Email Scam

Post your questions about tracing the source IP address of an email here.
Post Reply
Nater3flux
New Member
Posts: 1
Joined: Sat Oct 20, 2018 5:58 pm

Email Scam

Post by Nater3flux » Sat Oct 20, 2018 6:02 pm

i got this email and i am sure its a scam it was supposedly sent to my email from myself yet the header tells a different story here is the email and the header...
i have removed some secure infomation


Hello!

My nickname in darknet is freeland65.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from EMAIL IS CORRECT @hotmail.co.uk is PASSWORD WAS INCORRECT

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $883 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!

Received: from DB3EUR04HT199.eop-eur04.prod.protection.outlook.com
(2603:10a6:6::14) by DB6PR0102MB2693.eurprd01.prod.exchangelabs.com with
HTTPS via DB6PR04CA0001.EURPRD04.PROD.OUTLOOK.COM; Sat, 20 Oct 2018 09:41:08
+0000
Received: from DB3EUR04FT044.eop-eur04.prod.protection.outlook.com
(10.152.24.54) by DB3EUR04HT199.eop-eur04.prod.protection.outlook.com
(10.152.24.189) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1250.12; Sat, 20 Oct
2018 09:41:07 +0000
Authentication-Results: spf=softfail (sender IP is 77.27.88.13)
smtp.mailfrom=hotmail.co.uk; hotmail.co.uk; dkim=none (message not signed)
header.d=none;hotmail.co.uk; dmarc=none action=none
header.from=hotmail.co.uk;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
hotmail.co.uk discourages use of 77.27.88.13 as permitted sender)
Received: from 13.88.27.77.dynamic.reverse-mundo-r.com (77.27.88.13) by
DB3EUR04FT044.mail.protection.outlook.com (10.152.25.34) with Microsoft SMTP
Server id 15.20.1250.12 via Frontend Transport; Sat, 20 Oct 2018 09:41:07
+0000
X-IncomingTopHeaderMarker: OriginalChecksum:13A689ACF00491E76E7790D167C52D66FDF0111FAB353865C2ECF98676AAD861;UpperCasedChecksum:AEFCBB1AA26ACD8DCDFB295A74F0964BFF541C0DA1BEC5FE5FAACFF2871072C9;SizeAsReceived:402;Count:9
Message-ID: <5BCB1450.5070606@hotmail.co.uk>
Date: Sat, 20 Oct 2018 12:41:04 +0100
From: <wshaler@hotmail.co.uk>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
To: qazxsw121 <wshaler@hotmail.co.uk>
Subject: wshaler@hotmail.co.uk is hacked
Content-Type: text/plain; charset="IBM852"; format=flowed
Content-Transfer-Encoding: 8bit
X-IncomingHeaderCount: 9
Return-Path: wshaler@hotmail.co.uk
X-MS-Exchange-Organization-ExpirationStartTime: 20 Oct 2018 09:41:07.6768
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 2:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id: 71a53fa7-4e59-4c90-c3c5-08d63670294e
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;DB3EUR04FT044;1:yQuE2e7g68mzEBt1H7k3ouo/XwgvuTNnKyf9X0byHWsHm6rq7nG2gCZhM3E2QsnHsx8Gkw4Fg2ewQGwXxpG6h1sbxgp7FPV/FNSt/rFUSOGwW5B1XSqEbNwWJL5nwj1r
X-Forefront-Antispam-Report: EFV:NLI;
X-MS-Exchange-Organization-AuthSource:
DB3EUR04FT044.eop-eur04.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 71a53fa7-4e59-4c90-c3c5-08d63670294e
