A Generic Extortion Template, a Mailgun Relay, and a Domain Registered to Look Legitimate

**Executive Summary:** A Mailgun-relayed sextortion campaign used a newly registered domain (athletes2events.com) with DKIM alignment to circumvent SPF failures and delivered a generic $12,000 Bitcoin extortion demand to a VIP mailbox; IRONSCALES' Adaptive AI quarantined the message and the report documents authentication outcomes, behavioral detection logic, IOCs, and MITRE ATT&CK mappings.