OwlCyberSecurity - MANAGER

Edit File: 1717535379.M270213P1407275.premium128.web-hosting.com,S=9727,W=9932:2,

Return-Path: <cindee@cindeehenderson.com> Delivered-To: contact+spam@gourayafroid.com Received: from premium128.web-hosting.com by premium128.web-hosting.com with LMTP id MHrYCZOCX2YreRUAAvhI2g (envelope-from <cindee@cindeehenderson.com>) for <contact+spam@gourayafroid.com>; Tue, 04 Jun 2024 17:09:39 -0400 Return-path: <cindee@cindeehenderson.com> Envelope-to: contact@gourayafroid.com Delivery-date: Tue, 04 Jun 2024 17:09:39 -0400 Received: from [196.188.243.98] (port=41742) by premium128.web-hosting.com with esmtp (Exim 4.96.2) (envelope-from <cindee@cindeehenderson.com>) id 1sEbPN-006f2M-2s for contact@gourayafroid.com; Tue, 04 Jun 2024 17:09:38 -0400 From: "romain tod" <cindee@cindeehenderson.com> To: <contact@gourayafroid.com> Date: 5 Jun 2024 01:58:46 +0200 Message-ID: <003801dab6dc$0431d7fb$f98e1193$@cindeehenderson.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0035_01DAB6DC.042C59D7" X-Mailer: Microsoft Outlook 14.0 Thread-Index: Acffhtjmbenv5v8yffhtjmbenv5v8y== Content-Language: en X-Spam-Status: Yes, score=27.4 X-Spam-Score: 274 X-Spam-Bar: +++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "premium128.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes visit. Some spicy videos contain malicious code that activates after [...] Content analysis details: (27.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [196.188.243.98 listed in zen.spamhaus.org] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL, https://senderscore.org/blocklistlookup/ [196.188.243.98 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [196.188.243.98 listed in sa-accredit.habeas.com] 0.0 HTML_MESSAGE BODY: HTML included in message 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 1.0 BITCOIN_SPAM_09 BitCoin spam pattern 09 2.4 RATWARE_NO_RDNS Suspicious MsgID and MIME boundary + no rDNS 8.5 KAM_CRIM Extortion Email 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment -0.0 T_SCC_BODY_TEXT_LINE No description available. 1.0 PDS_BAD_THREAD_QP_64 Bad thread header - short QP 0.5 PDS_BTC_ID FP reduced Bitcoin ID 1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers X-Spam-Flag: YES Subject: ***SPAM*** no subject This is a multi-part message in MIME format. ------=_NextPart_000_0035_01DAB6DC.042C59D7 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Good day. Your system has been hacked with a Trojan virus. It has penetrated your device through adult portals which you sometimes = visit. Some spicy videos contain malicious code that activates after being = turned on. Your entire information has already been copied to my = servers. I possess complete control over your device which you use to access the = Internet. I can see your screen, I can use a microphone and a camera in a way that = you never notice anything. I've already made a screen recording. A video was edited with a pornographic movie that you were watching at = that time and masturbating.=20 Your face is perfectly visible and I don&rsquo;t think that this kind of = content will have a positive impact on your reputation. I have an overall access to your list of contacts and the social media = profiles. I can send this video from your E-mail or the messengers. If you don't want to let this happen, then you only need to take one = simple step. Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qdayrfykzrjv8w3ynjf49ugf8063kl5sk03g9w5 (In a Bitcoin equivalent at the exchange rate for the time of transfer) You can find the detailed instructions in Google. After the payment I will remove the video and the virus from your device = and no one will bother you anymore. If I won&rsquo;t receive the payment in due time, all of your data and = the videos will become publicly available. I give you 2 business days. I shall receive a notification that you have read the letter. The timer starts immediately. Any complain somewhere, including the police, is useless. My wallet and = an E-mail cannot be tracked. If I find out that you have shared this message with someone else, the = video will become publicly available at once.=20 I will destroy your reputation forever and all your data will go public. Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers. Don't forget that reputation is very important and be prudent! ------=_NextPart_000_0035_01DAB6DC.042C59D7 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"><meta name=3DGenerator content=3D"Microsoft Word 14 = (filtered medium)"><style><!-- /* Font Definitions */ @font-face =09{font-family:Calibri; =09panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal =09{margin:0in; =09margin-bottom:.0001pt; =09font-size:11.0pt; =09font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink =09{mso-style-priority:99; =09color:blue; =09text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed =09{mso-style-priority:99; =09color:purple; =09text-decoration:underline;} span.EmailStyle17 =09{mso-style-type:personal-compose; =09font-family:"Calibri","sans-serif"; =09color:windowtext;} .MsoChpDefault =09{mso-style-type:export-only; =09font-family:"Calibri","sans-serif";} @page WordSection1 =09{size:8.5in 11.0in; =09margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 =09{page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue = vlink=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><p>Good = day.<br />Your system has been hacked with a Trojan virus.<br />It has = penetrated your device through adult portals which you sometimes = visit.<br />Some spicy videos contain malicious code that activates = after being turned on. Your entire information has already been copied = to my servers.</p> <p><br />I possess complete control over your device which you use to = access the Internet.<br />I can see your screen, I can use a microphone = and a camera in a way that you never notice anything.</p> <p>I've already made a screen recording.<br />A video was edited with a = pornographic movie that you were watching at that time and masturbating. = <br />Your face is perfectly visible and I don&rsquo;t think that this = kind of content will have a positive impact on your reputation.</p> <p>I have an overall access to your list of contacts and the social = media profiles. I can send this video from your E-mail or the = messengers.</p> <p>If you don't want to let this happen, then you only need to take one = simple step.<br />Just transfer 1200 USD (US dollars) to Bitcoin wallet: = bc1qdayrfykzrjv8w3ynjf49ugf8063kl5sk03g9w5</p> <p>(In a Bitcoin equivalent at the exchange rate for the time of = transfer)<br />You can find the detailed instructions in Google.</p> <p>After the payment I will remove the video and the virus from your = device and no one will bother you anymore.<br />If I won&rsquo;t receive = the payment in due time, all of your data and the videos will become = publicly available.</p> <p>I give you 2 business days.</p> <p>I shall receive a notification that you have read the letter.<br = />The timer starts immediately.<br />Any complain somewhere, including = the police, is useless. My wallet and an E-mail cannot be tracked.</p> <p>If I find out that you have shared this message with someone else, = the video will become publicly available at once. <br />I will destroy = your reputation forever and all your data will go public.</p> <p>Everyone will learn about your passion for the porn sites and more. = Changing the passwords will be useless either as all the data is already = on my servers.</p> <p>Don't forget that reputation is very important and be = prudent!</p><o:p></o:p></p></div></body></html> ------=_NextPart_000_0035_01DAB6DC.042C59D7--