Return-path: <>
Envelope-to: dave@nl2k.ab.ca
Delivery-date: Tue, 28 Jun 2022 12:56:00 -0600
Received: from static.222.185.21.65.clients.your-server.de ([65.21.185.222]:52600 helo=kataweb.it)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
id 1o6GMl-0009Tu-Oc
for dave@nl2k.ab.ca;
Tue, 28 Jun 2022 12:55:23 -0600
MIME-Version: 1.0
Message-Id:
From:=?UTF-8?B?T3BlbiBJbW1lZGlhdGVseSE=?=
Subject:=?UTF-8?B?Q29uZ3JhdHVsYXRpb25zISBDb21wbGV0ZSBUaGUgU2hvcnQgU3VydmV5Lg==?=
Reply-To: reply_HlhK6NK0BT6gvu1xI.bounce9@K4Gm8Eoi86K3EfTarNwtiqwI0inx1and1.de
To: dave@nl2k.ab.ca
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 Jun 2022 20:54:13 +0200
X-Spam_score: 6.8
X-Spam_score_int: 68
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: SURVEY ABOUT: THE HOME DEPOT THE HOME DEPOT Please tell us
about your: THE HOME DEPOT Experiences and as a thank you, you can select
from several exclusive offer rewards! Supply is extremely limited so act
fast today!
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[65.21.185.222 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
DNS
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FORGED_SPF_HELO No description available.
0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily
0.0 HDRS_MISSP Misspaced headers
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: page.link]
Subject: {SPAM?} =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zISBDb21wbGV0ZSBUaGUgU2hvcnQgU3VydmV5Lg==?=
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Jun 2022 07:55:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o6BfV-000Nyz-7J
for dave@doctor.nl2k.ab.ca;
Tue, 28 Jun 2022 07:54:17 -0600
Resent-From: The Doctor
Resent-Date: Tue, 28 Jun 2022 07:54:17 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wr1-f66.google.com ([209.85.221.66]:41831)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1o6BJx-000HCg-9l
for www@doctor.nl2k.ab.ca;
Tue, 28 Jun 2022 07:32:05 -0600
Received: by mail-wr1-f66.google.com with SMTP id q9so17722823wrd.8
for ; Tue, 28 Jun 2022 06:31:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=SBgtwvWkIYwrI4NNUchOadkQP815ewxm/3gr0Bmy3PM=;
b=kazCH5QR+bMBtSH5cPJYfsQt1N3wjCA4zVpcMs77Aggv9/EzWNu+fQG0jN6Q7b1q+Q
kx5L6YE0SCED2A9z9shUHHxkVK7S71eqGUvftYoIRiszmNvbIqa2Eaby+YUaIvd+LmuA
CWZmewJpODnJr4BDGE0E5gKAWN+1SV6+M1aV8Tptm2X64DDwTRut3aUTW8sA5KWghJGT
txHySfBSWSIdWeS00Ax+Pv7NowtwRq3qKaaBSZ8Pwwrh/rGYYFdR4rckbhQiADU0s92u
yktV3XkMxMPAnufZgXxRNaVtmp4ClDdkPFDRPIFjPz17SwThvnhrxnRVLej93DdJMbbC
z0gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to:content-transfer-encoding;
bh=SBgtwvWkIYwrI4NNUchOadkQP815ewxm/3gr0Bmy3PM=;
b=6lPSJwzEw9Vi5jponcjOjBKZ09pQYf/5U/DiQTOKGq5mB81rckZ63jwWmVaGlymlwr
3hg1BFRUVjguldEc/JGt6lEsGPv9PvbYkeps9FsA29vMvwEUUuiTPunakso7QBiq/CUW
uAuBWHQfubXNOBJO7VHe+/bTTP8d4dGJYoom6MmHK+2BFOiWugTa7sJpJJUVjffOl9pb
lvQxdW2zYYqlaUvanu4p8A+J/Rg0Km7k9BuTCic+CcN1AoKRqLKteyE2SBNk9Ee66gIa
46+ZiWNdPLk8KGvHfCj6H8KHNrzsrusLET2sHfqAeAIMDpK+kI/C1eQ+GVmU7Zk4Apic
pG+w==
X-Gm-Message-State: AJIora8jcxtvZbpxnDWrj5u6ueBPUcyx0stTOdZMDXmSftyMw1Q73Ob2
qZJBzr/RGkovNSw7bXSBjRkmP/xlui2iQQIKa5c=
X-Google-Smtp-Source: AGRyM1vyJFYu8PRjxoX0wOf43kSoDUw60FryKtZDwZdJVPEwAYJNt3E93DKxl1Hv463zt+1G/PGKFlpb+QfDZCCDF9E=
X-Received: by 2002:a5d:4302:0:b0:21b:a641:9a36 with SMTP id
h2-20020a5d4302000000b0021ba6419a36mr16852043wrq.87.1656423094670; Tue, 28
Jun 2022 06:31:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6000:1d9c:0:0:0:0 with HTTP; Tue, 28 Jun 2022 06:31:33
-0700 (PDT)
Reply-To: kristalinageorgieva17@yahoo.com
From: IMF OFFICE
Date: Tue, 28 Jun 2022 06:31:33 -0700
Message-ID:
Subject: Greetings