X-Microsoft-Antispam:
BCL:0;PCL:0;RULEID:(5000110)(711020)(4605076)(610169)(630170)(8291501071);SRVR:DB3EUR04HT199;
X-Microsoft-Exchange-Diagnostics:
1;DB3EUR04HT199;3:2lMxlr6Dcu/M8zArXafH8H1hS0kLs/ltb3rOHnS1HlUdO7siOMx5m4OhMV8s25eLnZhvztLVfDFqFq3gggRQRAifbv+ZkrKZPwMgMuJcF/oJk4D5CsDe2Fn3VBYFjB94MXFMTX3tVk5a9U5ATOh8GZlxpsvBTzS1w8RGgo3Klqv4ZGx+Va1XENQTiYV0Fxz5Syc3Yd8HPASTWD/T7u71sNdtwtixaa3A+f+H3qPPYq7UuRsrFnPdtadx0WFS35Vv6kRfK/vzcaM+7o1Ss6t9x9Ih+kF6H4DYdwxOo8hCIk/Uv2bvMSVBh0XZDLPvLjkpc9SVo17bH1Kb0rouKZll9g==;25:BFQCETpjg1OMCjb+pwVUph7ENniWDp+ri9SzZlyXxt7wUVHd2ANJCepc0XUzWN7XRuomW/U1A3DjfpZficHPSQsXouj2L7U4HQGAIJeNWjL8G+K18r5dV3jSX46VmYl+j+J2hSsmLUwweHt0G+6od+MlBGt0+Oq5lpL0X+ZJFl+JG7JSPlwqE68wvBrRnkE2A34isdDEO3hldJnELWS1jWW7fc9Czm6PaeTn/V3CynZ/WlJYXxV+j/cW1Io6YurIX0adkzTZWV6LXjUMhPdPT3OYiAcvveIUbCReT2clkuwqtOBmOX7MZdOT11joPo5pMgIpjNaBk22/91h8FsuwBw==;31:DNU39XV0kCrFTnRDduaW8/wcf8dx9IYv47PGb8LKkIIz0br3xztYK3SLVgIaQm04H4etbaSzjohentuDIaxuA/lVy1ZgRC6aFC76nQfje2XeiU+uzUlRYDDvfUjaaoQnTQ1Mf8m+5TPQzlA0ydxvPZqMEeeQZerev0PK6aUVUbxS8RUvJ1JHNY2w1H63goP70EcuzHXW3lP1tAncPRg5gZyGAxYGN7o4wNOrqo8DLqU=
X-MS-TrafficTypeDiagnostic: DB3EUR04HT199:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 77.27.88.13
X-SID-PRA: WSHALER@HOTMAIL.CO.UK
X-SID-Result: FAIL
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:(186308324639673)(72170088055959);
X-Exchange-Antispam-Report-CFA-Test:
BCL:0;PCL:0;RULEID:(444111676)(52401380)(52601095)(52505095)(52406095)(52302095)(52202095)(88862240)(88860193)(82015058);SRVR:DB3EUR04HT199;BCL:0;PCL:0;RULEID:;SRVR:DB3EUR04HT199;
X-Microsoft-Exchange-Diagnostics:
1;DB3EUR04HT199;4:eqzT46XdnKDJ+DYWDUC33hbCmhv81VVwCB6+eaXXRkPwP2hoHCZyKs/MX6HtV7KIKrH9zri7qanbvTU0EUDAnj1wZLPQix3eDbuRb2wurkb3qsiMwzkSU0IK2qvHdGeVwkmpoi2H9nCpfDD2lpVujXTgI2EnTf2f3TcTnxM9/vG5wDAUlHM1dYd+Cw2SY+U0PADPUs/JZUAdMIKQwfya89umZOxvHWEX0uJrYSlNRRrwY8+d46UaHekt9b18Db1rrbW8QR5r14kLRF/7gPYbMyBcoOKQKnk3XUZHrQ+Zz2Pj/l8/XrPhWwTgQc5q5oS0a+JH9FFZISlJ3OxODK5y3nuzyfS2VD8E0p++k5DQ22k=;6:qy/T0w6Z/qwAUKmin9AszuV1X5UAacOtRoMaLWplbd6HI0LfuyRZdguzLuADPdA/e1Zmq5UOd7J7WRAHEdFGkCwJAAC5bYv5yBRNYnCVJpTiQ/02uwf9d8cIoDPim7OnChYUaPj4qp3lWHAlUXgIkB6zUota2X7UyptBinf3HQNDJ2maohrCVRtIsB8G03r16ECnkdMXcKhk3KPDEXVXii3T0cydRurMKpGS89CRdRT56W8iRm3/ER4ZHZxCep92HWILQaplLOabDzDTWzsxv1/2wlEcRhjRk5wu+XJxrZueoCB+WOQRyrt0cg7ItAlCLss+afwsgjI7PS93xRTq87HpfNs+ZLwqefMIXOGZsxHaRYjvdvo75MJn+AlQYT4SrNof0Vo0jvsl87xxbk4RyBij6WaZcODuajJohd6q7QX1KgR6A+aljesXOVkZxeUUAOfrZJ965ShB8JaQ92Ic8A==
X-Microsoft-Antispam-Message-Info:
zZYoIDaf8Z1mAbK/CBTt4R2Ayvu9QcahnLC9cJZDHX7PsYbv4REM6CY9BdYqszNg3ENLRJ3uD5Smh3bjoAFaEiYc6WfQvIGclfFC/STAMyQssFwpi/6ZqN0Zv2+FbnQw0uusNM4xTIoVavVjIQfNAHmFZtjsHmJTMNMAXjolEyii6fHQ5lGhWY/HpSmta4c70Z57C5C7LPj2rw1nIf82H9d9zosPGlj1jcghJtvUl+vh5p/NVPODsLiwWt/ka4GQctZGHQRK6b9x3dcB4+G1xW8eVTayvBYlbKUXx8P1mWATgZcwwWCkjJWu/QGwOlCVEymgLEt/Q+iPpQvEAMM+O42FKDQ/ezx/H2+AiCPlwArPk2xaUiPyrCSH7rY0mWmlA02mb8PERDlkUip43gdMDHpjUTWjmpM/KvPkEWHbuW2Y6Z/55LkzPkSUcOQ8xUbu
