| Dir : /home/ithome/mail/cur/ |
| Server: Linux host100322.itwesthosting.com 3.10.0-1160.144.1.el7.tuxcare.els4.x86_64 #1 SMP Tue Apr 7 08:40:40 UTC 2026 x86_64 IP: 144.91.64.173 |
| Dir : /home/ithome/mail/cur/1756697816.M258061P25581.host100322.itwesthosting.com,S=10914,W=11129:2, |
Return-Path: <admin@nsnoc02.noc.biztech.co.jp>
Delivered-To: ithome@host100322.itwesthosting.com
Received: from host100322.itwesthosting.com
by host100322.itwesthosting.com with LMTP
id 2GQ2D9gUtWjtYwAAp0YrwQ
(envelope-from <admin@nsnoc02.noc.biztech.co.jp>)
for <ithome@host100322.itwesthosting.com>; Mon, 01 Sep 2025 05:36:56 +0200
Return-path: <admin@nsnoc02.noc.biztech.co.jp>
Envelope-to: sanda.ivcic@h1telekom.hr
Delivery-date: Mon, 01 Sep 2025 05:36:56 +0200
Received: from static-189-206-67-149.alestra.net.mx ([189.206.67.149]:50319)
by host100322.itwesthosting.com with esmtp (Exim 4.96.2)
(envelope-from <admin@nsnoc02.noc.biztech.co.jp>)
id 1usvLj-0006fi-18
for sanda.ivcic@h1telekom.hr;
Mon, 01 Sep 2025 05:36:56 +0200
Message-ID: <9AA2475A967FBF8BB3564B876EAE9AA2@WRSWXUSHNX>
From: "karlis ziv" <admin@nsnoc02.noc.biztech.co.jp>
To: <sanda.ivcic@h1telekom.hr>
Date: 31 Aug 2025 14:10:51 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0034_01DC1ABF.0717ECFD"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
X-Spam-Status: Yes, score=31.3
X-Spam-Score: 313
X-Spam-Bar: +++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "host100322.itwesthosting.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Consider this message as your last warning. We hacked your
system! We have copied all the data from your device to our own servers.
Curious videos were recorded from your camera and your actions while [...]
Content analysis details: (31.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[189.206.67.149 listed in zen.spamhaus.org]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see <https://www.spamcop.net/bl.shtml?189.206.67.149>]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[189.206.67.149 listed in sa-accredit.habeas.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[189.206.67.149 listed in bl.score.senderscore.com]
1.1 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
0.0 BITCOIN_VISTA Bitcoin + old MSFT msgid format
1.0 BITCOIN_SPAM_09 BitCoin spam pattern 09
8.5 KAM_CRIM Extortion Email
1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
anti-forgery methods
1.0 KAM_HTMLNOISE Spam containing useless HTML padding
0.0 PDS_BTC_ID FP reduced Bitcoin ID
0.0 BITCOIN_XPRIO Bitcoin + priority
0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP
addr 1)
1.4 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE
3.0 BITCOIN_DEADLINE BitCoin with a deadline
0.0 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
0.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
X-Spam-Flag: YES
Subject: ***SPAM*** no subject
X-From-Rewrite: unmodified, forwarded message
This is a multi-part message in MIME format.
------=_NextPart_000_0034_01DC1ABF.0717ECFD
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Consider this message as your last warning.
We hacked your system!
We have copied all the data from your device to our own servers.
Curious videos were recorded from your camera and your actions while =
watching porn.
Your device was infected with our virus when you visited the porn site.
The Trojan virus gives us full access, allows us to control your device.
The virus allows not only to see your screen, but also to turn on your =
camera, microphone, without your knowledge.
We took over the video from your screen and camera, then we mounted a =
video in which you can see you watching porn in one part of the screen =
and masturbating in the other.
But that’s not all! We have access to all the contacts in your =
phone book and social networks.
It won’t take us long to send this video to your friends, family =
and friends on social networks, messengers and email in minutes.
We have a lot of audio recordings of your personal conversations, where =
a lot of “interesting” things are revealed!
This information can destroy your reputation once and for all in a =
matter of minutes.
You have an opportunity to prevent irreversible consequences.
To do this:
Transfer 1300 $ USD (US dollars) to our bitcoin wallet.
