Sexual blackmail Phish from linode.com
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Feb 2023 08:04:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pX1Vi-0008Cr-2p
for dave@doctor.nl2k.ab.ca;
Tue, 28 Feb 2023 08:03:22 -0700
Resent-From: The Doctor
Resent-Date: Tue, 28 Feb 2023 08:03:22 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from li1358-99.members.linode.com ([139.162.195.99]:47924)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pWwr9-000KT2-1R
for root@nk.ca;
Tue, 28 Feb 2023 03:05:40 -0700
Received: from [185.202.220.47] (port=54702 helo=softwaregeeks.co.uk)
by node2334.myfcloud.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from)
id 1pWwp5-0000ey-Ls
for root@nk.ca; Tue, 28 Feb 2023 10:03:04 +0000
From: Keesha Grossman
To: root@nk.ca
Subject: Attention:
Date: 28 Feb 2023 05:03:00 -0500
Message-ID: <20230228050258.4F21EAA08870D22D@softwaregeeks.co.uk>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - node2334.myfcloud.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - softwaregeeks.co.uk
X-Get-Message-Sender-Via: node2334.myfcloud.com: authenticated_id: smtpfox-wx13u@softwaregeeks.co.uk
X-Authenticated-Sender: node2334.myfcloud.com: smtpfox-wx13u@softwaregeeks.co.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.5
X-Spam_score_int: 75
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Distribution and storage of pornographic electronic materials
involving underage children. My name is Keesha Grossman and I am a technical
collection officer working for Central Intelligence Agency. It has come to
my attention that your personal details including your email address (%0%)
are listed in case #12653487.
Content analysis details: (7.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[139.162.195.99 listed in bb.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
1.1 TRACKER_ID BODY: Incorporates a tracking ID number
1.0 BITCOIN_SPAM_03 BitCoin spam pattern 03
0.3 PDS_BTC_ID FP reduced Bitcoin ID
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 BITCOIN_DEADLINE BitCoin with a deadline
2.5 BITCOIN_YOUR_INFO BitCoin with your personal info
1.0 BITCOIN_PAY_ME Pay me via BitCoin
Subject: {SPAM?} Attention:
Distribution and storage of pornographic electronic materials involving und=
erage children.
=20=20=20=20=20=20
My name is Keesha Grossman and I am a technical collection officer working =
for Central Intelligence Agency.
=20=20=20
It has come to my attention that your personal details including your email=
address (%0%) are listed in case #12653487.
=20=20=20
The following details are listed in the document's attachment:
=20=20=20
Your personal details,
Home address,
Work address,
List of relatives and their contact information.
=20=20=20=20=20=20
Case #12653487 is part of a large international operation set to arrest mor=
e than 2000 individuals suspected of paedophilia in 27 countries.
=20=20=20
The data which could be used to acquire your personal information:
=20=20=20
Your ISP web browsing history,
DNS queries history and connection logs,
Deep web .onion browsing and/or connection sharing,
Online chat-room logs,
Social media activity log.
The first arrests are scheduled for April 8, 2023.
=20=20=20
Why am I contacting you ?
=20
I read the documentation and I know you are a wealthy person who may be con=
cerned about reputation.=20=20=20
I am one of several people who have access to those documents and I have en=
ough security clearance to amend and remove your details from this case. He=
re is my proposition.=20=20=20
Transfer exactly $2,000 USD (two thousand dollars) through Bitcoin network =
to this special bitcoin address:
=20=20=20
bc1qwh92cqxhwnfh4usrkxlncwlygtnjnwa6ymagyz
=20=20=20
You can transfer funds with online bitcoin exchanges such as Coinbase, Bits=
tamp or Coinmama. The deadline is March 27, 2023 (I need few days to access=
and edit the files).
Upon confirming your transfer I will take care of all the files linked to y=
ou and you can rest assured no one will bother you.
Please do not contact me. I will contact you and confirm only when I see th=
e valid transfer.
