Bonjour,
Je suis hébergée chez ovh (offre perso) et mon nom de domaine est grenouillezen.com
Mercredi 18 oct j'ai reçu un spam dans ma boite gmail (j'y reçois mes courriers à destination de fanny@grenouillezen.com) envoyé par fanny@grenouillezen.com avec une demande de rançon.
Voici les détails :
Received: from DAG4EX2.mxp5.local (172.16.2.32) by DAG4EX1.mxp5.local
(172.16.2.31) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34 via Mailbox
Transport; Thu, 19 Oct 2023 19:17:51 +0200
Received: from DAG9EX1.mxp5.local (172.16.2.81) by DAG4EX2.mxp5.local
(172.16.2.32) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Thu, 19 Oct
2023 19:17:51 +0200
Received: from output29.mail.ovh.net (164.132.34.29) by mxplan5.mail.ovh.net
(172.16.2.81) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34 via Frontend
Transport; Thu, 19 Oct 2023 19:17:51 +0200
Received: from vr22.mail.ovh.net (unknown [10.101.8.22])
by out29.mail.ovh.net (Postfix) with ESMTP id 4SBDtl0BGxzVg3w6j
for ; Thu, 19 Oct 2023 17:17:51 +0000 (UTC)
Received: from in47.mail.ovh.net (unknown [10.101.4.47])
by vr22.mail.ovh.net (Postfix) with ESMTP id 4SBDtk5kxGz3Z1cB7
for ; Thu, 19 Oct 2023 17:17:50 +0000 (UTC)
Received-SPF: Pass (DAG4EX2.mxp5.local: domain of fanny@grenouillezen.com
designates 164.132.34.29 as permitted sender) receiver=DAG4EX2.mxp5.local;
client-ip=164.132.34.29; helo=output29.mail.ovh.net;
Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=37.189.249.101; helo=bl28-249-101.dsl.telepac.pt; envelope-from=fanny@grenouillezen.com; receiver=fanny@grenouillezen.com
Authentication-Results: in47.mail.ovh.net; dkim=none; dkim-atps=neutral
Received: from bl28-249-101.dsl.telepac.pt (unknown [37.189.249.101])
by in47.mail.ovh.net (Postfix) with ESMTP id 4SBDtk4V9Sz2QX6gM
for ; Thu, 19 Oct 2023 17:17:50 +0000 (UTC)
Message-ID: <639041093032387265725821@grenouillezen.com>
From:
To:
Subject: [SPAM] There is an overdue payment under your name. Please, settle your debts ASAP.
Date: Thu, 19 Oct 2023 17:52:45 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Mailer: Vfcbiyaj aesfdhd
X-OVH-Remote: 37.189.249.101 ([37.189.249.101])
X-Ovh-Tracer-Id: 7259239651364746677
X-VR-SPAMSTATE: SPAM
X-VR-SPAMSCORE: 600
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvkedrjeeigdduuddtucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucgoufhprghmufhusghjvggtthculdeftddtmdenogfuphgrmhetlhhphhgrufhusghjvggtthculdeftddtmdenucfjughrpefkhffvufffgggtgffosehtkeertdertdhsnecuhfhrohhmpeeofhgrnhhnhiesghhrvghnohhuihhllhgviigvnhdrtghomheqnecuggftrfgrthhtvghrnhepudfhleegudeviefggeffjeektddvueeuteefvdevvefhtedtuddutdeikedtgfffnecukfhppeefjedrudekledrvdegledruddtudenucfuphgrmhfjughrpefkhffvufffgggtgffosehtkeertdertdhsnecuufhprghmufhusghjvggtthepvfhhvghrvgcuihhsucgrnhcuohhvvghrughuvgcuphgrhihmvghnthcuuhhnuggvrhcuhihouhhruchnrghmvgdrucfrlhgvrghsvgdpuchsvghtthhlvgcunecuufhprghmtehlphhhrgfuuhgsjhgvtghtpehthhgvrhgvihhsrghnohhvvghrughuvghprgihmhgvnhhtuhhnuggvrhihohhurhhnrghmvghplhgvrghsvghsvghtthhlvgihohhurhguvggsthhsrghsrgenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeefjedrudekledrvdegledruddtuddpmhgrihhlfhhrohhmpeeofhgrnhhnhiesghhrvghnohhuihhllhgviigvnhdrtghomheqpd
hnsggprhgtphhtthhopedupdhrtghpthhtohepfhgrnhhnhiesghhrvghnohhuihhllhgviigvnhdrtghomhdpoffvtefjohhsthepvhhrvddvpdgukhhimhepphgrshhspdhgvghokffrpefrvfdprhgvvhfkrfepsghlvdekqddvgeelqddutddurdgushhlrdhtvghlvghprggtrdhpth
X-Ovh-Spam-Status: SPAM
X-Ovh-Spam-Reason: vr: SPAM; dkim: disabled; spf: disabled
X-Ovh-Message-Type: SPAM
X-Spam-Tag: YES
Return-Path: fanny@grenouillezen.com