Don’t know how to make a transfer? Enter the query “Buy =
bitcoins” into the search field.
Our bitcoin wallet bc1qny9ycp7lmfljjzcptknk3qxu09qpu08740vug2
After making the payment, your video and audio recordings will be =
completely destroyed and you can be 100% sure that we won’t bother =
you again.
You have time to think about it and make the transfer - 50 hours!
After you read this letter, we will get an automatic notification. From =
that moment on, the timer will start.
It is useless to complain, because bitcoin-wallets cannot be tracked, as =
well as the mail from which the letter arrived to you.
We also do not advise you to send this letter to anybody.
In this case the system will automatically send a request to the server, =
and all data will be published in social networks and messengers.
You will not be able to solve the problem by changing passwords in =
social networks, as all the information is already downloaded to the =
cluster of our servers.
Think about what your reputation means to you and how much the =
consequences will be.
You have 50 hours.
------=_NextPart_000_0034_01DC1ABF.0717ECFD
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.6058" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<!DOCTYPE html><html><head><meta =
charset=3D"utf-8"><title></title><style></style></head><body =
id=3D"preview">
<p class=3D"has-line-data" data-line-start=3D"0" =
data-line-end=3D"5">Consider this message as your last warning.<br>
We hacked your system!<br>
We have copied all the data from your device to our own servers.<br>
Curious videos were recorded from your camera and your actions while =
watching porn.<br>
Your device was infected with our virus when you visited the porn =
site.</p>
<p class=3D"has-line-data" data-line-start=3D"6" data-line-end=3D"8">The =
Trojan virus gives us full access, allows us to control your device.<br>
The virus allows not only to see your screen, but also to turn on your =
camera, microphone, without your knowledge.</p>
<p class=3D"has-line-data" data-line-start=3D"9" data-line-end=3D"11">We =
took over the video from your screen and camera, then we mounted a video =
in which you can see you watching porn in one part of the screen and =
masturbating in the other.<br>
But that’s not all! We have access to all the contacts in your =
phone book and social networks.</p>
<p class=3D"has-line-data" data-line-start=3D"13" =
data-line-end=3D"16">It won’t take us long to send this video to =
your friends, family and friends on social networks, messengers and =
email in minutes.<br>
We have a lot of audio recordings of your personal conversations, where =
a lot of “interesting” things are revealed!<br>
This information can destroy your reputation once and for all in a =
matter of minutes.</p>
<p class=3D"has-line-data" data-line-start=3D"17" =
data-line-end=3D"20">You have an opportunity to prevent irreversible =
consequences.<br>
To do this:<br>
Transfer 1300 $ USD (US dollars) to our bitcoin wallet.</p>
<p class=3D"has-line-data" data-line-start=3D"21" =
data-line-end=3D"23">Don’t know how to make a transfer? Enter the =
query “Buy bitcoins” into the search field.<br>
Our bitcoin wallet bc1qny9ycp7lmfljjzcptknk3qxu09qpu08740vug2</p>
<p class=3D"has-line-data" data-line-start=3D"24" =
data-line-end=3D"26">After making the payment, your video and audio =
recordings will be completely destroyed and you can be 100% sure that we =
won’t bother you again.<br>
You have time to think about it and make the transfer - 50 hours!</p>
<p class=3D"has-line-data" data-line-start=3D"27" =
data-line-end=3D"30">After you read this letter, we will get an =
automatic notification. From that moment on, the timer will start.<br>
It is useless to complain, because bitcoin-wallets cannot be tracked, as =
well as the mail from which the letter arrived to you.<br>
We also do not advise you to send this letter to anybody.</p>
<p class=3D"has-line-data" data-line-start=3D"31" =
data-line-end=3D"34">In this case the system will automatically send a =
request to the server, and all data will be published in social networks =
and messengers.<br>
You will not be able to solve the problem by changing passwords in =
social networks, as all the information is already downloaded to the =
cluster of our servers.<br>
Think about what your reputation means to you and how much the =
consequences will be.</p>
<p class=3D"has-line-data" data-line-start=3D"35" =
data-line-end=3D"36">You have 50 hours.</p>
</body></html></BODY></HTML>
------=_NextPart_000_0034_01DC1ABF.0717ECFD--