Ransomware
Abuser: none given
same scripted email; asking me for money in exchange for not releasing alleged confidential information.
United States, 2018-12-10 19:14:13
Abuse to Bitcoin address
12UNsp8g6dFjAYiMYwU4WZ73sa5rDEPUYm
United States, 2018-12-10 19:14:13
Ransomware
Abuser: None Given
Wants ransom to remove rootkit from my machine. Just a scam. Threat to release bad things about me if I don't pay.
United States, 2018-12-10 23:40:47
Ransomware
Abuser: 81.88.40.23
"I am a spyware software developer. Your account has been hacked by me in the summer of 2018. "
Germany, 2018-12-11 12:11:07
Ransomware
Abuser: bitcoin
I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account).
Poland, 2018-12-11 13:16:51
Blackmail scam
Abuser: [email protected]
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).
United States, 2018-12-11 18:05:29
Ransomware
Abuser: [email protected]
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). I note that it is useless to change the passwords. My malware update passwords from your accounts every times Transfer $994 to my Bitcoin cryptocurrency wallet: 12UNsp8g6dFjAYiMYwU4WZ73sa5rDEPUYm
United States, 2018-12-11 19:27:51
Ransomware
Abuser: unknown
I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). ... Transfer $974 to my Bitcoin cryptocurrency wallet: 12UNsp8g6dFjAYiMYwU4WZ73sa5rDEPUYm A scam... :(
Denmark, 2018-12-11 20:02:54
Ransomware
Abuser:
Additional mail header information (personal data excluded): Received: from mail.webhostings4u.com ([Tue, 11 Dec 2018 09:02:30 -0500]) by mail.gimmicc.net with SMTP; Tue, 11 Dec 2018 09:02:30 -0500 Received: from rly04.hottestmile.com ([Tue, 11 Dec 2018 08:48:59 -0500]) by rly04.hottestmile.com with ESMTP; Tue, 11 Dec 2018 08:48:59 -0500 Received: from unknown (HELO webmail.halftomorrow.com) (Tue, 11 Dec 2018 08:38:22 -0500) by asx121.turbo-inline.com with ESMTP; Tue, 11 Dec 2018 08:38:22 -0500 Received: from rly04.hottestmile.com ([Tue, 11 Dec 2018 08:27:13 -0500]) by relay-x.misswldrs.com with LOCAL; Tue, 11 Dec 2018 08:27:13 -0500 Message-ID: <e77d01d4912b$510dd7f0$1d37c5a1@Aaron585Smith>
Canada, 2018-12-12 16:05:34
Blackmail scam
Abuser: [email protected]
The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296)
United States, 2018-12-12 17:04:01
Blackmail scam
Abuser: Aaron Smith
Received: from unknown (178.87.234.51)by public.micromail.com.au with SMTP; Wed, 12 Dec 2018 11:05:33 -0500 Message-ID: <[email protected]> Date: Wed, 12 Dec 2018 11:05:33 -0500 Reply-To: "Idickson" <[email protected]> Same as the others: he seems to use the same name or variations thereof. Seems as though this Bitcoin address has not received any funds yet, thankfully.
United Kingdom, 2018-12-12 18:38:35
Blackmail scam
Abuser: Unknown
Threat: I am a spyware software developer. Your account has been hacked by me in the summer of 2018. I understand that it is hard to believe, but here is my evidence (I sent you this email from your account). So, to the business! I'm sure you don't want to show these files and visiting history to all your contacts. Transfer $995 to my Bitcoin cryptocurrency wallet: 12UNsp8g6dFjAYiMYwU4WZ73sa5rDEPUYm
United States, 2018-12-13 01:40:23
Blackmail scam
Abuser: [email protected]
Received: from mx1.pub.mailpod3-cph3.one.com ([10.27.26.11]) by mailstorage23.cst.mailpod3-cph3.one.com with LMTP id OA6XJ8joEVxvvgAAF22PbQ for <>; Thu, 13 Dec 2018 05:06:16 +0000 X-HalOne-Spam: true X-HalOne-ID: ce330373-fe94-11e8-8d6b-e0d84894a001 Received: from yahoo.jp (unknown [14.182.118.246]) by mx1.pub.mailpod3-cph3.one.com (Halon) with SMTP id ce330373-fe94-11e8-8d6b-e0d84894a001; Thu, 13 Dec 2018 05:06:14 +0000 (UTC) Received: from relay37.vosimerkam.net ([Wed, 12 Dec 2018 23:59:38 -0500]) by smtp.doneohx.com with NNFMP; Wed, 12 Dec 2018 23:59:38 -0500 Message-ID: <[email protected]>
Sweden, 2018-12-13 12:09:32
Blackmail scam
Abuser: "spyware software developer"
typical blackmail for a so called hacker asking money for silence, bah. AKA "I found a list on internet of passwords, i used it on ur email and now i blackmail u bc u changed ur password"
Peru, 2018-12-14 08:48:39
Blackmail scam
Abuser: typical sextortion email [email protected] origination IP 14.162.112.111
[14.162.112.111] (helo=yahoo.jp) (envelope-from <[email protected]>) id 1ga8Sm-00027I-KE Received: (HELO qrx.quickslick.com) by rly04.hottestmile.com with QMQP Message-ID: <a11801d49896$d21e3b60$abaf291b@Aaron418Smith> Reply-To: <[email protected]> X-Mailer: Microsoft Office Outlook 12.0 X-Sender-Warning: Reverse DNS lookup failed for 14.162.112.111 (failed)
United States, 2018-12-21 19:36:13
Blackmail scam
Abuser:
(Cisco router, vulnerability CVE-2018-0296). my exploit downloaded my malicious code (rootkit) to your device. Transfer $998 to my Bitcoin cryptocurrency wallet: 12UNsp8g6dFjAYiMYwU4WZ73sa5rDEPUYm My system automatically recognizes the translation. As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system. Do not worry, I really will delete everything, since I am 'working' with many people who have fallen into your position. You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it. Since opening this letter you have 48 hours. If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material. I advise you to remain prudent and not engage in nonsense (all files on my server).
United States, 2018-12-21 20:22:36