The standard sextortion scam. Used a picture for the message. Some of the header info. is below.
Return-Path: <[email protected]>
Delivered-To:
Received: from mailroom4.hostrocket.com
by mailroom4.hostrocket.com with LMTP id sKjBMLZsmFyATgAAGJjDkA
for <>; Mon, 25 Mar 2019 01:52:54 -0400
Return-path: <[email protected]>
Received: from s62.xrea.com ([150.95.8.162]:55295)
by mailroom4.hostrocket.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.91)
(envelope-from <[email protected]>)
Received: (qmail 173438 invoked by uid 89); 25 Mar 2019 14:52:34 +0900
Received: from unknown (HELO ?host-85-237-51-73.dsl.sura.ru?) ([email protected]@85.237.51.73)
by s62.xrea.com with SMTP; 25 Mar 2019 14:52:34 +0900
X-Complaints-To: <[email protected]>
Date: Mon, 25 Mar 2019 06:52:32 +0100
X-aid: 0943775795
X-CSA-Complaints: [email protected]
List-Subscribe: <https://groups.google.com/a/dw-dev.com/group/azmlwm/subscribe>
X-Sender-Info: [email protected]
Claims to have hacked email to send email with demand for $1000 or will release videos recorded via webcam and hacked porn sites. Message body is an image not actual text.
From (Header) spamgw.ksu.edu.tr, 193.255.96.99
source
bitcoinabuse
Site url
date
20 March 2019 Wednesday. 20:45:59 UTC
type
blackmail scam
scammer/abuser
unknown
country
United States
description
Blackmail attempt
source
bitcoinabuse
Site url
date
20 March 2019 Wednesday. 14:01:54 UTC
type
ransomware
scammer/abuser
bitcoin email scam
country
United States
description
The usual 'I hacked your computer' ransomware demanding bitcoin. The following was the trace of the email:
119.2.48.178
Yogyakarta 55251 (Indonesia)
source
bitcoinabuse
Site url
date
19 March 2019 Tuesday. 00:37:09 UTC
type
blackmail scam
scammer/abuser
From: IP: 84.241.12.155 (Iran) and IP: 120.31.134.216 (China)
country
Sweden
description
Same blackmail as: https://www.bitcoinabuse.com/reports/158KQRGUeRjhP1Sofe3Wnai8k8F9JfU4hM
(but now: 1552953643814.jpg)
