Google
Edit File: 1774441756.M550456P1264156.server-619288.prediksijaya.com,S=8168,W=8316
Return-Path: <JohnGreen67947@gmail.com> Delivered-To: angker+spam@server-619288.prediksijaya.com Received: from server-619288.prediksijaya.com by server-619288.prediksijaya.com with LMTP id HyofIBzVw2kcShMAf7/9AQ (envelope-from <JohnGreen67947@gmail.com>) for <angker+spam@server-619288.prediksijaya.com>; Wed, 25 Mar 2026 19:29:16 +0700 Return-path: <JohnGreen67947@gmail.com> Envelope-to: winbr@ponjosonek.com Delivery-date: Wed, 25 Mar 2026 19:29:16 +0700 Received: from [119.1.46.125] (port=54945 helo=[0.0.0.0]) by server-619288.prediksijaya.com with esmtp (Exim 4.99.1) (envelope-from <JohnGreen67947@gmail.com>) id 1w5NMH-00000005In2-25yy for winbr@ponjosonek.com; Wed, 25 Mar 2026 19:29:16 +0700 Received: from khwmqrr ([109.251.215.218]) by 26252.com with MailEnable ESMTP; Wed, 25 Mar 2026 20:29:14 +0800 Received: (qmail 13528 invoked by uid 135); 25 Mar 2026 20:29:12 +0800 From: John Green <JohnGreen67947@gmail.com> To: winbr@ponjosonek.com Date: Wed, 25 Mar 2026 20:29:14 +0800 Message-ID: <135281.135281@26252.com> Mime-Version: 1.0 Content-type: text/plain; X-Spam-Status: Yes, score=29.9 X-Spam-Score: 299 X-Spam-Bar: +++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "server-619288.prediksijaya.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Hi, Your device was infected by my private malware. An outdated browser makes you vulnerable, simply visiting a malicious website containing my iframe can result in automatic infection. Content analysis details: (29.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [119.1.46.125 listed in list.dnswl.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URI: bitrefill.com] [URI: binance.com] [URI: crypto.com] [URI: kucoin.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [119.1.46.125 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [119.1.46.125 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [119.1.46.125 listed in sa-accredit.habeas.com] 1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict Alignment 0.2 KAM_DMARC_NONE DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy 1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [johngreen67947(at)gmail.com] 1.0 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit [johngreen67947(at)gmail.com] 0.5 SUBJ_ALL_CAPS Subject is all capitals 1.5 RCVD_IN_HOSTKARMA_BL RBL: Sender listed in HOSTKARMA-BLACK [119.1.46.125 listed in hostkarma.junkemailfilter.com] 8.0 BTC_HASHBL_BLACK Message contains BTC address found on BTC blocklist [18zexfvpsvbgikmjcgasa1r4j48hljuinl] 1.1 GB_HASHBL_BTC Message contains BTC address found on BTCBL [18zexfvpsvbgikmjcgasa1r4j48hljuinl] 0.8 GB_FREEMAIL_NUM Freemail spammy address 0.1 MALFORMED_FREEMAIL Bad headers on message from free email service 2.0 RDNS_NONE Delivered to internal network by a host with no rDNS 4.5 KAM_GRABBAG9 Garbage email from a garbage freemail account 0.2 PDS_BTC_ID FP reduced Bitcoin ID 0.0 BITCOIN_SPAM_05 BitCoin spam pattern 05 2.0 GB_GMAIL_NUM Spam from random Gmail address 1.3 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS 0.2 HELO_MISC_IP Looking for more Dynamic IP Relays 2.2 BITCOIN_EXTORT_01 Extortion spam, pay via BitCoin 1.0 SPOOFED_FREEMAIL No description available. 0.7 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be... 0.0 GB_BITCOIN_CP Localized Bitcoin scam X-Spam-Flag: YES Subject: YOU PERVERT, I RECORDED YOU! Hi, Your device was infected by my private malware. An outdated browser makes you vulnerable, simply visiting a malicious website containing my iframe can result in automatic infection. For further information search for 'Drive-by exploit' on Google. My malware has granted me full access to your accounts, complete control over your device, and the ability to monitor you via your camera. If you believe this is a joke, no, I know your password: 2&2kjjKh3aL I have collected all your private data and RECORDED FOOTAGE OF YOU MASTRUBATING THROUGH YOUR CAMERA! To erase all traces, I have removed my malware. If you doubt my seriousness, it takes only a few clicks to share your private video with friends, family, contacts, social networks, the darknet, or to publish your files. You are the only one who can stop me, and I am here to help. The only way to prevent further damage is to pay exactly $2800 in Bitcoin (BTC). This is a reasonable offer compared to the potential consequences of disclosure. You can purchase Bitcoin (BTC) from reputable exchanges here: http://binance.com - Payment options: Credit/debit cards, bank transfers, P2P trading, third-party payment providers, and gift cards. http://bitrefill.com - Payment options: Paysafecard, credit/debit cards, crypto, bank transfer, and other gift card options. http://crypto.com - Payment options: Credit/debit cards, bank transfers, Apple Pay, Google Pay, and more. http://kucoin.com - Payment options: Credit/debit cards, bank transfer, third-party payment providers, and peer-to-peer. Once purchased, you can send the Bitcoin directly to my wallet address or use a wallet application such as Atomic Wallet or Exodus Wallet to manage your transactions. My Bitcoin (BTC) wallet address is: 18zeXFVpsVbgikMJCGasA1R4J48HLjUiNL Copy and paste this address carefully, as it is case-sensitive. You have 3 days to complete the payment. Since I have access to this email account, I will be aware if this message has been read. Upon receipt of the payment, I will remove all traces of my malware, and you can resume your normal life peacefully. I keep my promises! In the future, ensure your device has the latest security updates installed.