OwlCyberSecurity - MANAGER

Edit File: 1717699970.M758241P3425765.premium128.web-hosting.com,S=8586,W=8757

Return-Path: <dbarbash@pbl.com> Delivered-To: faouzi.berroua+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id MJA4KoIFYmblRTQAAvhI2g (envelope-from <dbarbash@pbl.com>) for <faouzi.berroua+spam@gourayafroid.com>; Thu, 06 Jun 2024 14:52:50 -0400 Return-path: <dbarbash@pbl.com> Envelope-to: faouzi.berroua@gourayafroid.com Delivery-date: Thu, 06 Jun 2024 14:52:50 -0400 Received: from r186-53-48-102.dialup.adsl.anteldata.net.uy ([186.53.48.102]:27526) by premium128.web-hosting.com with esmtp (Exim 4.96.2) (envelope-from <dbarbash@pbl.com>) id 1sFIE7-00EYhs-1p for faouzi.berroua@gourayafroid.com; Thu, 06 Jun 2024 14:52:50 -0400 MIME-Version: 1.0 Date: 6 Jun 2024 11:14:01 -0400 From: "waring some" <dbarbash@pbl.com> To: <faouzi.berroua@gourayafroid.com> Message-ID: <20240606.115201.8PM346@mail.pbl.com> Content-type: multipart/alternative; boundary="-_Part_0606_lcoffv67_sljk_2B9F" X-Spam-Status: Yes, score=29.2 X-Spam-Score: 292 X-Spam-Bar: +++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes visit. Some spicy videos contain malicious code that activates after [...] Content analysis details: (29.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or Generic rPTR 0.2 KAM_BLANKSUBJECT Message has a blank Subject 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [186.53.48.102 listed in zen.spamhaus.org] 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [186.53.48.102 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [186.53.48.102 listed in sa-accredit.habeas.com] 1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date 0.0 HTML_MESSAGE BODY: HTML included in message 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods -0.0 T_SCC_BODY_TEXT_LINE No description available. 1.0 BITCOIN_SPAM_09 BitCoin spam pattern 09 2.6 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 8.5 KAM_CRIM Extortion Email 2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) 0.5 PDS_BTC_ID FP reduced Bitcoin ID 3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) X-Spam-Flag: YES Subject: ***SPAM*** This is a multi-part message in MIME format. ---_Part_0606_lcoffv67_sljk_2B9F Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: quoted-printable Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes = visit. Some spicy videos contain malicious code that activates after being = turned on. Your entire information has already been copied to my = servers. I possess complete control over your device which you use to access the = Internet. I can see your screen, I can use a microphone and a camera in a way that = you never notice anything. I've already made a screen recording. A video was edited with a pornographic movie that you were watching at = that time and masturbating.=20 Your face is perfectly visible and I don&rsquo;t think that this kind of = content will have a positive impact on your reputation. I have an overall access to your list of contacts and the social media = profiles. I can send this video from your E-mail or the messengers. If you don't want to let this happen, then you only need to take one = simple step. Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qmuuyuku5y8azeytetqat8m37fc7zhm0h7g3g5t (In a Bitcoin equivalent at the exchange rate for the time of transfer) You can find the detailed instructions in Google. After the payment I will remove the video and the virus from your device = and no one will bother you anymore. If I won&rsquo;t receive the payment in due time, all of your data and = the videos will become publicly available. I give you 2 business days. I shall receive a notification that you have read the letter. The timer starts immediately. Any complain somewhere, including the police, is useless. My wallet and = an E-mail cannot be tracked. If I find out that you have shared this message with someone else, the = video will become publicly available at once.=20 I will destroy your reputation forever and all your data will go public. Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers. Don't forget that reputation is very important and be prudent! ---_Part_0606_lcoffv67_sljk_2B9F Content-type: text/html; charset="iso-8859-1" Content-transfer-encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta Http-Equiv=3Dcontent-type content=3D"text/html; = charset=3Diso-8859-1"> </head> <body> <p>Good day.<br />Your system has been hacked with a Trojan virus.<br = />It has penetrated your device through adult portals which you = sometimes visit.<br />Some spicy videos contain malicious code that = activates after being turned on. Your entire information has already = been copied to my servers.</p> <p><br />I possess complete control over your device which you use to = access the Internet.<br />I can see your screen, I can use a microphone = and a camera in a way that you never notice anything.</p> <p>I've already made a screen recording.<br />A video was edited with a = pornographic movie that you were watching at that time and masturbating. = <br />Your face is perfectly visible and I don&rsquo;t think that this = kind of content will have a positive impact on your reputation.</p> <p>I have an overall access to your list of contacts and the social = media profiles. I can send this video from your E-mail or the = messengers.</p> <p>If you don't want to let this happen, then you only need to take one = simple step.<br />Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qmuuyuku5y8azeytetqat8m37fc7zhm0h7g3g5t</p> <p>(In a Bitcoin equivalent at the exchange rate for the time of = transfer)<br />You can find the detailed instructions in Google.</p> <p>After the payment I will remove the video and the virus from your = device and no one will bother you anymore.<br />If I won&rsquo;t receive = the payment in due time, all of your data and the videos will become = publicly available.</p> <p>I give you 2 business days.</p> <p>I shall receive a notification that you have read the letter.<br = />The timer starts immediately.<br />Any complain somewhere, including = the police, is useless. My wallet and an E-mail cannot be tracked.</p> <p>If I find out that you have shared this message with someone else, = the video will become publicly available at once. <br />I will destroy = your reputation forever and all your data will go public.</p> <p>Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers.</p> <p>Don't forget that reputation is very important and be prudent!</p> </body></html> ---_Part_0606_lcoffv67_sljk_2B9F--