=20=20=20
Regards,
Keesha Grossman
=20=20=20
Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Feb 2023 08:04:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pX1Vi-0008Cr-2p
for dave@doctor.nl2k.ab.ca;
Tue, 28 Feb 2023 08:03:22 -0700
Resent-From: The Doctor
Resent-Date: Tue, 28 Feb 2023 08:03:22 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from li1358-99.members.linode.com ([139.162.195.99]:47924)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pWwr9-000KT2-1R
for root@nk.ca;
Tue, 28 Feb 2023 03:05:40 -0700
Received: from [185.202.220.47] (port=54702 helo=softwaregeeks.co.uk)
by node2334.myfcloud.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from
id 1pWwp5-0000ey-Ls
for root@nk.ca; Tue, 28 Feb 2023 10:03:04 +0000
From: Keesha Grossman
To: root@nk.ca
Subject: Attention:
Date: 28 Feb 2023 05:03:00 -0500
Message-ID: <20230228050258.4F21EAA08870D22D@softwaregeeks.co.uk>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - node2334.myfcloud.com
X-AntiAbuse: Original Domain - nk.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - softwaregeeks.co.uk
X-Get-Message-Sender-Via: node2334.myfcloud.com: authenticated_id: smtpfox-wx13u@softwaregeeks.co.uk
X-Authenticated-Sender: node2334.myfcloud.com: smtpfox-wx13u@softwaregeeks.co.uk
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam_score: 7.5
X-Spam_score_int: 75
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Distribution and storage of pornographic electronic materials
involving underage children. My name is Keesha Grossman and I am a technical
collection officer working for Central Intelligence Agency. It has come to
my attention that your personal details including your email address (%0%)
are listed in case #12653487.
Content analysis details: (7.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[139.162.195.99 listed in bb.barracudacentral.org]
-0.0 SPF_PASS SPF: sender matches SPF record
1.1 TRACKER_ID BODY: Incorporates a tracking ID number
1.0 BITCOIN_SPAM_03 BitCoin spam pattern 03
0.3 PDS_BTC_ID FP reduced Bitcoin ID
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.0 BITCOIN_DEADLINE BitCoin with a deadline
2.5 BITCOIN_YOUR_INFO BitCoin with your personal info
1.0 BITCOIN_PAY_ME Pay me via BitCoin
Subject: {SPAM?} Attention:
Distribution and storage of pornographic electronic materials involving und=
erage children.
=20=20=20=20=20=20
My name is Keesha Grossman and I am a technical collection officer working =
for Central Intelligence Agency.
=20=20=20
It has come to my attention that your personal details including your email=
address (%0%) are listed in case #12653487.
=20=20=20
The following details are listed in the document's attachment:
=20=20=20
Your personal details,
Home address,
Work address,
List of relatives and their contact information.
=20=20=20=20=20=20
Case #12653487 is part of a large international operation set to arrest mor=
e than 2000 individuals suspected of paedophilia in 27 countries.
=20=20=20
The data which could be used to acquire your personal information:
=20=20=20
Your ISP web browsing history,
DNS queries history and connection logs,
Deep web .onion browsing and/or connection sharing,
Online chat-room logs,
Social media activity log.
The first arrests are scheduled for April 8, 2023.
=20=20=20
Why am I contacting you ?
=20
I read the documentation and I know you are a wealthy person who may be con=
cerned about reputation.=20=20=20
I am one of several people who have access to those documents and I have en=
ough security clearance to amend and remove your details from this case. He=
re is my proposition.=20=20=20
Transfer exactly $2,000 USD (two thousand dollars) through Bitcoin network =
to this special bitcoin address:
=20=20=20
bc1qwh92cqxhwnfh4usrkxlncwlygtnjnwa6ymagyz
=20=20=20
You can transfer funds with online bitcoin exchanges such as Coinbase, Bits=
tamp or Coinmama. The deadline is March 27, 2023 (I need few days to access=
and edit the files).
Upon confirming your transfer I will take care of all the files linked to y=
ou and you can rest assured no one will bother you.
Please do not contact me. I will contact you and confirm only when I see th=
e valid transfer.
=20=20=20
Regards,
Keesha Grossman
=20=20=20
Technical Collection Officer
Directorate of Science and Technology
Central Intelligence Agency
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments