Ransomware
Abuser: unknown
My modest consulting fee is 1650 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer.
United States, 2021-10-28 13:35:47My modest consulting fee is 1650 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer.
United States, 2021-10-28 13:35:47Authentication-Results: spf=fail (sender IP is 182.173.227.100) smtp.mailfrom=[redacted].com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=[redacted].com; Received-SPF: Fail (protection.outlook.com: domain of [redacted].com does not designate 182.173.227.100 as permitted sender) receiver=protection.outlook.com; client-ip=182.173.227.100; helo=182-173-227-100.guam.net; Received: from 182-173-227-100.guam.net (182.173.227.100) by DM6NAM10FT054.mail.protection.outlook.com (10.13.153.167) with Microsoft SMTP Server id 15.20.4649.14 via Frontend Transport; Thu, 28 Oct 2021 08:22:21 +0000 I am sorry to inform you but your device was hacked. That's what happened. I have used a Zero Click vulnerability with a special code to hack your device through a website. A complicated software that requires precise skills that I posess... My modest consulting fee is 1650 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer.
Japan, 2021-10-28 14:19:31Standard scam - it's rubbish - don't pay. To be clear, my software controlled your camera and microphone as well. It was just about right timing to get you privacy violated. I have made a few pornhub worthy videos with you as a lead actor. Can't be true as my desktop has no webcam or microphone. My modest consulting fee is 1650 US Dollars to be transferred in Bitcoin. Exchange rate at the time of the transfer. You need to send that amount to this wallet: 1DpA1wTZqGqP9pEcjfZ9bsGEHzbjcsTKq1
United States, 2021-10-28 14:29:27Came from a spoofed email
United States, 2021-10-28 18:56:30This IP address was origin of ransomware email that looks as though it came from one of my domains and email addresses on that domain. 102.64.252.201 BTW The guy doesn't actually have the Zero-Click Apple iOS NSO virus, he/she/it is just bullshitting people. Partial raw email header, couldn't fit body in 2,000 chars apparently, header is complete with 'xxxxx-cafe.com' being my domain masked: Return-Path: <[email protected]> Delivered-To: [email protected] Received: (qmail 194194 invoked by uid 0); 28 Oct 2021 20:15:38 -0000 Received: from unknown (HELO atl4mhib25.registeredsite.com) (209.17.115.160) by 0 with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 28 Oct 2021 20:15:38 -0000 Received: from [102.64.252.201] ([102.64.252.201]) by atl4mhib25.registeredsite.com (8.14.4/8.14.4) with ESMTP id 19SKFUeq008950 for <[email protected]>; Thu, 28 Oct 2021 16:15:34 -0400 Message-ID: <[email protected]> Date: Thu, 28 Oct 2021 19:15:24 -0100 From: <mobile@ xxxxx-cafe.com> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4 MIME-Version: 1.0 To: <mobile@ xxxxx-cafe.com> Subject: =?UTF-8?B?RG8gWW91IERvIEFueSBvZiBUaGVzZSBFbWJhcnJhc3NpbmcgVGhpbmdzPw==?= Content-Type: multipart/alternative; boundary="------------050205040507090101080307" X-SpamScore: 6.502 X-MailHub-Apparently-To: mobile@ xxxxx-cafe.com This is a multi-part message in MIME format. --------------050205040507090101080307 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable I am sorry to inform you but your device was hacked.....
United States, 2021-10-29 00:02:40Received:from [93.140.80.243] ([93.140.80.243]) Subject:Do You Do Any of These Embarrassing Things?
France, 2021-10-29 06:52:46I am sorry to inform you but your device was hacked. That's what happened. I have used a Zero Click vulnerability with a special code to hack your device through a website. A complicated software that requires precise skills that I posess. This exploit works in a chain with a specially crafted unique code and such type of an attack goes undetected. You only had to visit a website to be infected, and unfortunately for you it's that simple for me. You were not targeted, but just became one of the many unlucky people who got hacked through that webpage. All of this happened in August. So I’ve had enough time to collect the information. I think you already know what is going to happen next. For a couple of month my software was quietly collecting information about your habits, websites you visit, websearches, texts you send. There is more to it, but I have listed just a few reasons for you to understand how serious this is. To be clear, my software controlled your camera and microphone as well. It was just about right timing to get you privacy violated. I have made a few pornhub worthy videos with you as a lead actor. etc., etc.
Belgium, 2021-10-29 09:35:18Standard sextortion email claiming to have media files of embarrassing content that will be made public unless paid some bitcoin.
United States, 2021-10-29 16:01:03e-mail trying to blackmail for supposed sex videos
United States, 2021-10-29 17:23:20Usual nonsense
United Kingdom, 2021-10-29 17:50:11Email blackmail attempt
New Zealand, 2021-10-30 01:03:19Fk ur mother
Singapore, 2021-10-30 21:19:16Unknown sender spoofed my own address as the sender and receiver. Specifics sent to FBI infraguard.
United States, 2021-10-31 06:14:01hack jhs in mail not correcy
Turkey, 2021-10-31 12:55:46I am sorry to inform you but your device was hacked. That's what happened. I have used a Zero Click vulnerability with a special code to hack your device through a website.
Canada, 2021-10-31 17:18:26