Google
Edit File: 1769157098.M339352P2312470.server-619288.prediksijaya.com,S=7091,W=7226:2,a
Return-Path: <JohnBlue@hola.com> Delivered-To: angker+spam@server-619288.prediksijaya.com Received: from server-619288.prediksijaya.com by server-619288.prediksijaya.com with LMTP id d/PSE+oxc2kWSSMAf7/9AQ (envelope-from <JohnBlue@hola.com>) for <angker+spam@server-619288.prediksijaya.com>; Fri, 23 Jan 2026 15:31:38 +0700 Return-path: <JohnBlue@hola.com> Envelope-to: vavadainua@ponjosonek.com Delivery-date: Fri, 23 Jan 2026 15:31:38 +0700 Received: from 2.135.24.226.dynamic.telecom.kz ([2.135.24.226]:52313) by server-619288.prediksijaya.com with esmtp (Exim 4.99.1) (envelope-from <JohnBlue@hola.com>) id 1vjCZl-00000009hRJ-0MpI for vavadainua@ponjosonek.com; Fri, 23 Jan 2026 15:31:37 +0700 Received: from nchkufp ([203.199.18.218]) by 20074.com with MailEnable ESMTP; Fri, 23 Jan 2026 14:31:30 +0600 Received: (qmail 57697 invoked by uid 576); 23 Jan 2026 14:31:28 +0600 From: John Blue <JohnBlue@hola.com> To: vavadainua@ponjosonek.com Date: Fri, 23 Jan 2026 14:31:30 +0600 Message-ID: <576979.576979@20074.com> Mime-Version: 1.0 Content-type: text/plain; X-Spam-Status: Yes, score=30.4 X-Spam-Score: 304 X-Spam-Bar: ++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "server-619288.prediksijaya.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hi, today I have some sad news for you. Your device was infected with my private malware. Your browser wasn't updated, in this case, it is enough to just visit a website where my iframe is placed to get automatically infected. Content analysis details: (30.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URI: cex.io] [URI: invity.io] [URI: bitpay.com] [URI: paybis.com] [URI: nexo.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [2.135.24.226 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [2.135.24.226 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [2.135.24.226 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [2.135.24.226 listed in list.dnswl.org] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 1.5 KAM_DMARC_QUARANTINE DKIM has Failed or SPF has failed on the message and the domain has a DMARC quarantine policy 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 2.9 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.0 TVD_RCVD_IP Message was received from an IP address 8.0 BTC_HASHBL_BLACK Message contains BTC address found on BTC blocklist [18dgwwhcc7imoa3vdrwyun3ksamgy9n6ec] 2.1 GB_HASHBL_BTC Message contains BTC address found on BTCBL [18dgwwhcc7imoa3vdrwyun3ksamgy9n6ec] 0.5 SUBJ_ALL_CAPS Subject is all capitals 0.0 KAM_SHORT Use of a URL Shortener for very short URL 8.5 KAM_CRIM Extortion Email 2.6 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.5 PDS_BTC_ID FP reduced Bitcoin ID 2.3 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin X-Spam-Flag: YES Subject: YOU PERVERT! I RECORDED YOU! Hi, today I have some sad news for you. Your device was infected with my private malware. Your browser wasn't updated, in this case, it is enough to just visit a website where my iframe is placed to get automatically infected. If you want to find out more, Google: Drive-by exploit. My malware has given me full access to all your accounts, complete control over your device, and it was also possible to spy on you through your camera. If you think this is some bad joke, no, I know your password: 6#oPhad45oI I collected all your private data and I RECORDED YOU (through your camera) SATISFYING YOURSELF! After that, I removed my malware to leave no traces, this email was sent from a hacked server. If you still doubt my serious intentions, it only takes a couple of mouse clicks to share the video of you with your friends, relatives, all email contacts, on social networks, the darknet, and to publish all your files. You can stop me, and only I can help you in this situation. The only way to stop me is to pay exactly $800 in Bitcoin (BTC). It's a very good offer compared to all the horrible things that will happen if I publish everything. You can easily buy Bitcoin (BTC) here: https://cex.io/buy-bitcoins https://nexo.com/buy-crypto/bitcoin-btc https://bitpay.com/buy-bitcoin/?crypto=BTC https://paybis.com/ https://invity.io/buy-crypto You can send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomic Wallet or Exodus Wallet, then receive and send to mine. My Bitcoin (BTC) wallet address is: 18dGWwhCC7iMoa3VdRwyUn3ksAmGy9n6ec Yes, that's how the wallet/address looks, copy and paste it, it's (cAsE-sEnSEtiVE). I give you 3 days to pay. Since I have access to this email account, I will know if this email has already been read. After receiving the payment, I will remove everything, and you can live your life in peace like before. Don't worry, I keep my promise! Next time, make sure that your device has the latest security updates.