This is typical "Beg bounty". https://www.troyhunt.com/beg-bounties/ On 2022-03-03 00:30, Brie wrote:
I just got this in my e-mail...
------ From: xxxxxxx <xxxxxxxxxx6@iqra.edu.pk> Date: Thu, 3 Mar 2022 03:14:03 +0500 Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@mail.gmail.com> Subject: Found Security Vulnerability To: undisclosed-recipients:; Bcc: sxxxxxxxxx@ahbl.org
Hi Team
I am a web app security hunter. I spent some time on your website and found some vulnerabilities. I see on your website you take security very passionately.
Tell me will you give me rewards for my finding and responsible disclosure? if Yes, So tell me where I send those vulnerability reports? share email address.
Thank you
Good day, I truly hope it treats you awesomely on your side of the screen :)
xxxxx Security ------
Is soliciting for money/rewards when the site makes no indication they offer them a common thing now?
If you want to see a copy of the original message, let me know off list and I'll send it to you.