Activity Blackmail phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 23 May 2024 18:46:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sAJ3U-00000000Fnj-2XDh
for dave@doctor.nl2k.ab.ca;
Thu, 23 May 2024 18:45:08 -0600
Resent-From: The Doctor
Resent-Date: Thu, 23 May 2024 18:45:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from server.totalcatsint.nl ([185.56.146.210]:41084)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sAHnY-000000009oX-3qOH
for sales@nk.ca;
Thu, 23 May 2024 17:24:41 -0600
Received: from [82.156.73.67] (port=50131 helo=mail.topdek.eu)
by server.totalcatsint.nl with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from)
id 1sAHla-0005in-1O
for sales@nk.ca; Fri, 24 May 2024 01:22:34 +0200
From: sales@nk.ca
To: sales@nk.ca
Subject: A new payment schedule has been approved for : #999 - 1792566
Date: 24 May 2024 07:22:33 +0800
Message-ID: <20240524072233.160CD244C4B28004@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.totalcatsint.nl
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - topdek.eu
X-Get-Message-Sender-Via: server.totalcatsint.nl: authenticated_id: admin@topdek.eu
X-Authenticated-Sender: server.totalcatsint.nl: admin@topdek.eu
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 10.9
X-Spam_score_int: 109
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello pervert, I want to inform you about a very bad situation
for you. However, you can benefit from it, if you will act wisely. Have you
heard of Pegasus? This is a spyware program that installs on computers and
smartphones and allows hackers to monitor the activity of device owners.
It provides access to your webcam, messenge [...]
Content analysis details: (10.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.3 LONGWORD BODY: Uses overlong words
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.5 BITCOIN_SPAM_09 BitCoin spam pattern 09
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
1.1 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_TOEQFM Bitcoin + To same as From
Subject: {SPAM?} A new payment schedule has been approved for : #999 - 1792566
Hello pervert,
I want to inform you about a very bad situation for you. However, you can b=
enefit from it, if you will act wisely.
Have you heard of Pegasus? This is a spyware program that installs on compu=
ters and smartphones and allows hackers to monitor the activity of device o=
wners. It provides access to your webcam, messengers, emails, call records,=
etc. It works well on Android, iOS, and Windows. I guess, you already figu=
red out where I=E2=80=99m getting at.
It=E2=80=99s been a few months since I installed it on all your devices bec=
ause you were not quite choosy about what links to click on the internet. D=
uring this period, I=E2=80=99ve learned about all aspects of your private l=
ife, but one is of special significance to me.
I=E2=80=99ve recorded many videos of you jerking off to highly controversia=
l porn videos. Given that the =E2=80=9Cquestionable=E2=80=9D genre is almos=
t always the same, I can conclude that you have sick perversion.
I doubt you=E2=80=99d want your friends, family and co-workers to know abou=
t it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos =E2=80=
=93 on WhatsApp, on Telegram, on Skype, on email =E2=80=93 everywhere. It i=
s going to be a tsunami that will sweep away everything in its path, and fi=
rst of all, your former life.
Don=E2=80=99t think of yourself as an innocent victim. No one knows where y=
our perversion might lead in the future, so consider this a kind of deserve=
d punishment to stop you.
Better late than never.
I=E2=80=99m some kind of God who sees everything. However, don=E2=80=99t pa=
nic. As we know, God is merciful and forgiving, and so do I. But my mercy i=
s not free.
Transfer $999 USD to my bitcoin wallet: bc1q7kn8n7mjngk9t9cvh3crgqa7xzdaday=
3meamth
Once I receive confirmation of the transaction, I will permanently delete a=
ll videos compromising you, uninstall Pegasus from all of your devices, and=
disappear from your life. You can be sure =E2=80=93 my benefit is only mon=
ey. Otherwise, I wouldn=E2=80=99t be writing to you, but destroy your life =
without a word in a second.
I=E2=80=99ll be notified when you open my email, and from that moment you h=
ave exactly 48 hours to send the money. If cryptocurrencies are unchartered=
waters for you, don=E2=80=99t worry, it=E2=80=99s very simple. Just google=
=E2=80=9Ccrypto exchange=E2=80=9D and then it will be no harder than buyin=
g some useless stuff on Amazon.
I strongly warn you against the following:
) Do not reply to this email. is your address!
) Do not contact the police. I have access to all your devices, and as soon=
as I find out you ran to the cops, videos will be published.
) Don=E2=80=99t try to reset or destroy your devices.
As I mentioned above: I=E2=80=99m monitoring all your activity, so you eith=
er agree to my terms or the videos are published.
Also, don=E2=80=99t forget that cryptocurrencies are anonymous, so it=E2=80=
=99s impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from e=
ach other.
