Return-Path: Delivered-To: shafaat.ali@bfbio.com Received: from ld212.inmotionhosting.com by ld212.inmotionhosting.com with LMTP id 8HQnCvbBsl1yegEAdIrCJg (envelope-from ) for ; Fri, 25 Oct 2019 02:35:50 -0700 Return-path: Envelope-to: shafaat.ali@bfbio.com Delivery-date: Fri, 25 Oct 2019 02:35:50 -0700 Received: from [194.44.46.147] (port=31761) by ld212.inmotionhosting.com with esmtp (Exim 4.92) (envelope-from ) id 1iNw0T-000QoW-Ky for shafaat.ali@bfbio.com; Fri, 25 Oct 2019 02:35:50 -0700 From: To: "pharmaxpharmax" Date: 25 Oct 2019 14:30:39 +0200 Message-ID: <003001d58b30$03a95d79$7a64c98f$@bfbio.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ibm852" Content-Transfer-Encoding: 8bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acf64r70ukimmy8if64r70ukimmy8i== Content-Language: en x-cr-hashedpuzzle: 2D4= 4r70 ukim my8i f64r 70uk immy 8inu rg1k k90r 93xf nurg 1kk9 0r93 xfnu rg1k;1;k90r93xfnurg1kk90r93xfnurg1kk90r93xfnurg1kk90r93;Sosha1_v1;7;\{969830B5-753E-1DF0-FE56-D313587B9698\};ZQB3AGUAZgrg1kk90r93xfnurg1kk90r93xfnurg1kk90r93;25 Oct 2019 14:30:39 +0200;xfnurg1kk90r93xf x-cr-puzzleid: \{969830B5-753E-1DF0-FE56-D313587B9698\} X-Spam-Status: Yes, score=31.2 X-Spam-Score: 312 X-Spam-Bar: +++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "ld212.inmotionhosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account: At the time of hacking your account(shafaat.ali@bfbio.com) had this password: pharma [...] Content analysis details: (31.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: bfbio.com] 5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 0.9998] 1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 0.9998] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [194.44.46.147 listed in bl.score.senderscore.com] 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [194.44.46.147 listed in psbl.surriel.com] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 6.2 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) [194.44.46.147 listed in bl.mailspike.net] 1.8 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 3.0 GB_BITCOIN_NH Localized Bitcoin scam 0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe 2.0 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin 3.5 BITCOIN_SPAM_07 BitCoin spam pattern 07 1.2 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX X-Spam-Flag: YES Subject: ***SPAM*** Be sure to read this message! Your personal data is threatened! Hi! As you may have noticed, I sent you an email from your account. This means that I have full access to your account: At the time of hacking your account(shafaat.ali@bfbio.com) had this password: pharmaxpharmax You can say: this is my, but old password! Or: I can change my password at any time! Of course! You will be right, but the fact is that when you change the password, my malicious code every time saved a new one! I've been watching you for a few months now. But the fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence from e-mail and messangers. Why your antivirus did not detect my malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use. If you want to prevent this, transfer the amount of $703 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin"). My bitcoin address (BTC Wallet) is: 1NiXnj8DcDTnawYqz57GeVRMxw6WDTy3ba After receiving the payment, I will delete the video and you will never hear me again. I give you 48 hours to pay. I have a notice reading this letter, and the timer will work when you see this letter. Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address. I do not make any mistakes. If I find that you have shared this message with someone else, the video will be immediately distributed. Bye!