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: www@doctor.nl2k.ab.ca
X-Spam_score: 21.9
X-Spam_score_int: 219
X-Spam_bar: +++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Greeting from IMF office INTERNATIONAL MONETARY FUND (IMF)
OFFICE OF REGISTER 700 19th STREET, NW, SUITE HQ1_3_544 WASHINGTON, DC 20431,
USA Are you alive or dead? We received several emails from one Mr. David
Trent Mallory who narrated to us about the auto car accident you had 2 weeks
ago. Mr. David Trent Mallory made us to understand tha [...]
Content analysis details: (21.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.221.66 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[robertumar001[at]gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[kristalinageorgieva17[at]yahoo.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[robertumar001[at]gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
3.6 NA_DOLLARS BODY: Talks about a million North American dollars
1.1 HK_SCAM_N3 BODY: No description available.
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 HK_SCAM No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
0.0 MONEY_FORM Lots of money if you fill out a form
2.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.3 ADVANCE_FEE_3_NEW_FRM_MNY Advance Fee fraud form and lots of
money
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: reply.so]
Subject: {SPAM?} Greetings
--=20
Greeting from IMF office
INTERNATIONAL MONETARY FUND (IMF)
OFFICE OF REGISTER
700 19th STREET, NW, SUITE HQ1_3_544
WASHINGTON, DC 20431, USA
Are you alive or dead? We received several emails from one Mr. David
Trent Mallory
who narrated to us about the auto car accident you had 2 weeks ago.
Mr. David Trent Mallory
made us to understand that you are in hospital for treatment but there is n=
o
hope of your recovery. He stated that he is your business associates and
your next of kin who you have chosen and permitted to inherit all your
properties, he is contacting this office base on your contract
/Inheritance payment fund
valid $8.5 Million US Dollars,so we request your confirmation before
we can process this transfer to Mr. David Trent Mallory
Bank Account. This is to avoid releasing your money to wrong person because
Mr. David Trent Mallory is too eager and ready to follow every
instruction to have this
money into his account. If you did not have auto accident and you did not p=
ermit
Mr. David Trent Mallory to claim your money, kindly reply this message
with your full contact information so we can process the release of
the $8.5 Million US Dollars dollars to you, and please if anyone
emails with my name without this very code (006955). Please that email
is a scam and do not reply.so here is the information we need now to
start processing your release of your funds.
Full Name:=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=
=E2=80=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=
=E2=80=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=
=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6
Full Address:=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=
=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=
=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=
=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6
Direct Telephone Number:=E2=80=A6=E2=80=A6. =E2=80=A6=E2=80=A6=E2=80=A6=E2=
=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6 =E2=80=A6=E2=
=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6=E2=80=A6
IDENTITY CARD OR PASSPORT COPY...........
Please, reconfirm your direct cell phone number to enable voice communicati=
on
Here to contact my office with the information.
