Return-Path: <agri@shabakieh.com>
Delivered-To: behniwal+spam@server.rnv.kpw.mybluehostin.me
Received: from server.rnv.kpw.mybluehostin.me
	by server.rnv.kpw.mybluehostin.me with LMTP
	id i4f+Gr/0u2iYUQAAyTkJsw
	(envelope-from <agri@shabakieh.com>)
	for <behniwal+spam@server.rnv.kpw.mybluehostin.me>; Sat, 06 Sep 2025 02:45:51 -0600
Return-path: <agri@shabakieh.com>
Envelope-to: info@behniwalgroup.com
Delivery-date: Sat, 06 Sep 2025 02:45:51 -0600
Received: from server21.shabakieh.org ([185.237.85.9]:39950)
	by server.rnv.kpw.mybluehostin.me with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95)
	(envelope-from <agri@shabakieh.com>)
	id 1uuoYQ-0005Pu-B5
	for info@behniwalgroup.com;
	Sat, 06 Sep 2025 02:45:51 -0600
Received: from [45.138.16.252] (port=56953)
	by server21.shabakieh.org with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.1)
	(envelope-from <agri@shabakieh.com>)
	id 1uuoXj-000000009ys-1Rqa
	for info@behniwalgroup.com;
	Sat, 06 Sep 2025 12:15:07 +0330
Reply-To: szldk_l@163.com
From: "Black Hats" <agri@shabakieh.com>
To: info@behniwalgroup.com
Date: 6 Sep 2025 01:45:06 -0700
Message-ID: <20250906014506.1C7A192BAB13B2E9@shabakieh.com>
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server21.shabakieh.org
X-AntiAbuse: Original Domain - behniwalgroup.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - shabakieh.com
X-Get-Message-Sender-Via: server21.shabakieh.org: authenticated_id: agri@shabakieh.com
X-Authenticated-Sender: server21.shabakieh.org: agri@shabakieh.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Spam-Status: Yes, score=18.8
X-Spam-Score: 188
X-Spam-Bar: ++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "server.rnv.kpw.mybluehostin.me",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Your device is infected with a trojan virus and we have your
    private info out of your device. It previously was installed on a porn video
    web page after which you've selected the video clip, your device was infected
    by the virus and gathered all your contacts. Then, your camera started to
    reco [...] 
 Content analysis details:   (18.8 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
                             bl.spamcop.net
               [Blocked - see <https://www.spamcop.net/bl.shtml?45.138.16.252>]
  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
                             The query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [185.237.85.9 listed in sa-accredit.habeas.com]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [185.237.85.9 listed in bl.score.senderscore.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
  0.0 HTML_MESSAGE           BODY: HTML included in message
  2.0 PYZOR_CHECK            Listed in Pyzor
                             (https://pyzor.readthedocs.io/en/latest/)
  8.5 KAM_CRIM               Extortion Email
  1.0 BITCOIN_SPAM_04        BitCoin spam pattern 04
  0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                             Alignment
  0.5 PDS_BTC_ID             FP reduced Bitcoin ID
  0.0 FSL_BULK_SIG           Bulk signature with no Unsubscribe
  2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
  3.0 BITCOIN_DEADLINE       BitCoin with a deadline
  0.0 BITCOIN_YOUR_INFO      BitCoin with your personal info
X-Spam-Flag: YES
Subject:    We have your infomation with us

<html><head>
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
</head>
<body><p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent=
: 0px; letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; f=
ont-size: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; wh=
ite-space: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 2=
55); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-tex=
t-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-st=
yle: initial; text-decoration-color: initial;'>
Your device is infected with a trojan virus and we have your private info<b=
r>out of your device.</p>
<p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent: 0px;=
 letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; font-si=
ze: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial;'>
It previously was installed on a porn video web page after which you've<br>=
selected the video clip, your device was infected by the virus and gathered=
<br>all your contacts. Then, your camera started to record you soloing and =
also<br>recorded videos that you have seen.</p>
<p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent: 0px;=
 letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; font-si=
ze: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial;'>
Well, If you ever wish us to wipe out all your details that we have got, we=
<br>required $580 in Bitcoin to the below address (if you don&#8217;t know =
this,<br>search &#8220;how to buy Bitcoin&#8221; on Google or YouTube) .</p=
>
<p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent: 0px;=
 letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; font-si=
ze: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial;'>
Bitcoin Address: bc1qsxj8pejan2pfrf02uq4mm0vdn6n48djpad5vlx</p>
<p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent: 0px;=
 letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; font-si=
ze: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial;'><br></p>
<p style=3D'color: rgb(26, 26, 26); text-transform: none; text-indent: 0px;=
 letter-spacing: normal; font-family: "YS Text", Arial, sans-serif; font-si=
ze: 16px; font-style: normal; font-weight: 400; word-spacing: 0px; white-sp=
ace: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); f=
ont-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stro=
ke-width: 0px; text-decoration-thickness: initial; text-decoration-style: i=
nitial; text-decoration-color: initial;'>
Now you have 24hrs to make a payment. The moment we receive the transaction=
<br>i'm going wipe out this movie and everything completely and you will ne=
ver<br>hear from me anymore. Or else, please be sure that the evidence will=
 be sent<br>out to all of your contacts including relatives, coworkers, Fac=
ebook and so<br>forth.</p></body></html>