s+6GZ5bTaJxjgIZiU9720O7JKCdUOsBCVYRmGJxxRu7VhiYGtoD5UB6FGg405XccA6vMM4wmvhF4h1dwzyO5+OoZFq1bueiAsjjZjMLdEQOSmdH0fvlu86av7p8WHUa+K9CrrfecLv2EtrinZdxTCVYg9cgvs+c48GiAM3PN8rpufO+hPs/pUimSu4u+/po8xb25DXRnXYoP140omUt9pn0akEXtRJ2fTN7LAQ9TOQwu+V76XC+o4rk4XwdeOZgAAyzdq763dVu5mYlVW4jl4Hx8jKYC2/HNMp2fRCoCZTOJg==
  32. Received: from HK2APC01FT064.eop-APC01.prod.protection.outlook.com
  33. (10.152.248.52) by HK2APC01HT051.eop-APC01.prod.protection.outlook.com
  34. (10.152.249.143) with Microsoft SMTP Server (version=TLS1_2,
  35. cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.995.12; Tue, 24
  36. Jul 2018 03:28:57 +0000
  37. Received: from HK2PR01MB0851.apcprd01.prod.exchangelabs.com (10.152.248.58) by
  38. HK2APC01FT064.mail.protection.outlook.com (10.152.249.108) with Microsoft
  39. SMTP Server (version=TLS1_2,
  40. cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.995.12 via
  41. Frontend Transport; Tue, 24 Jul 2018 03:28:57 +0000
  42. Received: from HK2PR01MB0851.apcprd01.prod.exchangelabs.com
  43. ([fe80::21de:8798:afc9:4e9e]) by HK2PR01MB0851.apcprd01.prod.exchangelabs.com
  44. ([fe80::21de:8798:afc9:4e9e%5]) with mapi id 15.20.0973.022; Tue, 24 Jul 2018
  45. 03:28:57 +0000
  46. From: Armin Bier <[email protected]>
  47. To: REMOVED
  48. Subject: REMOVED
  49. Thread-Topic: REMOVED
  50. Thread-Index: AQHUIv50l9z0B/C2XkCWi49Vz8BA5Q==
  51. Date: Tue, 24 Jul 2018 03:28:57 +0000
  52. Message-ID: <HK2PR01MB0851CDCBA827CC2EA2F3BA60C6550@HK2PR01MB0851.apcprd01.prod.exchangelabs.com>
  53. Accept-Language: en-US
  54. Content-Language: en-US
  55. X-MS-Has-Attach:
  56. X-MS-TNEF-Correlator:
  57. x-incomingtopheadermarker: OriginalChecksum:7A55401FE50B0B4076DD5B3C4FEBC3FDA3F056E92258060A4512F26FC1CDF6B7;UpperCasedChecksum:A4A27E3E0EE71AA3494928018CA11172CDAE8B4482E5B1BD3AB162A568AB3C0E;SizeAsReceived:6822;Count:43
  58. x-tmn: [3ayTB+2PktEsCtTWvQZfepC/pjBQfpPLGBA69+bAN8U=]
  59. x-ms-publictraffictype: Email
  60. x-microsoft-exchange-diagnostics: 1;HK2APC01HT051;6:edWrfETFXZcuD4JANjOE6dunAdyc5pmV+ahb32hQp091az7xz3cPv4hnR4+odMV/7cbIVtVxm1j2lNkIetA9/M1uoeMqdFzF8h8c8HpEBkIH/ZFpPR0UYh//Fhvervvq6QmpCkjL+kzpetddgZp+3y9Y2Dxpxob4YD+Z/Z+Q+DvQuIxsMbf4NzRzmtTnj8TTvv5C4wPO2QhMH/vqzxCdi9e16Qg6IyhS/k9eeg2yvqIMmhNCKJOK3BorNlOJ4KUCypP03KW8NLRURhpd//RgXjMWUnJYjpzMAb0APt1EaTMpr6p3WuOruRw7llHLDEMe9wjQMb45ehiSKg6xl0Zv+fjHsA9ln4NT+Q7PTE50pulmNPKb2fumBbR2pZCdjLh2Vlmj3HkRSlvfEC14sA7idTMhxGfv+Z/rVvkNrvLZHCGrkR+hR9eVU1GAeUiHoBVhA7bcAymzne94sJhwJ8b4WA==;5:3i4dQjb4Itog8ex9bnZpRRRO0JO+SaK7mlLb7JecKSJ/UfBU1e/lvPjOSq1XBdfZnpswdkt0/YE2Ny4W4PBj6fDHaxZShA82Eb62GPsB1wT/K6JbaJ6sultvcVGWGHLVaCfugf8C1Fj5+VkWw8RmTzZoFJCnAUYymSrJBkaKWEU=;7:2W8c7g0nDtppPCuEb4XjWhdBp0Ppa+gjeB45P+tlvVVuJohfpu20DTfuUSXKSPcNLIHnUdZmdmpaWvMroi4wCkrlCPVgPRAuWontFhncc0NQsWi4iefjOU/jwSKfuV/3CJ1GAZP/u0Olxf5O+itjDyXjAHDN8xHTxFsMA63M7VWfk2SPgANFqo5cXqjMnjMeNMVpE790EOZ5x48/G9y7sNDryTPxZI5xat5fLalwF0XqcxfzgNaMVYr+dBc7aFK0
  61. x-incomingheadercount: 43
  62. x-eopattributedmessage: 0
  63. x-microsoft-antispam: BCL:0;PCL:0;RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125500)(1701031045);SRVR:HK2APC01HT051;
  64. x-ms-traffictypediagnostic: HK2APC01HT051:
  65. x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(82015058);SRVR:HK2APC01HT051;BCL:0;PCL:0;RULEID:;SRVR:HK2APC01HT051;
  66. x-forefront-prvs: 0743E8D0A6
  67. x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(189003)(199004)(52314003)(26005)(551544002)(5640700003)(53906005)(86362001)(105586002)(102836004)(99286004)(106356001)(87572001)(6436002)(19627235002)(256004)(8676002)(56003)(7696005)(81156014)(2501003)(1730700003)(10156002)(14444005)(5250100002)(476003)(2900100001)(8936002)(14454004)(2351001)(5660300001)(97736004)(68736007)(55016002)(33656002)(6506007)(486006)(20460500001)(25786009)(9686003)(6916009)(82202002)(104016004)(74316002)(6346003)(305945005)(21314002)(42262002);DIR:OUT;SFP:1901;SCL:1;SRVR:HK2APC01HT051;H:HK2PR01MB0851.apcprd01.prod.exchangelabs.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;