Mrs. Georgieva Kristalina
Managing Director
Contact Email:
kristalinageorgieva17@yahoo.com
Text number:+1 (315) 238-4879
WhatsApp: number +1 (972) 848-7050
Waiting to here from you.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Jun 2022 07:05:18 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o6AtL-0006pz-UA
for dave@doctor.nl2k.ab.ca;
Tue, 28 Jun 2022 07:04:31 -0600
Resent-From: The Doctor
Resent-Date: Tue, 28 Jun 2022 07:04:31 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 128-201-148-224.user.sulinternet.com.br ([128.201.148.224]:61215)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o69E8-000ESa-Dd
for sales@nk.ca;
Tue, 28 Jun 2022 05:17:58 -0600
Message-ID:
From:
To:
Subject: There is an overdue payment under your name. Please, settle your debts ASAP.
Date: 28 Jun 2022 03:42:31 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
X-Spam_score: 19.8
X-Spam_score_int: 198
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi! Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you
for internet browsing. Shortly after, I started recording all int [...]
Content analysis details: (19.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see ]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[128.201.148.224 listed in psbl.surriel.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[128.201.148.224 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales%40nk.ca;ip=128.201.148.224;r=doctor.nl2k.ab.ca]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 T_SCC_BODY_TEXT_LINE No description available.
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
3.6 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 BITCOIN_XPRIO Bitcoin + priority
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} There is an overdue payment under your name. Please, settle your debts ASAP.
Hi!
Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you for internet browsing.
Shortly after, I started recording all internet activities done by you.
Below is the sequence of events of how that happened:
Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).
As you can see, I managed to log in to your email account without breaking a sweat: (sales@nk.ca).
Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.
To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).
I know, you may be thinking now that I'm a genius.
With help of that useful software, I am now able to gain access to all the controllers located in your devices (e.g., video camera, keyboard, microphone and others).
As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.
Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.
My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),
hence it remains undetected by any antivirus software installed in your PC or device.
So, I guess now you finally understand the reason why I could never be caught until this very letter...
During the process of your personal info compilation, I could not help but notice that you are a huge admirer and regular guest of websites with adult content.
You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.
Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role and compiling them in special videos
that expose your masturbation sessions, which end with you cumming.
In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends, colleagues, and relatives of yours.
Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.
I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,
(you certainly know what I mean) it will completely ruin your reputation.
However, don't worry, there is still a way to resolve this:
You need to carry out a $1190 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.
Afterwards, we can forget about this unpleasant accident. Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts.
Mark my words, I never lie.
That is a great bargain with a low price, I assure you, because I have spent a lot of effort while recording
and tracking down all your activities and dirty deeds during a long period of time.
In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.
Here is my bitcoin wallet for your reference: 1EKdS2BjXd8BzYtsu8U9nQmpcygCjGCjZx
>From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).
The following list contains things you should definitely abstain from doing or even attempting:
> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).
> Abstain from trying to call or report to police or any other security services. In addition, it's a bad idea if you want to share it with your friends,
hoping they would help. If I happen to find out (knowing my awesome skills, it can be done effortlessly,
because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.
> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.
> Abstain from reinstalling your OS on devices or throwing them away. That would not solve the problem as well,
since all your personal videos are already uploaded and stored at remote servers.
Things you may be confused about:
> That your funds transfer won't be delivered to me.
Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,
since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).
> That I am going to share your dirty videos after receiving money transfer from you.
Here you need to trust me, because there is absolutely no point to still bother you after receiving money.
Moreover, if I really wanted all those videos would be available to public long time ago!
I believe we can still handle this situation on fair terms!
Here is my last advice to you... in future you better ensure you stay away from this kind of situations!
My advice - don't forget to regularly update your passwords to feel completely secure.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Jun 2022 06:58:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o6AmC-0000XC-Ad
for dave@doctor.nl2k.ab.ca;
Tue, 28 Jun 2022 06:57:08 -0600
Resent-From: The Doctor
Resent-Date: Tue, 28 Jun 2022 06:57:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pf1-f178.google.com ([209.85.210.178]:37500)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from )
id 1o63vb-000MKu-Iq
for sales@nk.ca;
Mon, 27 Jun 2022 23:38:28 -0600
Received: by mail-pf1-f178.google.com with SMTP id bo5so11031710pfb.4
for ; Mon, 27 Jun 2022 22:37:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=leadpmcert.com; s=google;
h=message-id:from:to:subject:date:mime-version;
bh=/1fsn7jfKAOUs8fnoLOsbcT0tQqqxiDkokUYZFfe58c=;
b=cYCIPv8bK7FpzafpSg+1tJpERb4k2JPPcVQyr0nC2i1Ehv7gLM8kWuiza7y4T7Asd9
rnhnB7xz2kkkqGlJd+IyxVCzBFJded2T7XFFfJH3lLsLsqzyJ7thrJQisO3/kq6pnmlv
+iG9qgWfOy+pUZkwo75XkhNPo2DIlx07j8qzpL2IBWNh6VoOJ35H/foWw8PYUa1mZNP8
FjvSI6c8v+EYeEAneayqfz6fvTKOPT8FC4g5A9IxsfPtky8cNlCT4IIxBcXQW9fLfnRv
WVwnQ3X1nAL2L/XcP90yteBbLJ0MpB5p1ri5F+t5L+cKX72Ap+1foq6zVsLtGyt+C3R7
jG2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:message-id:from:to:subject:date:mime-version;
bh=/1fsn7jfKAOUs8fnoLOsbcT0tQqqxiDkokUYZFfe58c=;
b=F2+XsHJpWEUR6UxjrMSFNLMZtWmYKNpBezZQibzrP9SgCiIZij2VROB8lDnuNuzhR2
V77aKphAQ4DriyNceOVEtjx1+YOf5z9RLQ17FEmWc1zYSa9djh2RrKirDpPE0V0g0W6U
JaccPFE4s4zgKcsk3EN1ExQS0qMoTiyofkdaFvpVC4cefNSnBLBiLVeEcL6egfb19IUh
YBFuPdeQHYKiZAXeE5e1C61/D3LT4h7EME6iriZkt0EsKZTY7xPDXmhTG1kwHiz/RFJe
PW+6e/vhJ0fDAkVtP6SGgG0LpWtticx2TSnx7qvDp2nRYpXvHh2sTMOKCkaZh1T0K8Kp
B5dA==
X-Gm-Message-State: AJIora+P8XFfLA5UqeB+TXFrpofBVNCXUhyyKI4nCXMY7ewbtFv1B3/x
6RFowU/FLu/LHlYr2tg1Eqpqk/dewFVKLoip
X-Google-Smtp-Source: AGRyM1u4O6NRlgwMA3zc5SlI3iXWinLREpyjbt8LQizBQhdyo/oZscppUIUW4wqAgAwMROagO2SA7Q==
X-Received: by 2002:a65:49cd:0:b0:40d:7553:e3be with SMTP id t13-20020a6549cd000000b0040d7553e3bemr16381801pgs.370.1656394672671;
Mon, 27 Jun 2022 22:37:52 -0700 (PDT)
Received: from [192.168.1.15] ([115.99.163.162])
by smtp.gmail.com with ESMTPSA id c12-20020a621c0c000000b0050dc7628178sm8339910pfc.82.2022.06.27.22.37.51
for
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 27 Jun 2022 22:37:52 -0700 (PDT)
Message-ID: <62ba93b0.1c69fb81.6be81.bc31@mx.google.com>
From: linda@leadpmcert.com
X-Google-Original-From: Linda@leadpmcert.com
To: sales@nk.ca
Subject: Kickstart your carrier with PMP & Six Sigma Exam Prep Course
Date: Mon, 27 Jun 2022 22:37:50 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi there,
Wishing you a Good day!!
I'm trying to get in touch with the person who is interested in attending below courses
and invite them to our upcoming prep courses.
I know you probably get tons of emails, so I'll keep this really short. I think you might find it interesting.
4 Day PMP workshop | Jun 28 - Jul 1 | Jul 26 - 29 | Aug 30 - Sep 02
Lean Six Sigma Green Belt | Jun 28 - Jul 1 | Jul 26 - 29 | Aug 30 - Sep 02
ITIL V4 Foundation | Jun 30 - Jul 1 | Jul 28 - 29 | Aug 30 - 31
ITIL 4 Strategist: Direct, Plan & Improve | Jun 30 - Jul 1 | Jul 28 - 29 | Aug 30 - 31
Management Skills | Jun 30 - Jul 1 | Jul 28 - 29 | Aug 30 - 31
PeopleCert DevOps Leadership | Jun 30 - Jul 1 | Jul 28 - 29 | Aug 30 - 31
Leaderships skills | Jun 28 | Jul 29 | Aug 30
Conflict Management | Jun 28 | Jul 29 | Aug 30
Agile Scrum Master | Jun 28 | Jul 29 | Aug 30
Certified Process Mapping Practitioner | Jun 27 | Jul 25 | Aug 29
Note:- We also conduct Training on CSM, CSPO
Workshop Dates: - CSM Jul 06 - 07 ( US CST)
We can help you transform your career through our specialized training and certifications training
will enhance your competence in demonstrating even the most difficult aspects of your domain.
