PK œqhYî¶J‚ßFßF)nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/ $#$#$#

Dir : /home/ithome/mail/new/
Server: Linux host100322.itwesthosting.com 3.10.0-1160.144.1.el7.tuxcare.els4.x86_64 #1 SMP Tue Apr 7 08:40:40 UTC 2026 x86_64
IP: 144.91.64.173
Choose File :

Url:
Dir : /home/ithome/mail/new/1773832948.M251373P28926.host100322.itwesthosting.com,S=7267,W=7404

Return-Path: <JohnGreen67947@gmail.com>
Delivered-To: ithome@host100322.itwesthosting.com
Received: from host100322.itwesthosting.com
	by host100322.itwesthosting.com with LMTP
	id WEjdDvSKumn+cAAAp0YrwQ
	(envelope-from <JohnGreen67947@gmail.com>)
	for <ithome@host100322.itwesthosting.com>; Wed, 18 Mar 2026 12:22:28 +0100
Return-path: <JohnGreen67947@gmail.com>
Envelope-to: vedran.katavic@h1telekom.hr
Delivery-date: Wed, 18 Mar 2026 12:22:28 +0100
Received: from [84.54.72.27] (port=35057)
	by host100322.itwesthosting.com with esmtp (Exim 4.96.2)
	(envelope-from <JohnGreen67947@gmail.com>)
	id 1w2oyn-0007Wg-0U
	for vedran.katavic@h1telekom.hr;
	Wed, 18 Mar 2026 12:22:28 +0100
Received: from fvpychn ([31.176.118.208]) by 20448.com with MailEnable ESMTP; Wed, 18 Mar 2026 16:22:27 +0500
Received: (qmail 61158 invoked by uid 611); 18 Mar 2026 16:22:25 +0500
From: John Green <JohnGreen67947@gmail.com>
To: vedran.katavic@h1telekom.hr
Date: Wed, 18 Mar 2026 16:22:27 +0500
Message-ID: <611580.611580@20448.com>
Mime-Version: 1.0
Content-type: text/plain;
X-Spam-Status: Yes, score=21.1
X-Spam-Score: 211
X-Spam-Bar: +++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "host100322.itwesthosting.com",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Hi, Your device was infected by my private malware. An outdated
    browser makes you vulnerable, simply visiting a malicious website containing
    my iframe can result in automatic infection. 
 Content analysis details:   (21.1 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                             blocked.  See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: crypto.com]
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
                 [Blocked - see <https://www.spamcop.net/bl.shtml?84.54.72.27>]
  3.6 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                             [84.54.72.27 listed in zen.spamhaus.org]
  4.7 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
  1.5 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.5 SUBJ_ALL_CAPS          Subject is all capitals
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider
                             [johngreen67947[at]gmail.com]
  1.0 FORGED_GMAIL_RCVD      'From' gmail.com does not match 'Received'
                             headers
  0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
                              CUSTOM_MED
  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
                             in digit
                             [johngreen67947[at]gmail.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [84.54.72.27 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [84.54.72.27 listed in sa-accredit.habeas.com]
  2.0 PYZOR_CHECK            Listed in Pyzor
                             (https://pyzor.readthedocs.io/en/latest/)
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.2 KAM_DMARC_NONE         DKIM has Failed or SPF has failed on the message
                             and the domain has no DMARC policy
  2.0 RDNS_NONE              Delivered to internal network by a host with no rDNS
  0.0 PDS_BTC_ID             FP reduced Bitcoin ID
  0.0 FSL_BULK_SIG           Bulk signature with no Unsubscribe
  0.0 BITCOIN_EXTORT_01      Extortion spam, pay via BitCoin
  0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
  1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing
                             list
  0.0 SPOOFED_FREEMAIL       No description available.
  2.5 BITCOIN_SPAM_05        BitCoin spam pattern 05
  0.3 SPOOF_GMAIL_MID        From Gmail but it doesn't seem to be...
X-Spam-Flag: YES
Subject:  ***SPAM***  YOU PERVERT, I RECORDED YOU!
X-From-Rewrite: unmodified, forwarded message

Hi,

Your device was infected by my private malware.

An outdated browser makes you vulnerable, simply visiting a malicious website containing my iframe can result in automatic infection.

For further information search for 'Drive-by exploit' on Google.

My malware has granted me full access to your accounts, complete control over your device, and the ability to monitor you via your camera.

If you believe this is a joke, no, I know your password: Krcko123456!

I have collected all your private data and RECORDED FOOTAGE OF YOU MASTRUBATING THROUGH YOUR CAMERA!

To erase all traces, I have removed my malware.

If you doubt my seriousness, it takes only a few clicks to share your private video with friends, family, contacts, social networks, the darknet, or to publish your files.

You are the only one who can stop me, and I am here to help.

The only way to prevent further damage is to pay exactly $2800 in Bitcoin (BTC).

This is a reasonable offer compared to the potential consequences of disclosure.

You can purchase Bitcoin (BTC) from reputable exchanges here:

http://binance.com - Payment options: Credit/debit cards, bank transfers, P2P trading, third-party payment providers, and gift cards.
http://bitrefill.com - Payment options: Paysafecard, credit/debit cards, crypto, bank transfer, and other gift card options.
http://crypto.com - Payment options: Credit/debit cards, bank transfers, Apple Pay, Google Pay, and more.
http://kucoin.com - Payment options: Credit/debit cards, bank transfer, third-party payment providers, and peer-to-peer.

Once purchased, you can send the Bitcoin directly to my wallet address or use a wallet application such as Atomic Wallet or Exodus Wallet to manage your transactions.

My Bitcoin (BTC) wallet address is: 18zeXFVpsVbgikMJCGasA1R4J48HLjUiNL

Copy and paste this address carefully, as it is case-sensitive.

You have 3 days to complete the payment.

Since I have access to this email account, I will be aware if this message has been read.

Upon receipt of the payment, I will remove all traces of my malware, and you can resume your normal life peacefully.

I keep my promises!

In the future, ensure your device has the latest security updates installed.