Return-Path: Delivered-To: shafaat.ali@bfbio.com Received: from ld212.inmotionhosting.com by ld212.inmotionhosting.com with LMTP id 0Hj8ALdTxlyxoAEAdIrCJg for ; Sun, 28 Apr 2019 18:30:31 -0700 Return-path: Envelope-to: shafaat.ali@bfbio.com Delivery-date: Sun, 28 Apr 2019 18:30:31 -0700 Received: from 114-45-202-42.dynamic-ip.hinet.net ([114.45.202.42]:14353) by ld212.inmotionhosting.com with esmtp (Exim 4.91) (envelope-from ) id 1hKv7c-000UnA-Tx for shafaat.ali@bfbio.com; Sun, 28 Apr 2019 18:30:30 -0700 Message-ID: <5CC6C3CE.5030104@sbcglobal.net> Date: Mon, 29 Apr 2019 16:28:46 +0700 From: User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1 MIME-Version: 1.0 To: "pharmaxpharmax" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: Yes, score=31.1 X-Spam-Score: 311 X-Spam-Bar: +++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "ld212.inmotionhosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hello! This is important information for you! Some months ago I hacked your OS and got full access to your account shafaat.ali@bfbio.com On day of hack your account shafaat.ali@bfbio.com has password: pharmaxpharmax Content analysis details: (31.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: bfbio.com] 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 0.9931] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [114.45.202.42 listed in bl.score.senderscore.com] 0.0 TVD_RCVD_IP Message was received from an IP address 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date 4.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [114.45.202.42 listed in dnsbl.sorbs.net] 1.8 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 1.0 FSL_BULK_SIG Bulk signature with no Unsubscribe 1.5 BITCOIN_SPAM_09 BitCoin spam pattern 09 5.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin 2.4 BITCOIN_SPAM_08 BitCoin spam pattern 08 2.5 BITCOIN_SPAM_02 BitCoin spam pattern 02 0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address X-Spam-Flag: YES Subject: ***SPAM*** Important information about your account: shafaat.ali@bfbio.com Hello! This is important information for you! Some months ago I hacked your OS and got full access to your account shafaat.ali@bfbio.com On day of hack your account shafaat.ali@bfbio.com has password: pharmaxpharmax So, you can change the password, yes.. Or already changed... But my malware intercepts it every time. How I made it: In the software of the router, through which you went online, was a vulnerability. I used it... If you interested you can read about it: CVE-2019-1663 - a vulnerability in the web-based management interface of the Cisco routers. I just hacked this router and placed my malicious code on it. When you went online, my trojan was installed on the OS of your device. After that, I made a full backup of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts). A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock. But I looked at the sites that you regularly visit, and I was shocked by what I saw!!! I'm talk you about sites for adults. I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course! And I got an idea.... I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?). After that, I made a screenshot of your joys (using the camera of your device) and glued them together. Turned out amazing! You are so spectacular! I'm know that you would not like to show these screenshots to your friends, relatives or colleagues. I think $754 is a very, very small amount for my silence. Besides, I have been spying on you for so long, having spent a lot of time! Pay ONLY in Bitcoins! My BTC wallet: 114h48jc81nwFbDFvm3mdUUto9iGLJDwCU You do not know how to use bitcoins? Enter a query in any search engine: "how to replenish btc wallet". It's extremely easy For this payment I give you two days (48 hours). As soon as this letter is opened, the timer will work. After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically. If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys". I hope you understand your situation. - Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server) - Do not try to contact me (you yourself will see that this is impossible, the sender address is automatically generated) - Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server. P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment! This is the word of honor hacker I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation. Do not hold evil! I just good do my job. Good luck.