I would also like to inform you that, We do conduct In-House training for specific group size.
Kindly revert us back if you have any queries, we would happy to help you.
Thanks & Regards,
Linda Jones
Learning Consultant
PH: 408-444-7579
If you no longer wish to receive e-mails from our side you may reply us.
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Jun 2022 22:32:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o62sa-000BhR-MW
for dave@doctor.nl2k.ab.ca;
Mon, 27 Jun 2022 22:31:12 -0600
Resent-From: The Doctor
Resent-Date: Mon, 27 Jun 2022 22:31:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 187.184.159.99.cable.dyn.cableonline.com.mx ([187.184.159.99]:53146)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from )
id 1o60Bs-000Erq-1L
for doctor@nl2k.ab.ca;
Mon, 27 Jun 2022 19:39:06 -0600
Message-ID: <51E95153F9E9EBFB43FBF953434151E9@XM95O7O>
From:
To:
Subject: There is an overdue payment under your name. Please, settle your debts ASAP.
Date: 27 Jun 2022 14:29:31 -0600
MIME-Version: 1.0
Content-Type: text/plain;
charset="cp-850"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi! Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you
for internet browsing. Shortly after, I started recording all int [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[187.184.159.99 listed in dnsbl.sorbs.net]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=doctor%40nl2k.ab.ca;ip=187.184.159.99;r=doctor.nl2k.ab.ca]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
3.6 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
0.0 BITCOIN_XPRIO Bitcoin + priority
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} There is an overdue payment under your name. Please, settle your debts ASAP.
Hi!
Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you for internet browsing.
Shortly after, I started recording all internet activities done by you.
Below is the sequence of events of how that happened:
Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).
As you can see, I managed to log in to your email account without breaking a sweat: (doctor@nl2k.ab.ca).
Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.
To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).
I know, you may be thinking now that I'm a genius.
With help of that useful software, I am now able to gain access to all the controllers located in your devices (e.g., video camera, keyboard, microphone and others).
As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.
Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.
My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),
hence it remains undetected by any antivirus software installed in your PC or device.
So, I guess now you finally understand the reason why I could never be caught until this very letter...
During the process of your personal info compilation, I could not help but notice that you are a huge admirer and regular guest of websites with adult content.
You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.
Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role and compiling them in special videos
that expose your masturbation sessions, which end with you cumming.
In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends, colleagues, and relatives of yours.
Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.
I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,
(you certainly know what I mean) it will completely ruin your reputation.
However, don't worry, there is still a way to resolve this:
You need to carry out a $1190 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.
Afterwards, we can forget about this unpleasant accident. Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts.
Mark my words, I never lie.
That is a great bargain with a low price, I assure you, because I have spent a lot of effort while recording
and tracking down all your activities and dirty deeds during a long period of time.
In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.
Here is my bitcoin wallet for your reference: 1EKdS2BjXd8BzYtsu8U9nQmpcygCjGCjZx
>From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).
The following list contains things you should definitely abstain from doing or even attempting:
> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).
> Abstain from trying to call or report to police or any other security services. In addition, it's a bad idea if you want to share it with your friends,
hoping they would help. If I happen to find out (knowing my awesome skills, it can be done effortlessly,
because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.
> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.
> Abstain from reinstalling your OS on devices or throwing them away. That would not solve the problem as well,
since all your personal videos are already uploaded and stored at remote servers.
Things you may be confused about:
> That your funds transfer won't be delivered to me.
Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,
since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).
> That I am going to share your dirty videos after receiving money transfer from you.
Here you need to trust me, because there is absolutely no point to still bother you after receiving money.
Moreover, if I really wanted all those videos would be available to public long time ago!
I believe we can still handle this situation on fair terms!
Here is my last advice to you... in future you better ensure you stay away from this kind of situations!
My advice - don't forget to regularly update your passwords to feel completely secure.