Hello there!

Unfortunately, there are some bad news for you.
Around
several months ago I have
obtained access to your devices that you were using to
browse internet.
Subsequently, I have proceeded with tracking down
internet activities of yours.

Below, is the sequence of past events:
In the
past, I have bought
access from hackers to numerous email accounts (today,
that is a very
straightforward task that can be done online).
Clearly, I have
effortlessly
logged in to email account of yours ([DATA EXPUNGED]).

A week after
that, I have managed to install Trojan virus to Operating
Systems of all your
devices that are used for email access.
Actually, that was
quite simple
(because you were clicking the links in inbox emails).
All
smart things
are quite straightforward. (>_ Do not attempt to search for me -
there is
completely no point in that. All cryptocurrency transactions
remain anonymous at
all times.
> Do not attempt reinstalling the OS on devices
of yours or
get rid of them. It is meaningless too, because all your videos
are already
available at remote servers.

Below is the list of things you
don't
need to be concerned about:
> That I will not receive the money you
transferred.
- Don't you worry, I can still track it, after the transaction
is
successfully completed, because I still monitor all your activities
(trojan
virus of mine includes a remote-control option, just like TeamViewer).
>
That I still will make your videos available to public after your money
transfer is complete.
- Believe me, it is meaningless for me to keep on
making
your life complicated. If I indeed wanted to make it happen, it would
happen
long time ago!

Everything will be carried out based on fairness!

Before I forget...moving forward try not to get involved in this kind of
situations anymore!
An advice from me - regularly change all the passwords
to your
accounts.

Scammer email me that they have control over all my devices and demanding for bitcoins.

=====[ NOTES ]==================================================================

user name changed to 'xxxx'
user site changed to 'yyyy'

used https://www.iplocation.net/trace-email
or
https://whatismyip.live/ip-lookup
to trace origination

used https://bitcoinwhoswho.com/ to report it

Note that the origination point is usually a VPN, but with the origination point
and the time of mailing (both in the header) a law agency could (possibly
by mapping date/time & connections) trace the email back to the originator.


=====[ REPORT ]=================================================================

Type: Extortion Attempt, Identity Theft
Date: 20221102
Bitcoin Account: 12gHyoR78pjHpfueWUYyMudnwNMc6NGEPY
Email Source IP: 186.218.225.64

IP Location Info:

IP Address: 186.218.225.64
Reverse DNS:badae140.virtua.com.br
City: Coronel fabriciano
Region: Minas gerais
Country: Brazil (BR)
Organization/ISP: Claro NXT Telecomunicacoes Ltda
Latitude/Longitude: -19.4541, -42.6822


=====[ Email Header]============================================================

Return-Path:
Delivered-To: xxxx@yyyy.com
Received: (qmail 14641 invoked from network); 2 Nov 2022 20:59:05 -0000
Received: from unknown (HELO xsmtp21.mail2web.com) ([10.100.68.60])
(envelope-sender )
by XMAIl03.myhosting.com (qmail-ldap-1.03) with AES256-SHA encrypted SMTP
for ; 2 Nov 2022 20:58:55 -0000
Received: from tl-sag-mx01.telenetinfo.net ([74.122.244.156])
by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256)
(Exim 4.92)
id 1oqKp5-0003HQ-Cv
for xxxx@yyyy.com; Wed, 02 Nov 2022 13:58:55 -0700
Received: from mailcleaner by mailcleaner stage4 with local
with id 1oqKp4-0004uG-9G
for ; Wed, 02 Nov 2022 16:58:54 -0400
X-Failed-Recipients: dominique@plauto.ca
Auto-Submitted: auto-replied
From: Mail Delivery System
To: xxxx@yyyy.com
Subject: [spam][Bitdefender extortion detection] Mail delivery failed:
returning message to sender
Message-Id:
Date: Wed, 02 Nov 2022 16:58:54 -0400
X-SA-Exim-Connect-IP: 74.122.244.156
X-SA-Exim-Mail-From:
X-SA-Exim-Scanned: No (on xsmtp21.mail2web.com); SAEximRunCond expanded to false
X-BitdefenderWKS-SpamStamp: Build: [Engines: 2.16.5.1457, Stamp: 3],
Multi: [Enabled, t: (0.000016,0.035982)], BW: [Enabled, t:
(0.000041)], RTDA: [Enabled, t: (0.064445), Hit: Yes, Details:
v2.42.0; Id: 12.5204g9.1ggt29g2a.ib; mclb; categories: extortion(btc);
ip(1249571996:849;); fdom(a34f3bab123f289a60ffdddbddea72a5:1000;);
url(1);
ai(7-3d611bb94861ec1bd2e2b036d3161f94-rtdaai.v375.2957445452-model:999;);
btc(deb6cbf78c834f62a0c6bea7d8d64e4b:899;)], total: 1000(775)
X-BitdefenderWKS-Spam: Yes - 1000
X-BitdefenderWKS-Categories: extortion