X-Microsoft-Exchange-Diagnostics:
1;DB3EUR04HT199;5:q7pyhyHoK3+hHhjYtwqCVgASiWjZZ97L9ikHenTbBvwOGuvPGAWFjO8fkjaAF/YZH9rzDiH145hCunIqC4M11kYTs9Fbt2MypPbzYKancju3E5FlqqiCWmcuKtAq8KgKT8J95Rb9LnQYwaFDgYz5S6ffXogo+emL/vFic23wHqA=;7:OzMLaQ+kTQfCfdYX06nwMbEQe2DFGdV9pAYuqK0gmGCe/MZXZacDNQWQpiV38ktsOMx+H/BE9F2hB6IiO3ZC3BSwarpMBwsv2pgx8DUQ28PR38Y33o+5gH4Fv/a/IEL/A7s0zxajm94V0Y11TQcnfG3NFBdkCD87FKFTO0cMtNbv0QFlIXtoYKiJHrbOhDXYCBMrDMB+A5YNNioOlmNF/rAp2/OwS8w00jgc3etrMHxcGPUQJAQPtDBN5mS/B7jV
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2018 09:41:07.5987
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 71a53fa7-4e59-4c90-c3c5-08d63670294e
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
54485d23-c432-40fe-8436-6091d627118c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3EUR04HT199
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.5865783
X-MS-Exchange-Processed-By-BccFoldering: 15.20.1228.033
X-Microsoft-Exchange-Diagnostics:
1;DB6PR0102MB2693;27:cfSC2qXmG8tVneVzdaczVDTOk3VULbh6fj/ah6poS9dz2xUD3iNc59J67E+XGIaI50ZQs+5Tpf4uQAnW3u/pPlNm6icOsduCoB1LnNSt8pk31mHAsrQjmbiqcWd7+Rdxu6iVpny1dh3pYAZoGWn55Mmz6kANdiNze75Lt4BRVQ0xhBXqbHWicbpAVhMZkuA2oFYvTotABS/vDMlcfJfESnriX2SKAkWjzkBCbZtg0yUjaQWOQj8cqSDxfIuDZOe8cqXkPF8yEH+6FTdx4y+W4LEY52xcq9HJR4iXRfKKLIk0s0VnmGZrH/0azKONEUpWNauUNV2IonNGfKgMqNfRwRsFT7g1rWWCLyAYetsXGFWHhgsOKPr9Pypbhz5kjV1AOmDvYFGTTFzcYSD+u19uwKNaDaqz/CmBf8MCtUj8qcGLMAiHdnam+UX8pZ2aVkVbsCXAqAscWRk6WkK9cx7zxWMIpB1ko9R/V+vFbY9vDJe+Rh5ay8/d0zGXxF5sJ1y/I00hzj1slDH/xaNk0wVFzaLPh3Qk57xDyUFH35F0hBUjg581ODxKQZFgpjUbH4Ke
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;ex:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(1007183)(4900095)(4920089)(6367075)(4922014);RF:JunkEmail;
X-Message-Info:
qoGN4b5S4yoZj1tYlRsjA7WTtgPHpC6ovqiqX5vqBuLi1nv+9nLFA1xEuNHiq9OBLRYHvThmo8L2wryHOr1YPPWx1u1KyNMljST5KylKCpXWh9UfD4lQ74UitFuDDzOM6ldAluKgvA9nj/Z/WvuCmH+wQTT5HmLGhTkgWBSzZD1BPZLApx5Qd83nRxXKT/RXA5VPsXDFnz8jZYLHL0EfWg==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
lerWs0upj5MiIZuU0x2B0XbleneN9h07ylaJQyfyyjjtz7Q7nT1qxV1jdxNC7eEFpI2gkO2rrJCRVKWkPQUjPMSYPjVGZXp8eW4joqhxrzBoCMwA0O68b1x0zzgQ02uCzirY/iche28po865kg3xdbGl2a71kFpyPMXbEirB4pC8/IHloUkbTLjcNUVRyfYPc4zidGgV7P3YWZWQinRP21azYK0qJM9W1ZTYs+52opvOzlGo3T+jWqmLwl/MDta+GlfccoltAwn0Ac4CXS2TrU/hMlmLFv9wmaqEuySx/GqscuR4QsmVYQC87l7JkSLTHpNYs4aSEqlCzsbWcfJngxAktnyJy7bJK9do9EgoAxSyCpz5SAOHTioVuhjGQiAfBilf/yy7VFdJHLKGVbWCnSZCUojsh5tQcZkqmq29Cn9HjLitz1tQ5pr73YTC7SmgIX6meaZ7OrAlIRQyGgVHp6yXDKAxaIMbLzI2NINpMc5qNnuRY1Co8qSmmnm9A0uYsR86R0lJ1FuMD/omo8VCKIpwXJ+kqvgsACE0OPUea3GN7ISN82burCmMnitrV/ywCA7O5G3SWGa8JGBBe9ptQXGzHVNJf8TcHvgJz9EPm5V8oVz6KlWD1Fmr6rIefgYXgYeCN68/Og1JLL4gVShoZXmZ6jxaYafy6kYig3LUrQzaS6qtT3r52GOMM8EStVkhlkeLB3GMGDBnpafhe4tJlP8mmC+XuihwEVQ5u042UoSsk0+LtzFiP0QoR/OPrVqmA91SePYG1rMuiqP/aaIBBQ==
MIME-Version: 1.0

