| Current File : /home/mak/mail/.spam/new/1757031448.M408397P7757.cloud.berardocollection.com,S=10763,W=10976 |
Return-Path: <jennysunson@chinaenzymes.com>
Delivered-To: mak+spam@cloud.berardocollection.com
Received: from cloud.berardocollection.com
by cloud.berardocollection.com with LMTP
id jCOqFxgsumhNHgAAuY/3dA
(envelope-from <jennysunson@chinaenzymes.com>)
for <mak+spam@cloud.berardocollection.com>; Fri, 05 Sep 2025 01:17:28 +0100
Return-path: <jennysunson@chinaenzymes.com>
Envelope-to: rgrs@mak.pt
Delivery-date: Fri, 05 Sep 2025 01:17:28 +0100
Received: from [181.169.48.64] (port=25269 helo=64-48-169-181.fibertel.com.ar)
by cloud.berardocollection.com with esmtp (Exim 4.98.1)
(envelope-from <jennysunson@chinaenzymes.com>)
id 1uuK8r-000000001xx-2QaM
for rgrs@mak.pt;
Fri, 05 Sep 2025 01:17:28 +0100
Message-ID: <004601dc1de1$0702dca1$43ecc185@oonlc>
From: "derward zhiwei" <jennysunson@chinaenzymes.com>
To: <rgrs@mak.pt>
Date: 4 Sep 2025 16:41:16 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0043_01DC1DE1.06FDDCED"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.5368
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.5368
X-Spam-Status: Yes, score=35.0
X-Spam-Score: 350
X-Spam-Bar: +++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "cloud.berardocollection.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Consider this message as your last warning. We hacked your
system! We have copied all the data from your device to our own servers.
Curious videos were recorded from your camera and your actions while [...]
Content analysis details: (35.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[181.169.48.64 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[181.169.48.64 listed in sa-trusted.bondedsender.org]
1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
0.0 HTML_MESSAGE BODY: HTML included in message
1.8 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
1.0 BITCOIN_SPAM_09 BitCoin spam pattern 09
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
anti-forgery methods
3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr 2)
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
2.5 RATWARE_NO_RDNS Suspicious MsgID and MIME boundary + no rDNS
2.9 HDR_ORDER_FTSDMCXX_NORDNS Header order similar to spam
(FTSDMCXX/boundary variant) + no rDNS
1.0 KAM_HTMLNOISE Spam containing useless HTML padding
8.5 KAM_CRIM Extortion Email
1.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.5 PDS_BTC_ID FP reduced Bitcoin ID
1.0 BITCOIN_XPRIO Bitcoin + priority
1.6 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam
(FTSDMCXX/boundary variant) + direct-to-MX
1.4 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.0 BITCOIN_DEADLINE BitCoin with a deadline
2.5 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
X-Spam-Flag: YES
Subject: ***SPAM*** no subject
This is a multi-part message in MIME format.
------=_NextPart_000_0043_01DC1DE1.06FDDCED
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Consider this message as your last warning.
We hacked your system!
We have copied all the data from your device to our own servers.
Curious videos were recorded from your camera and your actions while =
watching porn.
Your device was infected with our virus when you visited the porn site.
The Trojan virus gives us full access, allows us to control your device.
The virus allows not only to see your screen, but also to turn on your =
camera, microphone, without your knowledge.
We took over the video from your screen and camera, then we mounted a =
video in which you can see you watching porn in one part of the screen =
and masturbating in the other.
But that’s not all! We have access to all the contacts in your =
phone book and social networks.
It won’t take us long to send this video to your friends, family =
and friends on social networks, messengers and email in minutes.
We have a lot of audio recordings of your personal conversations, where =
a lot of “interesting” things are revealed!
This information can destroy your reputation once and for all in a =
matter of minutes.
You have an opportunity to prevent irreversible consequences.
To do this:
Transfer 1300 $ USD (US dollars) to our bitcoin wallet.
Don’t know how to make a transfer? Enter the query “Buy =
bitcoins” into the search field.