X-MS-Exchange-Organization-Network-Message-Id: e6cee6ce-be37-408f-2cef-08dbd0c752f1
X-MS-Exchange-Organization-PRD: grenouillezen.com
X-MS-Exchange-Organization-SenderIdResult: Pass
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-ABP-GUID: bd2a0b77-ce4f-4d81-a151-b15427a5e809
X-Ovh-Tracer-GUID: d3843999-e61b-4ddf-b6d2-82cad2a836f4
X-MS-Exchange-Organization-AuthSource: DAG9EX1.mxp5.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.2765871
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2507.034
Le contenu du mail est le suivant :
" Hi!
Sadly, there are some bad news that you are about to hear.
About few months ago I have gained a full access to all devices used by you for internet browsing.
Shortly after, I started recording all internet activities done by you.
Below is the sequence of events of how that happened:
Earlier I purchased from hackers a unique access to diversified email accounts (at the moment, it is really easy to do using internet).
As you can see, I managed to log in to your email account without breaking a sweat: (fanny@grenouillezen.com).
Within one week afterwards, I installed a Trojan virus in your Operating Systems available on all devices that you utilize for logging in your email.
To be frank, it was somewhat a very easy task (since you were kind enough to open some of links provided in your inbox emails).
I know, you may be thinking now that I'm a genius…^^)
With help of that useful software, I am now able to gain access to all the controllers located in your devices
(e.g., video camera, keyboard, microphone and others).
As result, managed to download all your photos, personal data, history of web browsing and other info to my servers without any problems.
Moreover, I now have access to all accounts in your messengers, social networks, emails, contacts list, chat history - you name it.
My Trojan virus continues refreshing its signatures in a non-stop manner (because it is operated by driver),
hence it remains undetected by any antivirus software installed in your PC or device.
So, I guess now you finally understand the reason why I could never be caught until this very letter…
During the process of your personal info compilation,
I could not help but notice that you are a huge admirer and regular guest of websites with adult content.
You endure a lot of pleasure while checking out porn websites, watching nasty porn movies and reaching breathtaking orgasms.
Let me be frank with you, it was really hard to resist from recording some of those naughty solo scenes with you in main role
and compiling them in special videos that expose your masturbation sessions, which end with you cumming.
In case if you still have doubts, all I need is to click my mouse and all those nasty videos with you will be shared to friends,
colleagues, and relatives of yours.
Moreover, nothing stops me from uploading all that hot content online, so all public can watch it too.
I sincerely hope, you would really not prefer that to happen, keeping in mind all the dirty things you like to watch,
(you certainly know what I mean) it will completely ruin your reputation.
However, don't worry, there is still a way to resolve this:
You need to carry out a $1450 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
hence upon receiving the transaction, I will proceed with deleting all the filthy videos with you in main role.
Afterwards, we can forget about this unpleasant accident.
Furthermore, I guarantee that all the malicious software will also be erased from your devices and accounts. Mark my words, I never lie.