And some friendly advice: from now on, don=E2=80=99t be so careless about y=
our online security.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 23 May 2024 18:46:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sAJ3U-00000000Fnj-2XDh
for dave@doctor.nl2k.ab.ca;
Thu, 23 May 2024 18:45:08 -0600
Resent-From: The Doctor
Resent-Date: Thu, 23 May 2024 18:45:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from server.totalcatsint.nl ([185.56.146.210]:41084)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sAHnY-000000009oX-3qOH
for sales@nk.ca;
Thu, 23 May 2024 17:24:41 -0600
Received: from [82.156.73.67] (port=50131 helo=mail.topdek.eu)
by server.totalcatsint.nl with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from
id 1sAHla-0005in-1O
for sales@nk.ca; Fri, 24 May 2024 01:22:34 +0200
From: sales@nk.ca
To: sales@nk.ca
Subject: A new payment schedule has been approved for : #999 - 1792566
Date: 24 May 2024 07:22:33 +0800
Message-ID: <20240524072233.160CD244C4B28004@nk.ca>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.totalcatsint.nl
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - topdek.eu
X-Get-Message-Sender-Via: server.totalcatsint.nl: authenticated_id: admin@topdek.eu
X-Authenticated-Sender: server.totalcatsint.nl: admin@topdek.eu
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 10.9
X-Spam_score_int: 109
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello pervert, I want to inform you about a very bad situation
for you. However, you can benefit from it, if you will act wisely. Have you
heard of Pegasus? This is a spyware program that installs on computers and
smartphones and allows hackers to monitor the activity of device owners.
It provides access to your webcam, messenge [...]
Content analysis details: (10.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[185.56.146.210 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
[82.156.73.67 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.56.146.210 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[82.156.73.67 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
[185.56.146.210 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.3 LONGWORD BODY: Uses overlong words
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.5 BITCOIN_SPAM_09 BitCoin spam pattern 09
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
1.1 BITCOIN_SPAM_07 BitCoin spam pattern 07
0.5 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_TOEQFM Bitcoin + To same as From
Subject: {SPAM?} A new payment schedule has been approved for : #999 - 1792566
Hello pervert,
I want to inform you about a very bad situation for you. However, you can b=
enefit from it, if you will act wisely.
Have you heard of Pegasus? This is a spyware program that installs on compu=
ters and smartphones and allows hackers to monitor the activity of device o=
wners. It provides access to your webcam, messengers, emails, call records,=
etc. It works well on Android, iOS, and Windows. I guess, you already figu=
red out where I=E2=80=99m getting at.
It=E2=80=99s been a few months since I installed it on all your devices bec=
ause you were not quite choosy about what links to click on the internet. D=
uring this period, I=E2=80=99ve learned about all aspects of your private l=
ife, but one is of special significance to me.
I=E2=80=99ve recorded many videos of you jerking off to highly controversia=
l porn videos. Given that the =E2=80=9Cquestionable=E2=80=9D genre is almos=
t always the same, I can conclude that you have sick perversion.
I doubt you=E2=80=99d want your friends, family and co-workers to know abou=
t it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos =E2=80=
=93 on WhatsApp, on Telegram, on Skype, on email =E2=80=93 everywhere. It i=
s going to be a tsunami that will sweep away everything in its path, and fi=
rst of all, your former life.
Don=E2=80=99t think of yourself as an innocent victim. No one knows where y=
our perversion might lead in the future, so consider this a kind of deserve=
d punishment to stop you.
Better late than never.
I=E2=80=99m some kind of God who sees everything. However, don=E2=80=99t pa=
nic. As we know, God is merciful and forgiving, and so do I. But my mercy i=
s not free.
Transfer $999 USD to my bitcoin wallet: bc1q7kn8n7mjngk9t9cvh3crgqa7xzdaday=
3meamth
Once I receive confirmation of the transaction, I will permanently delete a=
ll videos compromising you, uninstall Pegasus from all of your devices, and=
disappear from your life. You can be sure =E2=80=93 my benefit is only mon=
ey. Otherwise, I wouldn=E2=80=99t be writing to you, but destroy your life =
without a word in a second.
I=E2=80=99ll be notified when you open my email, and from that moment you h=
ave exactly 48 hours to send the money. If cryptocurrencies are unchartered=
waters for you, don=E2=80=99t worry, it=E2=80=99s very simple. Just google=
=E2=80=9Ccrypto exchange=E2=80=9D and then it will be no harder than buyin=
g some useless stuff on Amazon.
I strongly warn you against the following:
) Do not reply to this email. is your address!
) Do not contact the police. I have access to all your devices, and as soon=
as I find out you ran to the cops, videos will be published.
) Don=E2=80=99t try to reset or destroy your devices.
As I mentioned above: I=E2=80=99m monitoring all your activity, so you eith=
er agree to my terms or the videos are published.
Also, don=E2=80=99t forget that cryptocurrencies are anonymous, so it=E2=80=
=99s impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from e=
ach other.
And some friendly advice: from now on, don=E2=80=99t be so careless about y=
our online security.