=====[ Message Text]============================================================

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

dominique@plauto.ca
SMTP error from remote mail server after RCPT TO::
host mail.plauto.ca [74.122.246.146]: 550

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from [127.0.0.1] (helo=localhost.localdomain)
by mailcleaner stage4 with esmtp
with id 1oqKp4-0004u2-1I
for
from ; Wed, 02 Nov 2022 16:58:54 -0400
Received: from [186.218.225.64] (helo=badae140.virtua.com.br)
by tl-sag-mx01.telenetinfo.net stage1 with esmtp
(Exim MailCleaner)
id 1oqKp0-0004tk-8i
for
from ; Wed, 02 Nov 2022 16:58:50 -0400
X-MailCleaner-SPF: none
From:
To:
Date: 2 Nov 2022 13:47:46 -0400
MIME-Version: 1.0
Subject:{Spam?} You have an outstanding payment.
Message-ID:
Priority: normal
X-mailer: Pegasus Mail for Windows (4.61)
Content-type: text/plain; charset="windows-1250"
Content-transfer-encoding: 8BIT
Content-description: Mail message body
X-MailCleaner-RDNS: invalid reverse DNS for 186.218.225.64
X-PreRBLs: is spam (BARRACUDA)
X-MailCleaner-Information: Please contact infrastructure@telenetcommunications.com for more information
X-MailCleaner-ID: 1oqKp0-0004tr-Si
X-MailCleaner: Found to be clean
X-MailCleaner-SpamCheck: spam, PreRBLs (BARRACUDA)
X-Auto-Response-Suppress: DR, NDR, RN, NRN, OOF, AutoReply


Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (dominique@plauto.ca).

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_ Do not attempt to search for me - there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
> Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don't need to be concerned about:
> That I will not receive the money you transferred.
- Don't you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
> That I still will make your videos available to public after your money transfer is complete.
- Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget...moving forward try not to get involved in this kind of situations anymore!
An advice from me - regularly change all the passwords to your accounts.

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours.

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_ Do not attempt to search for me - there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
> Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don't need to be concerned about:
> That I will not receive the money you transferred.
- Don't you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
> That I still will make your videos available to public after your money transfer is complete.
- Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget...moving forward try not to get involved in this kind of situations anymore!
An advice from me - regularly change all the passwords to your accounts.

=====[ NOTES ]==================================================================

user name changed to 'xxxx'
user site changed to 'yyyy'

used https://www.iplocation.net/trace-email
or
https://whatismyip.live/ip-lookup
to trace origination

used https://bitcoinwhoswho.com/ to report it

Note that the origination point is usually a VPN, but with the origination point
and the time of mailing (both in the header) a law agency could (possibly
by mapping date/time & connections) trace the email back to the originator.