Our bitcoin wallet bc1qny9ycp7lmfljjzcptknk3qxu09qpu08740vug2
After making the payment, your video and audio recordings will be =
completely destroyed and you can be 100% sure that we won’t bother =
you again.
You have time to think about it and make the transfer - 50 hours!
After you read this letter, we will get an automatic notification. From =
that moment on, the timer will start.
It is useless to complain, because bitcoin-wallets cannot be tracked, as =
well as the mail from which the letter arrived to you.
We also do not advise you to send this letter to anybody.
In this case the system will automatically send a request to the server, =
and all data will be published in social networks and messengers.
You will not be able to solve the problem by changing passwords in =
social networks, as all the information is already downloaded to the =
cluster of our servers.
Think about what your reputation means to you and how much the =
consequences will be.
You have 50 hours.
------=_NextPart_000_0043_01DC1DE1.06FDDCED
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.5368" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<!DOCTYPE html><html><head><meta =
charset=3D"utf-8"><title></title><style></style></head><body =
id=3D"preview">
<p class=3D"has-line-data" data-line-start=3D"0" =
data-line-end=3D"5">Consider this message as your last warning.<br>
We hacked your system!<br>
We have copied all the data from your device to our own servers.<br>
Curious videos were recorded from your camera and your actions while =
watching porn.<br>
Your device was infected with our virus when you visited the porn =
site.</p>
<p class=3D"has-line-data" data-line-start=3D"6" data-line-end=3D"8">The =
Trojan virus gives us full access, allows us to control your device.<br>
The virus allows not only to see your screen, but also to turn on your =
camera, microphone, without your knowledge.</p>
<p class=3D"has-line-data" data-line-start=3D"9" data-line-end=3D"11">We =
took over the video from your screen and camera, then we mounted a video =
in which you can see you watching porn in one part of the screen and =
masturbating in the other.<br>
But that’s not all! We have access to all the contacts in your =
phone book and social networks.</p>
<p class=3D"has-line-data" data-line-start=3D"13" =
data-line-end=3D"16">It won’t take us long to send this video to =
your friends, family and friends on social networks, messengers and =
email in minutes.<br>
We have a lot of audio recordings of your personal conversations, where =
a lot of “interesting” things are revealed!<br>
This information can destroy your reputation once and for all in a =
matter of minutes.</p>
<p class=3D"has-line-data" data-line-start=3D"17" =
data-line-end=3D"20">You have an opportunity to prevent irreversible =
consequences.<br>
To do this:<br>
Transfer 1300 $ USD (US dollars) to our bitcoin wallet.</p>
<p class=3D"has-line-data" data-line-start=3D"21" =
data-line-end=3D"23">Don’t know how to make a transfer? Enter the =
query “Buy bitcoins” into the search field.<br>
Our bitcoin wallet bc1qny9ycp7lmfljjzcptknk3qxu09qpu08740vug2</p>
<p class=3D"has-line-data" data-line-start=3D"24" =
data-line-end=3D"26">After making the payment, your video and audio =
recordings will be completely destroyed and you can be 100% sure that we =
won’t bother you again.<br>
You have time to think about it and make the transfer - 50 hours!</p>
<p class=3D"has-line-data" data-line-start=3D"27" =
data-line-end=3D"30">After you read this letter, we will get an =
automatic notification. From that moment on, the timer will start.<br>
It is useless to complain, because bitcoin-wallets cannot be tracked, as =
well as the mail from which the letter arrived to you.<br>
We also do not advise you to send this letter to anybody.</p>
<p class=3D"has-line-data" data-line-start=3D"31" =
data-line-end=3D"34">In this case the system will automatically send a =
request to the server, and all data will be published in social networks =
and messengers.<br>
You will not be able to solve the problem by changing passwords in =
social networks, as all the information is already downloaded to the =
cluster of our servers.<br>
Think about what your reputation means to you and how much the =
consequences will be.</p>
<p class=3D"has-line-data" data-line-start=3D"35" =
data-line-end=3D"36">You have 50 hours.</p>
</body></html></BODY></HTML>
------=_NextPart_000_0043_01DC1DE1.06FDDCED--