That is a great bargain with a low price,
I assure you, because I have spent a lot of effort while recording and tracking down all your activities and dirty deeds during a long period of time.
In case if you have no idea how to buy and transfer bitcoins - feel free to check the related info on the internet.
Here is my bitcoin wallet for your reference: 1JSYZui6 naWDUuqRj ih9vZget bkqWY4cTq
Attention please! I have specified my Bitcoin wallet with spaces,
please make sure that you key-in my bitcoin address without spaces to be sure that your coins successfully reach my wallet!
From now on, you have only 48 hours and countdown has started once you opened this very email (in other words, 2 days).
The following list contains things you should definitely abstain from doing or even attempting:
~>> Abstain from trying to reply this email (since the email is generated inside your inbox alongside with return address).
~>> Abstain from trying to call or report to police or any other security services.
In addition, it's a bad idea if you want to share it with your friends, hoping they would help.
If I happen to find out (knowing my awesome skills, it can be done effortlessly,
because I have all your devices and accounts under my control and unceasing observation) - kinky videos of yours will be share to public the same day.
~>> Abstain from trying to look for me - that would not lead anywhere either. Cryptocurrency transactions are absolutely anonymous and cannot be tracked.
~>> Abstain from reinstalling your OS on devices or throwing them away.
That would not solve the problem as well, since all your personal videos are already uploaded and stored at remote servers.
Things you may be confused about:
~>> That your funds transfer won't be delivered to me.
Chill, I can track down any transactions right away, so upon funds transfer I will receive a notification as well,
since I still control your devices (my trojan virus has ability of controlling all processes remotely, just like TeamViewer).
~>> That I am going to share your dirty videos after receiving money transfer from you.
Here you need to trust me, because there is absolutely no point to still bother you after receiving money.
Moreover, if I really wanted all those videos would be available to public long time ago!
I believe we can still handle this situation on fair terms!
Here is my last advice to you… in future you better ensure you stay away from this kind of situations!
My advice - don't forget to regularly update your passwords to feel completely secure."
Pouvez vous m'indiquer la procédure à suivre svp s'il y en a une ?
Depuis mercredi, j'ai changé les mots de passe sur tous mes comptes et je me demandais s'il fallait que je réinitialise tous mes e-mails liés à mon nom de domaine sur la plateforme ovh.
Pensez vous que je puisse récupérer fanny@grenouillezen.com à terme où vaut-il mieux créer une toute nouvelle adresse email.
Merci pour votre aide
However, don't worry, there is still a way to resolve this:
You need to carry out a $1450 USD transfer to my wallet (equivalent amount in bitcoins depending on exchange rate at the moment of funds transfer),
Bonjour @FannyP
Quand je vois le mot **bitcoin**, je mets aussitôt dans la poubelle.
envoyé par fanny@grenouillezen.com
Tout le monde reçoit ces conner!es
L'expéditeur est au Portugal: Received: from bl28-249-101.dsl.telepac.pt (unknown [37.189.249.101])
et il prétend s'appeler fanny
Votre SPF a dit : Softfail (mailfrom)
qui est l'application du ~all
OVH l'a identifié correctement comme spam.
Donc pas de quoi s'affoler.
merci beaucoup
j'ai aussi vu que mes autres adresses mail grenouillezen avaient été piratées du coup j'ai demandé une réinitialisation des adresses mail concernées sur ovh. et j'en ai créé une nouvelle que j'ai protégé par mot de passe.
Mon inquiétude est aussi liée au fait que mon site wordpress a comme adresse d'administrateur fanny@grenouillezen;.com et que je n'arrive pas à la changer depuis hier.
En tout cas merci pour ces premiers éléments rassurants
j'ai aussi vu que mes autres adresses mail grenouillezen avaient été piratées du coup j'ai demandé une réinitialisation des adresses mail concernées sur ovh
Je répète: vous n'avez PAS été piratée.
Un expéditeur au Portugal s'est juste fait passer pour vous.
ok merci beaucoup:) très bon weekend à vous