Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by slot

1. Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
2. by sloti27t08 (Cyrus 3.1.5-895-g0d23ba6-fmstable-20190213v1) with LMTPA;
3. Wed, 20 Feb 2019 02:36:36 -0500
4. X-Cyrus-Session-Id: sloti27t08-1550648196-3468951-2-18130523575569834231
5. X-Sieve: CMU Sieve 3.0
6. X-Spam: high
7. X-Spam-score: 29.8
8. X-Spam-source: IP='178.221.171.139', Host='178-221-171-139.dynamic.isp.telekom.rs',
9. Country='RS', FromHeader='com', MailFrom='com'
10. X-Spam-charsets: plain='ibm852'
11. X-Delivered-to: riley@fastmail.com
12. Received: from mx5 ([10.202.2.204])
13. by compute3.internal (LMTPProxy); Wed, 20 Feb 2019 02:36:36 -0500
14. Received: from mx5.messagingengine.com (localhost [127.0.0.1])
15. by mailmx.nyi.internal (Postfix) with ESMTP id D0B8CC695B
16. for <riley@fastmail.com>; Wed, 20 Feb 2019 02:36:34 -0500 (EST)
17. Received: from mx5.messagingengine.com (localhost [127.0.0.1])
18. by mx5.messagingengine.com (Authentication Milter) with ESMTP
19. id A03BE6D21C0;
20. Wed, 20 Feb 2019 02:36:34 -0500
21. ARC-Seal: i=1; a=rsa-sha256; cv=none; d=messagingengine.com; s=fm2; t=
22. 1550648194; b=rhytQB+Ik3UX2TEriuUlf5JbckeXhOLs9Uof5wg0YI/YoTnNg/
23. GIIBa5BzPjNCABWvkpObY6cKQBnZPcofaQHGnIfCOv5erXCQ0L4BokLetsdDyr6M
24. 8QzgcTKwa23wvzApoAbXbdPAE7MKtLI4VXraQc9ap41/oNeA8oEVMpOdT4FWAZQj
25. 2ezFx4enRAzCPtyZI7OcOJ/Znk36CutDuEeR7jV2Oac52ibld/QcL2tz0b8nXXG5
26. w4jIPz6+gK21ArsdjNDNMKfUXMyDgr0mDSnblczfQJMheMzwM+E+yCspwanQHV2i
27. eerbXvwOMgUeHGd0tYBBJfveAS9O0PK1fW8Q==
28. ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
29. messagingengine.com; h=message-id:from:to:subject:date
30. :mime-version:content-type:content-transfer-encoding; s=fm2; t=
31. 1550648194; bh=xsSR5C1E22LCrbRny10tqUm8Sm+eFjPk9hm0oRYHfu8=; b=N
32. OHlBsJ2gNDhTLRLn7TbvSN2rq5c/3LZ1j7fbSWeTDew4bI5gb5i+dVFOHFZVAOk8
33. BVBI8B2ze5ESk/I3MG4SybaBuOeTHoGf6Z0Qb+n6wVvpJzQRWccFFXCnf2ItC+kk
34. pKikW/JTxJNHLxc1S9WKixUJdbHpzgqG5sz32w/zfIp9rCCFWhdun1i08j8/JAGl
35. kEfNHdGQPlONYLAiIO9GzRwPsXwNFmCfRHqVp4s5gAl0t5n+Qui8VlZMDvcxH4vT
36. xA8LV9NiwbH1qtQoe73Bs6UH9PvmHS5XfrwAbsB8p+aRKoLzYUAo2D858cEphTJ/
37. K7Vr7IDoMyedhAMqvwkHA==
38. ARC-Authentication-Results: i=1; mx5.messagingengine.com; arc=none (no signatures found);
39. dkim=none (no signatures found);
40. dmarc=fail policy.published-domain-policy=none
41. policy.applied-disposition=none policy.evaluated-disposition=none
42. policy.arc-aware-result=fail
43. (p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
44. header.from=fastmail.com;
45. iprev=pass smtp.remote-ip=178.221.171.139
46. (178-221-171-139.dynamic.isp.telekom.rs);
47. spf=neutral smtp.mailfrom=riley@fastmail.com
48. smtp.helo=178-221-171-139.dynamic.isp.telekom.rs;
49. x-aligned-from=pass (Address match);
50. x-ptr=pass smtp.helo=178-221-171-139.dynamic.isp.telekom.rs
51. policy.ptr=178-221-171-139.dynamic.isp.telekom.rs;
52. x-return-mx=pass header.domain=fastmail.com policy.is_org=yes
53. (MX Record found);
54. x-return-mx=pass smtp.domain=fastmail.com policy.is_org=yes
55. (MX Record found);
56. x-vs=spam score=500 state=1;
57. x-zs=dynamic
58. Authentication-Results: mx5.messagingengine.com;
59. arc=none (no signatures found);
60. dkim=none (no signatures found);
61. dmarc=fail policy.published-domain-policy=none
62. policy.applied-disposition=none policy.evaluated-disposition=none
63. policy.arc-aware-result=fail
64. (p=none,d=none,d.eval=none,arc_aware_result=fail) policy.policy-from=p
65. header.from=fastmail.com;
66. iprev=pass smtp.remote-ip=178.221.171.139
67. (178-221-171-139.dynamic.isp.telekom.rs);
68. spf=neutral smtp.mailfrom=riley@fastmail.com
69. smtp.helo=178-221-171-139.dynamic.isp.telekom.rs;
70. x-aligned-from=pass (Address match);
71. x-ptr=pass smtp.helo=178-221-171-139.dynamic.isp.telekom.rs
72. policy.ptr=178-221-171-139.dynamic.isp.telekom.rs;
73. x-return-mx=pass header.domain=fastmail.com policy.is_org=yes
74. (MX Record found);
75. x-return-mx=pass smtp.domain=fastmail.com policy.is_org=yes
76. (MX Record found);
77. x-vs=spam score=500 state=1;
78. x-zs=dynamic
79. X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedutddrtdehgdduudefucetufdoteggodetrfdotf
80. fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
81. rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucgohfhorhgsihguuggvnh
82. fjughrucdlhedttddmnecujfgurhepkffhvffuffggtgfgofesthekredtredtreenucfh
83. rhhomhepoehrihhlvgihsehfrghsthhmrghilhdrtghomheqnecukfhppedujeekrddvvd
84. durddujedurddufeelnecurfgrrhgrmhepihhnvghtpedujeekrddvvddurddujedurddu
85. feelpdhhvghlohepudejkedqvddvuddqudejuddqudefledrugihnhgrmhhitgdrihhsph
86. drthgvlhgvkhhomhdrrhhspdhmrghilhhfrhhomhepoehrihhlvgihsehfrghsthhmrghi
