OwlCyberSecurity - MANAGER
Edit File: 1752855151.M290007P3619966.server254.web-hosting.com,S=10962,W=11177
Return-Path: <loamelya6413@1live1.com> Delivered-To: info+spam@sportspesatips.com Received: from server254.web-hosting.com by server254.web-hosting.com with LMTP id KBvFEG9yemh+PDcAUzp1tw (envelope-from <loamelya6413@1live1.com>) for <info+spam@sportspesatips.com>; Fri, 18 Jul 2025 12:12:31 -0400 Return-path: <loamelya6413@1live1.com> Envelope-to: info@sportspesatips.com Delivery-date: Fri, 18 Jul 2025 12:12:31 -0400 Received: from [165.16.181.49] (port=15834) by server254.web-hosting.com with esmtp (Exim 4.98.2) (envelope-from <loamelya6413@1live1.com>) id 1ucnhB-0000000G6Y8-0ZZ4 for info@sportspesatips.com; Fri, 18 Jul 2025 12:12:31 -0400 Message-ID: <15E5D1A6AE2192D9291D6A62ED5E15E5@5Q7KGPG> From: "stanislaw shih" <loamelya6413@1live1.com> To: <info@sportspesatips.com> Date: 18 Jul 2025 18:48:41 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0018_01DBF80F.030A7A22" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 X-Spam-Status: Yes, score=49.9 X-Spam-Score: 499 X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "server254.web-hosting.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Consider this message as your last warning. We hacked your system! We have copied all the data from your device to our own servers. Curious videos were recorded from your camera and your actions while [...] Content analysis details: (49.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [165.16.181.49 listed in zen.spamhaus.org] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [165.16.181.49 listed in zen.spamhaus.org] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <https://www.spamcop.net/bl.shtml?165.16.181.49>] 8.0 BTC_HASHBL_BLACK Message contains BTC address found on BTC blocklist [bc1q926em06raz26plnkx50w9qf7mrwzqwlfqnz2x4] 1.1 GB_HASHBL_BTC Message contains BTC address found on BTCBL [bc1q926em06raz26plnkx50w9qf7mrwzqwlfqnz2x4] 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [165.16.181.49 listed in sa-accredit.habeas.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam (FTSDMCXX/boundary variant) + no rDNS 2.5 BITCOIN_XPRIO Bitcoin + priority 3.5 BITCOIN_VISTA Bitcoin + old MSFT msgid format 8.5 KAM_CRIM Extortion Email 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 1.0 KAM_HTMLNOISE Spam containing useless HTML padding 0.0 BITCOIN_SPAM_09 BitCoin spam pattern 09 1.9 BITCOIN_SPAM_03 BitCoin spam pattern 03 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 0.6 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX 3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers 1.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2 2.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam (FTSDMCXX/boundary variant) + direct-to-MX 0.5 PDS_BTC_ID FP reduced Bitcoin ID 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [165.16.181.49 listed in bl.score.senderscore.com] 3.0 BITCOIN_DEADLINE BitCoin with a deadline X-Spam-Flag: YES Subject: ***SPAM*** Fw: This is a multi-part message in MIME format. ------=_NextPart_000_0018_01DBF80F.030A7A22 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Consider this message as your last warning. We hacked your system! We have copied all the data from your device to our own servers. Curious videos were recorded from your camera and your actions while = watching porn. Your device was infected with our virus when you visited the porn site. The Trojan virus gives us full access, allows us to control your device. The virus allows not only to see your screen, but also to turn on your = camera, microphone, without your knowledge. We took over the video from your screen and camera, then we mounted a = video in which you can see you watching porn in one part of the screen = and masturbating in the other. But that’s not all! We have access to all the contacts in your = phone book and social networks. It won’t take us long to send this video to your friends, family = and friends on social networks, messengers and email in minutes. We have a lot of audio recordings of your personal conversations, where = a lot of “interesting” things are revealed! This information can destroy your reputation once and for all in a = matter of minutes. You have an opportunity to prevent irreversible consequences. To do this: Transfer 1300 $ USD (US dollars) to our bitcoin wallet. Don’t know how to make a transfer? Enter the query “Buy = bitcoins” into the