sexual blackmail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 06 Sep 2022 14:35:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oVfH7-0007wF-Rv
for dave@doctor.nl2k.ab.ca;
Tue, 06 Sep 2022 14:34:25 -0600
Resent-From: The Doctor
Resent-Date: Tue, 6 Sep 2022 14:34:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 170-239-229-151.amnet.net.br ([170.239.229.151]:56231)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oVexL-000657-56
for root@nk.ca;
Tue, 06 Sep 2022 14:14:04 -0600
From:
To:
Subject: Waiting for the payment.
Date: 6 Sep 2022 13:02:30 -0400
Message-ID: <003401d8c213$030346e9$698bc085$@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acg07fcacg07fcacg07fcacg07fcac==
Content-Language: en
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! Have you recently noticed that I have e-mailed you
from your account? Yes, this simply means that I have total access to your
device. For the last couple of months, I have been watching you. Still wondering
how is that possible? Well, you have been infected with malware originating
from an adult website that you visited. You may not [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[170.239.229.151 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[170.239.229.151 listed in psbl.surriel.com]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=170.239.229.151;r=doctor.nl2k.ab.ca]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} Waiting for the payment.
Hello!
Have you recently noticed that I have e-mailed you from your account?
Yes, this simply means that I have total access to your device.
For the last couple of months, I have been watching you.
Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.
With help of the Trojan Virus, I have complete access to a PC or any other device.
This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.
You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.
I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.
Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.
I can also share access to all your e-mail correspondence and messengers that you use.
All you have to do to prevent this from happening is - transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1P3eUgQzL12tDo2oh9csyo7HFxLer8vJsG
After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.
You have 2 days (48 hours) to complete this transaction.
Once you open this e-mail, I will receive a notification, and my timer will start ticking.
Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.
I have been working on this for a very long time by now; I do not give any chance for a mistake.
If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 06 Sep 2022 14:35:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oVfH7-0007wF-Rv
for dave@doctor.nl2k.ab.ca;
Tue, 06 Sep 2022 14:34:25 -0600
Resent-From: The Doctor
Resent-Date: Tue, 6 Sep 2022 14:34:25 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 170-239-229-151.amnet.net.br ([170.239.229.151]:56231)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oVexL-000657-56
for root@nk.ca;
Tue, 06 Sep 2022 14:14:04 -0600
From:
To:
Subject: Waiting for the payment.
Date: 6 Sep 2022 13:02:30 -0400
Message-ID: <003401d8c213$030346e9$698bc085$@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acg07fcacg07fcacg07fcacg07fcac==
Content-Language: en
X-Spam_score: 16.4
X-Spam_score_int: 164
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello! Have you recently noticed that I have e-mailed you
from your account? Yes, this simply means that I have total access to your
device. For the last couple of months, I have been watching you. Still wondering
how is that possible? Well, you have been infected with malware originating
from an adult website that you visited. You may not [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.0 TVD_RCVD_IP Message was received from an IP address
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[170.239.229.151 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[170.239.229.151 listed in psbl.surriel.com]
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=170.239.229.151;r=doctor.nl2k.ab.ca]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin
1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
Subject: {SPAM?} Waiting for the payment.
Hello!
Have you recently noticed that I have e-mailed you from your account?
Yes, this simply means that I have total access to your device.
For the last couple of months, I have been watching you.
Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.
With help of the Trojan Virus, I have complete access to a PC or any other device.
This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.
You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.
I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.
Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.
I can also share access to all your e-mail correspondence and messengers that you use.
All you have to do to prevent this from happening is - transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1P3eUgQzL12tDo2oh9csyo7HFxLer8vJsG
After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.
You have 2 days (48 hours) to complete this transaction.
Once you open this e-mail, I will receive a notification, and my timer will start ticking.
Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.
I have been working on this for a very long time by now; I do not give any chance for a mistake.
If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.