Return-Path: Delivered-To: ceo@adiyatgroup.com Received: from altar51.supremepanel51.com by altar51.supremepanel51.com with LMTP id mLG+H6IPwlv5jyQANfWGUA for ; Sat, 13 Oct 2018 15:30:42 +0000 Return-path: Envelope-to: ceo@adiyatgroup.com Delivery-date: Sat, 13 Oct 2018 15:30:42 +0000 Received: from [187.216.83.178] (port=12825 helo=customer-187-216-83-178.uninet-ide.com.mx) by altar51.supremepanel51.com with esmtp (Exim 4.91) (envelope-from ) id 1gBLsF-00A8EL-Lt for ceo@adiyatgroup.com; Sat, 13 Oct 2018 15:30:42 +0000 Message-ID: <001c01d462d6$057ff713$f4721093@xxlyv> From: To: Date: 13 Oct 2018 01:47:30 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="cp-850" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0994 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0994 X-Spam-Status: Yes, score=32.8 X-Spam-Score: 328 X-Spam-Bar: ++++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "altar51.supremepanel51.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hello ceo@ My nickname in darknet is tristam65. I'll begin by saying that I hacked this mailbox (please look on 'from' in your header) more than six months ago, through it I infected your operating sy Content analysis details: (32.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [187.216.83.178 listed in zen.spamhaus.org] 1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 6.2 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5) [187.216.83.178 listed in bl.mailspike.net] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [187.216.83.178 listed in bl.score.senderscore.com] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: adiyatgroup.com] 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 2.9 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam (FTSDMCXX/boundary variant) + no rDNS 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 FROM_IN_TO_AND_SUBJ From address is in To and Subject 3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 2.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam (FTSDMCXX/boundary variant) + direct-to-MX 1.5 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX 3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers X-Spam-Flag: YES Subject: ***SPAM*** ceo@adiyatgroup.com was hacked Hello ceo@ My nickname in darknet is tristam65. I'll begin by saying that I hacked this mailbox (please look on 'from' in your header) more than six months ago, through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time. Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer and automatically saved access for me. I have access to all your accounts, social networks, email, browsing history. Accordingly, I have the data of all your contacts, files from your computer, photos and videos. I was most struck by the intimate content sites that you occasionally visit. You have a very wild imagination, I tell you! During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching. Oh my god! You are so funny and excited! I think that you do not want all your contacts to get these files, right? If you are of the same opinion, then I think that $500 is quite a fair price to destroy the dirt I created. Send the above amount on my bitcoin wallet: 1MN7A7QqQaAVoxV4zdjdrnEHXmjhzcQ4Bq As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it. Otherwise, these files and history of visiting sites will get all your contacts from your device. Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it! Since reading this letter you have 48 hours! After your reading this message, I'll receive an automatic notification that you have seen the letter. I hope I taught you a good lesson. Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere! Good luck!