search field. Our bitcoin wallet bc1q926em06raz26plnkx50w9qf7mrwzqwlfqnz2x4 After making the payment, your video and audio recordings will be = completely destroyed and you can be 100% sure that we won’t bother = you again. You have time to think about it and make the transfer - 50 hours! After you read this letter, we will get an automatic notification. From = that moment on, the timer will start. It is useless to complain, because bitcoin-wallets cannot be tracked, as = well as the mail from which the letter arrived to you. We also do not advise you to send this letter to anybody. In this case the system will automatically send a request to the server, = and all data will be published in social networks and messengers. You will not be able to solve the problem by changing passwords in = social networks, as all the information is already downloaded to the = cluster of our servers. Think about what your reputation means to you and how much the = consequences will be. You have 50 hours. ------=_NextPart_000_0018_01DBF80F.030A7A22 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2900.6058" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <!DOCTYPE html><html><head><meta = charset=3D"utf-8"><title></title><style></style></head><body = id=3D"preview"> <p class=3D"has-line-data" data-line-start=3D"0" = data-line-end=3D"5">Consider this message as your last warning.<br> We hacked your system!<br> We have copied all the data from your device to our own servers.<br> Curious videos were recorded from your camera and your actions while = watching porn.<br> Your device was infected with our virus when you visited the porn = site.</p> <p class=3D"has-line-data" data-line-start=3D"6" data-line-end=3D"8">The = Trojan virus gives us full access, allows us to control your device.<br> The virus allows not only to see your screen, but also to turn on your = camera, microphone, without your knowledge.</p> <p class=3D"has-line-data" data-line-start=3D"9" data-line-end=3D"11">We = took over the video from your screen and camera, then we mounted a video = in which you can see you watching porn in one part of the screen and = masturbating in the other.<br> But that’s not all! We have access to all the contacts in your = phone book and social networks.</p> <p class=3D"has-line-data" data-line-start=3D"13" = data-line-end=3D"16">It won’t take us long to send this video to = your friends, family and friends on social networks, messengers and = email in minutes.<br> We have a lot of audio recordings of your personal conversations, where = a lot of “interesting” things are revealed!<br> This information can destroy your reputation once and for all in a = matter of minutes.</p> <p class=3D"has-line-data" data-line-start=3D"17" = data-line-end=3D"20">You have an opportunity to prevent irreversible = consequences.<br> To do this:<br> Transfer 1300 $ USD (US dollars) to our bitcoin wallet.</p> <p class=3D"has-line-data" data-line-start=3D"21" = data-line-end=3D"23">Don’t know how to make a transfer? Enter the = query “Buy bitcoins” into the search field.<br> Our bitcoin wallet bc1q926em06raz26plnkx50w9qf7mrwzqwlfqnz2x4</p> <p class=3D"has-line-data" data-line-start=3D"24" = data-line-end=3D"26">After making the payment, your video and audio = recordings will be completely destroyed and you can be 100% sure that we = won’t bother you again.<br> You have time to think about it and make the transfer - 50 hours!</p> <p class=3D"has-line-data" data-line-start=3D"27" = data-line-end=3D"30">After you read this letter, we will get an = automatic notification. From that moment on, the timer will start.<br> It is useless to complain, because bitcoin-wallets cannot be tracked, as = well as the mail from which the letter arrived to you.<br> We also do not advise you to send this letter to anybody.</p> <p class=3D"has-line-data" data-line-start=3D"31" = data-line-end=3D"34">In this case the system will automatically send a = request to the server, and all data will be published in social networks = and messengers.<br> You will not be able to solve the problem by changing passwords in = social networks, as all the information is already downloaded to the = cluster of our servers.<br> Think about what your reputation means to you and how much the = consequences will be.</p> <p class=3D"has-line-data" data-line-start=3D"35" = data-line-end=3D"36">You have 50 hours.</p> </body></html></BODY></HTML> ------=_NextPart_000_0018_01DBF80F.030A7A22--