Hello!

My nickname in darknet is freeland65.
I hacked this mailbox more than six months ago,
through it I infected your operating system with a virus (trojan) created by me and have been monitoring you for a long time.

So, your password from EMAIL IS CORRECT @hotmail.co.uk is PASSWORD WAS INCORRECT

Even if you changed the password after that - it does not matter, my virus intercepted all the caching data on your computer
and automatically saved access for me.

I have access to all your accounts, social networks, email, browsing history.
Accordingly, I have the data of all your contacts, files from your computer, photos and videos.

I was most struck by the intimate content sites that you occasionally visit.
You have a very wild imagination, I tell you!

During your pastime and entertainment there, I took screenshot through the camera of your device, synchronizing with what you are watching.
Oh my god! You are so funny and excited!

I think that you do not want all your contacts to get these files, right?
If you are of the same opinion, then I think that $883 is quite a fair price to destroy the dirt I created.

Send the above amount on my BTC wallet (bitcoin): 1NXNt72qfMhPZDffUEqryCYpEUzyR6LmgH
As soon as the above amount is received, I guarantee that the data will be deleted, I do not need it.

Otherwise, these files and history of visiting sites will get all your contacts from your device.
Also, I'll send to everyone your contact access to your email and access logs, I have carefully saved it!

Since reading this letter you have 48 hours!
After your reading this message, I'll receive an automatic notification that you have seen the letter.

I hope I taught you a good lesson.
Do not be so nonchalant, please visit only to proven resources, and don't enter your passwords anywhere!
Good luck!



i have checked with the whats my ip header checker and the ip it was sent from is in spain xD can anyone find anymore information as am new to this thanks

User avatar
Chrispcritters
Forum Administrator
Posts: 2407
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: Email Scam

Post by Chrispcritters » Sun Oct 21, 2018 3:45 pm

Yes, this a variation of a sextortion scam that is making the rounds.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests