The standard sextortion scam. Used a picture for the message. Some of the header info. is below.
Return-Path: <[email protected]>
Delivered-To:
Received: from mailroom4.hostrocket.com
by mailroom4.hostrocket.com with LMTP id sKjBMLZsmFyATgAAGJjDkA
for <>; Mon, 25 Mar 2019 01:52:54 -0400
Return-path: <[email protected]>
Received: from s62.xrea.com ([150.95.8.162]:55295)
by mailroom4.hostrocket.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.91)
(envelope-from <[email protected]>)
Received: (qmail 173438 invoked by uid 89); 25 Mar 2019 14:52:34 +0900
Received: from unknown (HELO ?host-85-237-51-73.dsl.sura.ru?) ([email protected]@85.237.51.73)
by s62.xrea.com with SMTP; 25 Mar 2019 14:52:34 +0900
X-Complaints-To: <[email protected]>
Date: Mon, 25 Mar 2019 06:52:32 +0100
X-aid: 0943775795
X-CSA-Complaints: [email protected]
List-Subscribe: <https://groups.google.com/a/dw-dev.com/group/azmlwm/subscribe>
X-Sender-Info: [email protected]
Claims to have hacked email to send email with demand for $1000 or will release videos recorded via webcam and hacked porn sites. Message body is an image not actual text.
From (Header) spamgw.ksu.edu.tr, 193.255.96.99
Datenquelle
bitcoinabuse
URL du site
date
20 mars 2019 mercredi. 20:45:59 UTC
type
blackmail scam
Escroc / abuseur
unknown
pays
United States
description
Blackmail attempt
Datenquelle
bitcoinabuse
URL du site
date
20 mars 2019 mercredi. 14:01:54 UTC
type
ransomware
Escroc / abuseur
bitcoin email scam
pays
United States
description
The usual 'I hacked your computer' ransomware demanding bitcoin. The following was the trace of the email:
119.2.48.178
Yogyakarta 55251 (Indonesia)
Datenquelle
bitcoinabuse
URL du site
date
19 mars 2019 mardi. 00:37:09 UTC
type
blackmail scam
Escroc / abuseur
From: IP: 84.241.12.155 (Iran) and IP: 120.31.134.216 (China)
pays
Sweden
description
Same blackmail as: https://www.bitcoinabuse.com/reports/158KQRGUeRjhP1Sofe3Wnai8k8F9JfU4hM
(but now: 1552953643814.jpg)
