API tools faq
paste
Advertisement
Guest User

2018-11-29 - malspam pushing Gootkit

a guest
Nov 29th, 2018
581
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.74 KB | None | 0 0
raw download clone embed print report
  1. Return-Path: <Marcus@worldofmenandwomen.net>
  2. X-Originating-Ip: [193.124.47.23]
  3. Authentication-Results: [removed]; iprev=pass policy.iprev="193.124.47.23"; spf=pass smtp.mailfrom="Marcus@worldofmenandwomen.net" smtp.helo="worldofmenandwomen.net"; dkim=pass header.d=worldofmenandwomen.net; dmarc=pass (p=none; dis=none) header.from=worldofmenandwomen.net
  4. Received: from [193.124.47.23] ([193.124.47.23:59767] helo=worldofmenandwomen.net)
  5. by [removed] (envelope-from <Marcus@worldofmenandwomen.net>)
  6. [removed]; Thu, 29 Nov 2018 13:31:18 -0500
  7. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=worldofmenandwomen.net;
  8. h=Message-ID:From:To:Subject:Date:MIME-Version:Content-Type; i=Marcus@worldofmenandwomen.net;
  9. bh=lnqNrp2U4KM1EgljQiTVWzCRHN9bi64tBF4ZLJMYuAI=;
  10. b=YEqEDr0XZTCkm6rOdsNN8/DSwgYG7sKI37CFNn61TTmcsQ7B/TmEQHtLb1RR6vfQF8RuqmyvZO0e
  11. iKQMwpx8vsJy7mWvE7Qr5wlU1sq+OCVSrUrXtUOfpevs3kC6DIvBl21JLWTg6QXzvx+lJMLLYmPU
  12. 98BDPc9QcbicIblv4SI=
  13. Message-ID: <20aae34136ebc1c87471c76bbd59735ca5e864@worldofmenandwomen.net>
  14. From: "Keewaytinook Mobile e-Fax" <Marcus@worldofmenandwomen.net>
  15. To: [removed]
  16. Subject: New eFAX message
  17. Date: Thu, 29 Nov 2018 10:31:02 -0800
  18. MIME-Version: 1.0
  19. Content-Type: multipart/alternative; boundary="220c45e7904d676ed2d761cd1bffd5fa700f83"
  20.  
  21. --220c45e7904d676ed2d761cd1bffd5fa700f83
  22. Content-Type: text/plain; charset="utf-8"
  23. Content-Transfer-Encoding: quoted-printable
  24.  
  25. Y=D0=BEu hav=D0=B5 =D0=B0 n=D0=B5w =D0=B5FAX m=D0=B5ss=D0=B0g=D0=B5.Shade=
  26. Limited l=D0=B5ft y=D0=BEu =D0=B0 mess=D0=B0ge at 08:28 on 2018/11/28.
  27.  
  28. =D0=A0l=D0=B5=D0=B0s=D0=B5 downl=D0=BEad y=D0=BEur eF=D0=90X m=D0=B5ssag=D0=
  29. =B5 the link: eFAX message
  30. -------------------------------------------------------------------------=
  31. -----
  32.  
  33. All =D0=BEf th=D0=B5 files hav=D0=B5 be=D0=B5n che=D1=81k=D0=B5d. N=D0=BE=
  34. viruses wer=D0=B5 f=D0=BEund.=20
  35.  
  36. 1 file
  37.  
  38. --220c45e7904d676ed2d761cd1bffd5fa700f83
  39. Content-Type: text/html; charset="utf-8"
  40. Content-Transfer-Encoding: quoted-printable
  41.  
  42. <HTML><HEAD>
  43. <META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
  44. </HEAD>
  45. <BODY>
  46. <DIV data-marker=3D"__QUOTED_TEXT__">Y=D0=BEu hav=D0=B5 =D0=B0 n=D0=B5w=20
  47. =D0=B5FAX m=D0=B5ss=D0=B0g=D0=B5.Shade Limited l=D0=B5ft=20
  48. y=D0=BEu =D0=B0 mess=D0=B0ge at=20
  49. 08:28 on 2018/11/28.=20
  50.  
  51. <DIV class=3Djs-compose><SPAN></SPAN></DIV>
  52. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  53. AN></DIV>
  54. <DIV class=3Djs-compose><SPAN></SPAN></DIV>
  55. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  56. AN><SPAN></SPAN></DIV><BR><BR>=D0=A0l=D0=B5=D0=B0s=D0=B5=20
  57. downl=D0=BEad y=D0=BEur eF=D0=90X m=D0=B5ssag=D0=B5=20
  58. the link:<A href=3D"hxxp://paleorant[.]com/fshyybif" rel=3Dnoopener target=3D=
  59. _blank>=20
  60. eFAX=20
  61. message</A><BR>----------------------------------------------------------=
  62. --------------------<BR>
  63. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  64. AN></DIV></DIV>
  65. <DIV></DIV>
  66. <DIV></DIV>
  67. <DIV></DIV>
  68. <DIV></DIV>
  69. <DIV class=3Dattachment__antivirus__files-status><I=20
  70. class=3D"icon icon_info-state icon_tip-ok icon_files-status"></I><SPAN=20
  71. class=3Dattachment__antivirus__files-status__text>All =D0=BEf=20
  72. th=D0=B5 files hav=D0=B5 be=D0=B5n=20
  73. che=D1=81k=D0=B5d. N=D0=BE viruses=20
  74. wer=D0=B5 f=D0=BEund.</SPAN> </DIV>
  75. <DIV class=3Dattachlist__header><SPAN class=3Dattachlist__header__wrap><S=
  76. PAN=20
  77. class=3D"js-switcher attachlist__header__mode attachlist__header__mode_sh=
  78. ort"><SPAN=20
  79. class=3D"attachlist__header__mode__button attachlist__header__mode__butto=
  80. n_full"=20
  81. data-name=3D"full"></SPAN><SPAN=20
  82. class=3D"attachlist__header__mode__button attachlist__header__mode__butto=
  83. n_short"=20
  84. data-name=3D"short"></SPAN></SPAN></SPAN><SPAN class=3Dattachlist__header=
  85. __count>1=20
  86. file</SPAN></DIV>
  87. <DIV class=3Db-letter__fastcompose data-mnemo=3D"compose">
  88. <DIV class=3Djs-compose>&nbsp;</DIV>
  89. <DIV class=3Djs-compose>&nbsp;</DIV>
  90. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  91. AN>=20
  92. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN>=20
  93. <DIV class=3Djs-compose><SPAN></SPAN>=20
  94. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN>=20
  95. <DIV class=3Djs-compose><SPAN></SPAN></DIV>
  96. <DIV class=3Djs-compose>
  97. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN></DIV>
  98. <DIV class=3Djs-compose>
  99. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  100. AN><SPAN></SPAN></DIV>
  101. <DIV class=3Djs-compose>
  102. <DIV class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SP=
  103. AN></DIV>
  104. <DIV class=3Djs-compose>
  105. <DIV=20
  106. class=3Djs-compose><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN><SPAN></SPAN></=
  107. DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></BODY></HTML>
  108.  
  109. --220c45e7904d676ed2d761cd1bffd5fa700f83--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!