20181123_PHISHING_SCAM_1

1. Received: from MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) by
2. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
3. id 15.0.1367.3 via Mailbox Transport; Wed, 21 Nov 2018 02:35:19 -0600
4. Received: from MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) by
5. MBX05C-ORD1.mex08.mlsrvr.com (172.29.9.23) with Microsoft SMTP Server (TLS)
6. id 15.0.1367.3; Wed, 21 Nov 2018 02:35:18 -0600
7. Received: from gate.forward.smtp.iad3b.emailsrvr.com (146.20.86.8) by
8. MBX02C-ORD1.mex08.mlsrvr.com (172.29.9.14) with Microsoft SMTP Server (TLS)
9. id 15.0.1367.3 via Frontend Transport; Wed, 21 Nov 2018 02:35:19 -0600
10. Return-Path: <[email protected]>
11. X-Spam-Threshold: 95
12. X-Spam-Score: 100
13. Precedence: junk
14. X-Spam-Flag: YES
15. X-Virus-Scanned: OK
16. X-Orig-To: REMOVED
17. X-Originating-Ip: [185.24.233.189]
18. Authentication-Results: smtp28.gate.iad3b.rsapps.net; iprev=pass policy.iprev="185.24.233.189"; spf=pass smtp.mailfrom="[email protected]" smtp.helo="z5.3xp0.pro"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=REMOVED
19. X-Suspicious-Flag: NO
20. X-Classification-ID: 601fa554-ed68-11e8-92f0-525400c8cd63-1-1
21. Received: from [185.24.233.189] ([185.24.233.189:37772] helo=z5.3xp0.pro)
22. by smtp28.gate.iad3b.rsapps.net (envelope-from <[email protected]>)
23. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
24. id 57/C5-28640-6C815FB5; Wed, 21 Nov 2018 03:35:18 -0500
25. Received: by z5.3xp0.pro (Postfix, from userid 10000)
26. id 7BF0F13580; Wed, 21 Nov 2018 03:10:07 -0500 (EST)
27. To: REMOVED
28. Subject: REMOVED was hacked.
29. X-PHP-Originating-Script: 10000:c.php
30. MIME-Version: 1.0
31. From: REMOVED
32. Message-ID: <[email protected]>
33. Date: Wed, 21 Nov 2018 03:10:07 -0500
34. X-MS-Exchange-Organization-Network-Message-Id: b6f979e1-9503-444d-f19d-08d64f8c44e9
35. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXzs^g;1463900;0;This mail has
36. been scanned by Trend Micro ScanMail for Microsoft Exchange;
37. X-MS-Exchange-Organization-SCL: 5
38. X-MS-Exchange-Organization-AuthSource: MBX02C-ORD1.mex08.mlsrvr.com
39. X-MS-Exchange-Organization-AuthAs: Anonymous
40. Content-type: multipart/alternative;
41. boundary="B_3625838955_1375895711"
42.  
43. > This message is in MIME format. Since your mail reader does not understand
44. this format, some or all of this message may not be legible.
45.  
46. --B_3625838955_1375895711
47. Content-type: text/plain;
48. charset="UTF-8"
49. Content-transfer-encoding: 7bit
50.  
51. Hello!
52.  
53. My nickname in darknet is a1*3xp0.
54. I hacked this mailbox more than six months ago,
55. through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.
56.  
57. If you don't belive me please check 'from address' in your header, you will see that I sent you an email from your mailbox. (REMOVED)
58.  
59. Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
60. and automatically saved access for me.
61.  
62. I have access to all your accounts, social networks, email, browsing history.
63. Accordingly, I have the data of all your contacts, files from your computer, photos and videos.
64.  
65. I was most struck by the intimate content sites that you occasionally visit.
66. You have a very wild imagination, I tell you!
67.  
68. During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
69. Oh my god! You are so funny and excited!
70.  
71. I think that you do not want all your contacts to get these files, right?
72. If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created.
73.  
74. Send the above amount on my BTC wallet (bitcoin): 3Ch7RPfwkJ3wHhiBfA4CNc8SagGdjbZwVs
75. As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.
76.  
77. Otherwise, these files and history of visiting sites will get all your contacts from your device.
78. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!
79.  
80. Since reading this letter you have 24 hours!
81. After your reading this message, I'll receive an automatic notification that you have seen the letter.
82.  
83. I hope I taught you a good lesson.
84. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
85. Good luck!
86.  
87. --B_3625838955_1375895711
88. Content-type: text/html;
89. charset="UTF-8"
90. Content-transfer-encoding: quoted-printable
91.  
92. <html>
93. <head>
94. <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
95. </head>
96. <body>
97. Hello!<br>
98. <br>
99. My nickname in darknet is a1*3xp0.<br>
100. I hacked this mailbox more than six months ago, <br>
101. through it I infected your operating system with a virus (trojan) created b=
102. y me and have been monitoring you for a long time.<br>
103. <br>
104. If you don't belive me please check 'from address' in your header, you will=
105. see that I sent you an email from your mailbox. (REMOVED)<br>
106. <br>
107. Even if you changed the password after that - it does not matter, my virus =
108. intercepted all the caching data on your computer<br>
109. and automatically saved access for me.<br>
110. <br>
111. I have access to all your accounts, social networks, email, browsing histor=
112. y.<br>
113. Accordingly, I have the data of all your contacts, files from your computer=
114. , photos and videos.<br>
115. <br>
116. I was most struck by the intimate content sites that you occasionally visit=
117. .<br>
118. You have a very wild imagination, I tell you!<br>
119. <br>
120. During your pastime and entertainment there, I took screenshot through the =
121. camera of your device, synchronizing with what you are watching.<br>
122. Oh my god! You are so funny and excited!<br>
123. <br>
124. I think that you do not want all your contacts to get these files, right?<b=
125. r>
126. If you are of the same opinion, then I think that $500 is quite a fair pric=
127. e to destroy the dirt I created.<br>
128. <br>
129. Send the above amount on my BTC wallet (bitcoin): 3Ch7RPfwkJ3wHhiBfA4CNc8Sa=
130. gGdjbZwVs<br>
131. As soon as the above amount is received, I guarantee that the data will be =
132. deleted, I do not need it.<br>
133. <br>
134. Otherwise, these files and history of visiting sites will get all your cont=
135. acts from your device.<br>
136. Also, I'll send to everyone your contact access to your email and access lo=
137. gs, I have carefully saved it!<br>
138. <br>
139. Since reading this letter you have 24 hours!<br>
140. After your reading this message, I'll receive an automatic notification tha=
141. t you have seen the letter.<br>
142. <br>
143. I hope I taught you a good lesson.<br>
144. Do not be so nonchalant, please visit only to proven resources, and don't e=
145. nter your passwords anywhere!<br>
146. Good luck!
147. </body>
148. </html>
149.  
150.  
151. --B_3625838955_1375895711--