  68. received-spf: None (protection.outlook.com: outlook.com does not designate
  69. permitted sender hosts)
  70. x-microsoft-antispam-message-info: iBNLaR1uRdte/5jBsGzPwLjUxxTiTtRnscILxb/8ZOJOkuDzCxnyk9EigNjo6WyuSKqSGhwpGpinzyC/nNIsdVQ5s1Mqburem6VcJQnGDY65P0R/CTRpGfh1aiGJUYKBl4F84jczcC7fqq0HcKgW4ynCGoXjW1r1nVMlWqTWmTOLe8f/EEITZn/ZQy0cJAVeAdDh39dtUtZAQtjp8BaLozE0XFq1Cx+5yrVgSbNykk0=
  71. MIME-Version: 1.0
  72. X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b
  73. X-MS-Exchange-CrossTenant-Network-Message-Id: 847450a1-f281-4214-b1a9-08d5f11596e2
  74. X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 9bd8b953-1c55-4da7-b616-8bcad099ae8b
  75. X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2018 03:28:57.0370
  76. (UTC)
  77. X-MS-Exchange-CrossTenant-fromentityheader: Internet
  78. X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
  79. X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT051
  80. X-MS-Exchange-Organization-Network-Message-Id: 495811c3-d7c5-4c6d-f248-08d5f115996c
  81. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1439700;0;This mail has
  82. been scanned by Trend Micro ScanMail for Microsoft Exchange;
  83. X-MS-Exchange-Organization-SCL: 5
  84. X-MS-Exchange-Organization-AuthSource: MBX11C-ORD1.mex08.mlsrvr.com
  85. X-MS-Exchange-Organization-AuthAs: Anonymous
  86. Content-type: text/plain;
  87. charset="UTF-8"
  88. Content-transfer-encoding: 7bit
  89.  
  90. I know REMOVED one of your password. Lets get straight to the point. No-one has compensated me to check you. You don't know me and you are most likely thinking why you are getting this email?
  91.  
  92. actually, I placed a malware on the xxx streaming (pornographic material) website and do you know what, you visited this website to have fun (you know what I mean). While you were viewing video clips, your internet browser initiated functioning as a Remote control Desktop that has a keylogger which provided me with access to your display screen and cam. Immediately after that, my software program obtained all of your contacts from your Messenger, social networks, and emailaccount. After that I made a video. First part shows the video you were viewing (you have a good taste hahah), and second part shows the recording of your web camera, & it is you.
  93.  
  94. You will have a pair of possibilities. We should read these types of solutions in aspects:
  95.  
  96. 1st option is to neglect this e mail. As a result, I most certainly will send out your very own videotape to every single one of your personal contacts and thus you can easily imagine regarding the shame you feel. Keep in mind if you are in a romance, just how it would affect?
  97.  
  98. Number two alternative should be to compensate me $7000. We are going to regard it as a donation. As a consequence, I will instantly eliminate your video. You could keep your life like this never took place and you never will hear back again from me.
  99.  
  100. You'll make the payment via Bitcoin (if you do not know this, search for "how to buy bitcoin" in Google).
  101.  
  102. BTC Address to send to: 1BVzNZMAHyhcZ72o8NCsypE8RZHweFRuy9
  103. [CASE-SENSITIVE copy and paste it]
  104.  
  105. Should you are looking at going to the authorities, anyway, this email message can not be traced back to me. I have covered my moves. I am also not attempting to ask you for very much, I simply want to be rewarded. You now have one day in order to pay. I've a unique pixel in this mail, and right now I know that you have read through this e mail. If I don't get the BitCoins, I will definately send your video recording to all of your contacts including friends and family, co-workers, etc. Having said that, if I receive the payment, I will erase the video immediately. If you want proof, reply with Yea and I will send your video to your 7 contacts. It is a nonnegotiable offer that being said please do not waste my personal time & yours by responding to this e-mail.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!