=====[ REPORT ]=================================================================

Type: Extortion Attempt, Identity Theft
Date: 20221104
Bitcoin Account: 12gHyoR78pjHpfueWUYyMudnwNMc6NGEPY
Email Source IP: 89.67.127.150

IP Location Info:

IP Address: 89.67.127.150
Reverse DNS: 89-67-127-150.dynamic.chello.pl
City: Warsaw
Region: Mazovia
Country: Poland (PL)
Organization/ISP: Liberty Global B.V.
Latitude/Longitude: 52.2296, 21.0067


=====[ Email Header]============================================================

Return-Path:
Delivered-To: xxxx@yyyy.com
Received: (qmail 12435 invoked from network); 5 Nov 2022 03:10:39 -0000
Received: from unknown (HELO xsmtp22.mail2web.com) ([10.100.68.61])
(envelope-sender )
by xmail06.myhosting.com (qmail-ldap-1.03) with AES256-SHA encrypted SMTP
for ; 5 Nov 2022 03:10:33 -0000
Received: from 89-67-127-150.dynamic.chello.pl ([89.67.127.150])
by xsmtp22.mail2web.com with esmtp (Exim 4.92)
(envelope-from )
id 1or9Zo-0003vc-Sn
for xxxx@yyyy.com; Fri, 04 Nov 2022 20:10:33 -0700
From:
To:
Subject: [spam][Bitdefender extortion detection] You have an
outstanding payment.
Date: 4 Nov 2022 11:59:31 -0800
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 8bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acxn60dmmwvnepd0xn60dmmwvnepd0==
X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17514
X-SA-Exim-Connect-IP: 89.67.127.150
X-SA-Exim-Mail-From: afeakk@rfns.com
X-SA-Exim-Scanned: No (on xsmtp22.mail2web.com); SAEximRunCond expanded to false
X-BitdefenderWKS-SpamStamp: Build: [Engines: 2.16.5.1457, Stamp: 3],
Multi: [Enabled, t: (0.000007,0.010160)], BW: [Enabled, t:
(0.000015)], RTDA: [Enabled, t: (0.068001), Hit: Yes, Details:
v2.42.0; Id: 12.5203un.1gh4gha6f.1o2a4; mclb; categories:
extortion(btc,fipr,sign); ip(1497595798:989;);
fipr(105qb428f5a0c05852fee1a2afead812f61b:995;);
btc(deb6cbf78c834f62a0c6bea7d8d64e4b:843;);
fz(103647c0e27833d8726b0a6b199673975155:995;);
fdom(60573da387fcc08cfe5d4c78983c7b70:1000;);
ai(7-8ea84527a0a40164e7e3ef94f8602c52-rtdaai.v375.2957445452-model:999;);
sign(f0fac4ee9d20248acdbc321dc924c442:994;26d4a8801fdd0fbffedb68279146cde7:992;)],
total: 1000(775)
X-BitdefenderWKS-Spam: Yes - 1000
X-BitdefenderWKS-Categories: extortion


=====[ Message Text]============================================================

Hello there!

Unfortunately, there are some bad news for you.
Around several months ago I have obtained access to your devices that you were using to browse internet.
Subsequently, I have proceeded with tracking down internet activities of yours.

Below, is the sequence of past events:
In the past, I have bought access from hackers to numerous email accounts (today, that is a very straightforward task that can be done online).
Clearly, I have effortlessly logged in to email account of yours (xxxx@yyyy.com).

A week after that, I have managed to install Trojan virus to Operating Systems of all your devices that are used for email access.
Actually, that was quite simple (because you were clicking the links in inbox emails).
All smart things are quite straightforward. (>_ Do not attempt to search for me - there is completely no point in that. All cryptocurrency transactions remain anonymous at all times.
> Do not attempt reinstalling the OS on devices of yours or get rid of them. It is meaningless too, because all your videos are already available at remote servers.

Below is the list of things you don't need to be concerned about:
> That I will not receive the money you transferred.
- Don't you worry, I can still track it, after the transaction is successfully completed, because I still monitor all your activities (trojan virus of mine includes a remote-control option, just like TeamViewer).
> That I still will make your videos available to public after your money transfer is complete.
- Believe me, it is meaningless for me to keep on making your life complicated. If I indeed wanted to make it happen, it would happen long time ago!

Everything will be carried out based on fairness!

Before I forget...moving forward try not to get involved in this kind of situations anymore!
An advice from me - regularly change all the passwords to your accounts.