87. lhdrtghomheqnecuvehluhhsthgvrhfuihiivgeptd
88. X-ME-VSScore: 500
89. X-ME-VSCategory: spam
90. X-ME-ZSResult: dynamic
91. Received-SPF: neutral
92. (fastmail.com: Domain does not state whether sender is authorized to use 'riley@fastmail.com' in 'mfrom' identity (mechanism '?all' matched))
93. receiver=mx5.messagingengine.com;
94. identity=mailfrom;
95. envelope-from="riley@fastmail.com";
96. helo=178-221-171-139.dynamic.isp.telekom.rs;
97. client-ip=178.221.171.139
98. Received: from 178-221-171-139.dynamic.isp.telekom.rs (178-221-171-139.dynamic.isp.telekom.rs [178.221.171.139])
99. by mx5.messagingengine.com (Postfix) with ESMTP
100. for <riley@fastmail.com>; Wed, 20 Feb 2019 02:36:33 -0500 (EST)
101. Message-ID: <908883906599113240277845@fastmail.com>
102. From: <riley@fastmail.com>
103. To: "indya123" <riley@fastmail.com>
104. Subject: Hackers know password from your account. Password must be changed now.
105. Date: 20 Feb 2019 08:25:34 +0000
106. MIME-Version: 1.0
107. Content-type: text/plain;
108. charset="ibm852"
109. Content-transfer-encoding: 8bit
110. X-Mailer: Lfjepi iitfgfj
111.  
112. I'll begin with the most important.
113.  
114. I hacked your device and then got access to all your accounts... Including riley@fastmail.com.
115. It is easy to check - I wrote you this email from your account.
116. And at the moment of hacking your account (riley@fastmail.com) had this password: indya123
117.  
118. Moreover, I know your intim secret, and I have proof of this.
119. You do not know me personally, and no one paid me to check you.
120.  
121. It is just a coincidence that I discovered your mistake.
122. In fact, I posted a malicious code (exploit) to an adult site, and you visited this site...
123.  
124. While watching a video Trojan virus has been installed on your device through an exploit.
125. This darknet software working as RDP (remote-controlled desktop), which has a keylogger,
126. which gave me access to your microphone and webcam.
127. Soon after, my software received all your contacts from your messenger, social network and email.
128.  
129. At that moment I spent much more time than I should have.
130. I studied your love life and created a good video series.
131. The first part shows the video that you watched,
132. and the second part shows the video clip taken from your webcam (you are doing inappropriate things).
133.  
134. Honestly, I want to forget all the information about you and allow you to continue your daily life.
135. And I will give you two suitable options. Both are easy to do.
136. First option: you ignore this email.
137. The second option: you pay me $750(USD).
138.  
139. Let's look at 2 options in detail.
140.  
141. The first option is to ignore this email.
142. Let me tell you what happens if you choose this path.
143. I will send your video to your contacts, including family members, colleagues, etc.
144. This does not protect you from the humiliation that you and
145. your family need to know when friends and family members know about your unpleasant details.
146.  
147. The second option is to pay me. We will call this "privacy advice."
148. Now let me tell you what happens if you choose this path.
149. Your secret is your secret. I immediately destroy the video.
150. You continue your life as if none of this has happened.
151.  
152. Now you might think: "I'll call to police!"
153. Undoubtedly, I have taken steps to ensure that this letter cannot be traced to me,
154. and it will not remain aloof from the evidence of the destruction of your daily life.
155. I don't want to steal all your savings.
156. I just want to get compensation for my efforts that I put in to investigate you.
157. Let us hope that you decide to create all this in full and pay me a fee for confidentiality.
158. You make a Bitcoin payment (if you don't know how to do it, just enter "how to buy bitcoins" in Google search)
159.  
160. Shipping amount: $750(USD).
161. Getting Bitcoin Addresses: 18pKQ88ZpatLYmyeKpuCFwvRFcjHjwVB2u
162. (This is sensitive, so copy and paste it carefully)
163.  
164. Don't tell anyone what to use bitcoins for. The procedure for obtaining bitcoins can take several days, so do not wait.
165.  
166. I have a spetial code in Trojan, and now I know that you have read this letter.
167. You have 48 hours to pay.
168. If I don't get BitCoins, I'll send your video to your contacts, including close relatives, co-workers, and so on.
169. Start looking for the best excuse for friends and family before they all know.
170. But if I get paid, I immediately delete the video.
171.  
172. This is a one-time offer that is non-negotiable, so do not waste my and your time.
173. Time is running out.
174.  
175. Bye!