Phish | Entries from Thursday, September 8. 2022

Home depot phish

sexual blackmail phish

Posted by Dave Yadallee on Thursday, September 8. 2022

Return-path: <>

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 08 Sep 2022 12:20:48 -0600

Received: from [194.87.80.203] (port=49637 helo=e-storefront.co.uk)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1oWKBS-0004iN-KI

for dave@doctor.nl2k.ab.ca;

Thu, 08 Sep 2022 10:15:22 -0600

MIME-Version: 1.0

Message-Id:

From:_Promos for you

Subject:_Thank You! To our favorite customer!

Reply-To: reply_NDrqIydfSVFlRueb71To7vnau7zTAJblb7FGgQ.bounce9@inx1and1.de

To: dave@doctor.nl2k.ab.ca

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=UTF-8

Date: Thu, 08 Sep 2022 18:14:57 +0200

X-Spam_score: 8.4

X-Spam_score_int: 84

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: SURVEY ABOUT: THE HOME DEPOT THE HOME DEPOT Please tell us

about your: THE HOME DEPOT Experiences and as a thank you, you can select

from several exclusive offer rewards! Supply is extremely limited so act

fast today!

Content analysis details: (8.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: googleapis.com]

0.0 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.8 HDRS_MISSP Misspaced headers

3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to

avoid URIBL

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

Subject: {SPAM?} _Thank You! To our favorite customer!

SURVEY ABOUT: THE HOME DEPOT

THE HOME DEPOT

Please tell us about your: THE HOME DEPOT

Experiences and as a thank you, you can select
from several exclusive offer rewards!

Supply is extremely limited so act fast today!

Take Survey Now

September '22

Posted by Dave Yadallee on Thursday, September 8. 2022

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 07 Sep 2022 17:57:24 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW4tg-000A3P-RQ

for dave@doctor.nl2k.ab.ca;

Wed, 07 Sep 2022 17:55:56 -0600

Resent-From: The Doctor

Resent-Date: Wed, 7 Sep 2022 17:55:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [111.94.79.217] (port=35828 helo=fm-dyn-111-94-79-217.fast.net.id)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oW4dU-0008Q7-Pm

for root@nk.ca;

Wed, 07 Sep 2022 17:39:17 -0600

Date: 8 Sep 2022 12:31:45 +0600

From:

X-Priority: 3

Message-ID: <817551800.202209081238@nk.ca>

To:

Subject: Waiting for the payment.

MIME-Version: 1.0

Content-Type: text/plain; charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Spam_score: 9.0

X-Spam_score_int: 90

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hello! Have you recently noticed that I have e-mailed you

from your account? Yes, this simply means that I have total access to your

device. For the last couple of months, I have been watching you. Still wondering

how is that possible? Well, you have been infected with malware originating

from an adult website that you visited. You may not [...]

Content analysis details: (9.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[111.94.79.217 listed in bb.barracudacentral.org]

0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=root%40nk.ca;ip=111.94.79.217;r=doctor.nl2k.ab.ca]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.5 PDS_BTC_ID FP reduced Bitcoin ID

0.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin

3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP

addr 1)

0.0 BITCOIN_XPRIO Bitcoin + priority

1.0 BITCOIN_SPAM_07 BitCoin spam pattern 07

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

Subject: {SPAM?} Waiting for the payment.

Hello!

Have you recently noticed that I have e-mailed you from your account?

Yes, this simply means that I have total access to your device.

For the last couple of months, I have been watching you.

Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.

With help of the Trojan Virus, I have complete access to a PC or any other device.

This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.

You may be asking yourself, "But my PC has an active antivirus, how is this even possible? Why didn't I receive any notification?" Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.

I have a video of you wanking on the left screen, and on the right screen - the video you were watching while masturbating.

Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.

I can also share access to all your e-mail correspondence and messengers that you use.

All you have to do to prevent this from happening is - transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: "Buy Bitcoin").

My bitcoin address (BTC Wallet) is: 1P3eUgQzL12tDo2oh9csyo7HFxLer8vJsG

After receiving a confirmation of your payment, I will delete the video right away, and that's it, you will never hear from me again.

You have 2 days (48 hours) to complete this transaction.

Once you open this e-mail, I will receive a notification, and my timer will start ticking.

Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.

I have been working on this for a very long time by now; I do not give any chance for a mistake.

If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.