OwlCyberSecurity - MANAGER

Edit File: 1717539418.M652848P1782591.premium128.web-hosting.com,S=8526,W=8694:2,

Return-Path: <sales@city-of-manchester.com> Delivered-To: faouzi.berroua+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id UI/7JFqSX2Y/MxsAAvhI2g (envelope-from <sales@city-of-manchester.com>) for <faouzi.berroua+spam@gourayafroid.com>; Tue, 04 Jun 2024 18:16:58 -0400 Return-path: <sales@city-of-manchester.com> Envelope-to: faouzi.berroua@gourayafroid.com Delivery-date: Tue, 04 Jun 2024 18:16:58 -0400 Received: from [186.121.13.2] (port=29560 helo=adsl-pool14-2.metrotel.net.co) by premium128.web-hosting.com with esmtp (Exim 4.96.2) (envelope-from <sales@city-of-manchester.com>) id 1sEcSa-007f9r-0B for faouzi.berroua@gourayafroid.com; Tue, 04 Jun 2024 18:16:58 -0400 Message-ID: <0FBFBAE8D50AED873732605D82650FBF@K30R011J7> From: "trev bichnga" <sales@city-of-manchester.com> To: <faouzi.berroua@gourayafroid.com> Date: 4 Jun 2024 10:55:06 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0025_01DAB6A2.06745CDD" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109 X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109 X-Spam-Status: Yes, score=24.3 X-Spam-Score: 243 X-Spam-Bar: ++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes visit. Some spicy videos contain malicious code that activates after [...] Content analysis details: (24.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 KAM_BLANKSUBJECT Message has a blank Subject 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or Generic rPTR 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [186.121.13.2 listed in zen.spamhaus.org] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [186.121.13.2 listed in sa-accredit.habeas.com] 1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BITCOIN_VISTA Bitcoin + old MSFT msgid format 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 1.0 BITCOIN_SPAM_09 BitCoin spam pattern 09 8.5 KAM_CRIM Extortion Email 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 BITCOIN_XPRIO Bitcoin + priority 0.8 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 0.6 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2 0.5 PDS_BTC_ID FP reduced Bitcoin ID 0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX X-Spam-Flag: YES Subject: ***SPAM*** This is a multi-part message in MIME format. ------=_NextPart_000_0025_01DAB6A2.06745CDD Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes = visit. Some spicy videos contain malicious code that activates after being = turned on. Your entire information has already been copied to my = servers. I possess complete control over your device which you use to access the = Internet. I can see your screen, I can use a microphone and a camera in a way that = you never notice anything. I've already made a screen recording. A video was edited with a pornographic movie that you were watching at = that time and masturbating.=20 Your face is perfectly visible and I don&rsquo;t think that this kind of = content will have a positive impact on your reputation. I have an overall access to your list of contacts and the social media = profiles. I can send this video from your E-mail or the messengers. If you don't want to let this happen, then you only need to take one = simple step. Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qdayrfykzrjv8w3ynjf49ugf8063kl5sk03g9w5 (In a Bitcoin equivalent at the exchange rate for the time of transfer) You can find the detailed instructions in Google. After the payment I will remove the video and the virus from your device = and no one will bother you anymore. If I won&rsquo;t receive the payment in due time, all of your data and = the videos will become publicly available. I give you 2 business days. I shall receive a notification that you have read the letter. The timer starts immediately. Any complain somewhere, including the police, is useless. My wallet and = an E-mail cannot be tracked. If I find out that you have shared this message with someone else, the = video will become publicly available at once.=20 I will destroy your reputation forever and all your data will go public. Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers. Don't forget that reputation is very important and be prudent! ------=_NextPart_000_0025_01DAB6A2.06745CDD Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD> <BODY dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-FAMILY: 'Calibri'; COLOR: #000000; FONT-SIZE: 12pt"> <DIV><p>Good day.<br />Your system has been hacked with a Trojan = virus.<br />It has penetrated your device through adult portals which = you sometimes visit.<br />Some spicy videos contain malicious code that = activates after being turned on. Your entire information has already = been copied to my servers.</p> <p><br />I possess complete control over your device which you use to = access the Internet.<br />I can see your screen, I can use a microphone = and a camera in a way that you never notice anything.</p> <p>I've already made a screen recording.<br />A video was edited with a = pornographic movie that you were watching at that time and masturbating. = <br />Your face is perfectly visible and I don&rsquo;t think that this = kind of content will have a positive impact on your reputation.</p> <p>I have an overall access to your list of contacts and the social = media profiles. I can send this video from your E-mail or the = messengers.</p> <p>If you don't want to let this happen, then you only need to take one = simple step.<br />Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qdayrfykzrjv8w3ynjf49ugf8063kl5sk03g9w5</p> <p>(In a Bitcoin equivalent at the exchange rate for the time of = transfer)<br />You can find the detailed instructions in Google.</p> <p>After the payment I will remove the video and the virus from your = device and no one will bother you anymore.<br />If I won&rsquo;t receive = the payment in due time, all of your data and the videos will become = publicly available.</p> <p>I give you 2 business days.</p> <p>I shall receive a notification that you have read the letter.<br = />The timer starts immediately.<br />Any complain somewhere, including = the police, is useless. My wallet and an E-mail cannot be tracked.</p> <p>If I find out that you have shared this message with someone else, = the video will become publicly available at once. <br />I will destroy = your reputation forever and all your data will go public.</p> <p>Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers.</p> <p>Don't forget that reputation is very important and be = prudent!</p></DIV></DIV></DIV></BODY></HTML> ------=_NextPart_000_0025_01DAB6A2.06745CDD--