More bitcoin porn blackmail phishing
Posted by Dave Yadallee on
Return-path:
Envelope-to: sales@nk.ca
Delivery-date: Thu, 21 Nov 2019 01:12:31 -0700
Received: from [88.200.188.43] (port=11483)
by doctor.nl2k.ab.ca with esmtp (Exim 4.92.3 (FreeBSD))
(envelope-from)
id 1iXhZh-000PhL-9h
for sales@nk.ca; Thu, 21 Nov 2019 01:12:31 -0700
Message-ID: <444B3552013A2C6669177023180A9354@YDX9W0AUV>
From:
To:
Subject: How is your wanking? I really advise you to read this email, just to make sure not a thing could occur
Date: 21 Nov 2019 14:56:40 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
X-Spam_score: 23.7
X-Spam_score_int: 237
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! I have very bad news for you. 21/07/2019 - on this
day I hacked your OS and got full access to your account sales@nk.ca So, you
can change the password, yes... But my malware intercepts it every time.
Content analysis details: (23.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Blocked - see]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[88.200.188.43 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[88.200.188.43 listed in will-spam-for-food.eu.org]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[88.200.188.43 listed in bb.barracudacentral.org]
2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
0.3 LONGWORD BODY: Uses overlong words
1.5 BITCOIN_SPAM_09 BitCoin spam pattern 09
2.5 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
3.5 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam
(FTSDMCXX/boundary variant) + no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
Subject: {SPAM?} How is your wanking? I really advise you to read this email, just to make sure not a thing could occur
X-Antivirus: AVG (VPS 191119-0, 11/19/2019), Inbound message
X-Antivirus-Status: Clean
Hello!
I have very bad news for you.
21/07/2019 - on this day I hacked your OS and got full access to your account sales@nk.ca
So, you can change the password, yes... But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $866 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1QKG5uTDq1GU8iNYqycitEL9dv9dctoQsV
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is impossible, sender's address was randomly generated)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Have a nice day!
Envelope-to: sales@nk.ca
Delivery-date: Thu, 21 Nov 2019 01:12:31 -0700
Received: from [88.200.188.43] (port=11483)
by doctor.nl2k.ab.ca with esmtp (Exim 4.92.3 (FreeBSD))
(envelope-from
id 1iXhZh-000PhL-9h
for sales@nk.ca; Thu, 21 Nov 2019 01:12:31 -0700
Message-ID: <444B3552013A2C6669177023180A9354@YDX9W0AUV>
From:
To:
Subject: How is your wanking? I really advise you to read this email, just to make sure not a thing could occur
Date: 21 Nov 2019 14:56:40 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
X-Spam_score: 23.7
X-Spam_score_int: 237
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! I have very bad news for you. 21/07/2019 - on this
day I hacked your OS and got full access to your account sales@nk.ca So, you
can change the password, yes... But my malware intercepts it every time.
Content analysis details: (23.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: nk.ca]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Blocked - see
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[88.200.188.43 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in
dnsbl.ahbl.org
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
1.0 RCVD_IN_WSFF RBL: Received via a relay in
will-spam-for-food.eu.org
[88.200.188.43 listed in will-spam-for-food.eu.org]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[88.200.188.43 listed in bb.barracudacentral.org]
2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
0.3 LONGWORD BODY: Uses overlong words
1.5 BITCOIN_SPAM_09 BitCoin spam pattern 09
2.5 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
3.5 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam
(FTSDMCXX/boundary variant) + no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
Subject: {SPAM?} How is your wanking? I really advise you to read this email, just to make sure not a thing could occur
X-Antivirus: AVG (VPS 191119-0, 11/19/2019), Inbound message
X-Antivirus-Status: Clean
Hello!
I have very bad news for you.
21/07/2019 - on this day I hacked your OS and got full access to your account sales@nk.ca
So, you can change the password, yes... But my malware intercepts it every time.
How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.
After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).
A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.
I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!
And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!
I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $866 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!
Pay ONLY in Bitcoins!
My BTC wallet: 1QKG5uTDq1GU8iNYqycitEL9dv9dctoQsV
You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy
For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.
After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".
I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is impossible, sender's address was randomly generated)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.
P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker
I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.
Do not hold evil! I just do my job.
Have a nice day!