Malware bragging
Nov 4th, 23
Forged e-mail in style of 'to whom it may concern' from an outside server from random external IP address. Using a mis-configured 'From: ' address = 'To: ' address it fools an iPhone (etc.) into thinking the email had came from own account/server.
The scammer then (falsely) claims has 'full control' then exploits the confusion caused by the iPhone's (etc.) security deficiencies and promises nothing in return for a Bitcoin credit.
Recipient googles the Bitcoin address and finds this message you are reading.
The usual totally false claims to have hacked your computer and have recorded compromising video of you
I RECORDED YOU!
Nov 4th, 23
Bitchcoin address: 1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
I RECORDED YOU!
Nov 4th, 23
Malware Bragging
Nov 4th, 23
Forged "to self e-mail" from external server, claiming "has full access" and demanding payment to do nothing.
Sender fingerprints:
Sat, 04 Nov 2023 10:12:31 +0000
Received: from sjytjjr ([117.147.29.17]) by 16808.com with MailEnable ESMTP; Thu, 8 Mar 2029 15:05:15 +0500
Received: (qmail 39539 invoked by uid 395); 8 Mar 2029 15:05:13 +0500
Sun, 05 Nov 2023 00:26:12 +0000
Received: from mwzxipp ([203.30.210.60]) by 32361.com with MailEnable ESMTP; Sun, 5 Nov 2023 07:25:24 +0700
Received: (qmail 47690 invoked by uid 476); 5 Nov 2023 07:25:22 +0700
Sun, 05 Nov 2023 00:24:34 +0000
Received: from qqxgamr ([105.241.248.77]) by 38252.com with MailEnable ESMTP; Sun, 5 Nov 2023 07:23:46 +0700
Received: (qmail 43519 invoked by uid 435); 5 Nov 2023 07:23:44 +0700
Sat, 04 Nov 2023 10:10:31 +0000
Received: from hxbmytn ([19.10.88.191]) by 95048.com with MailEnable ESMTP; Sat, 4 Nov 2023 16:10:28 -0700
Received: (qmail 23849 invoked by uid 238); 4 Nov 2023 16:10:26 -0700
Malware Bragging
Nov 5th, 23
Forged "From: " address made to appear came from own account, claiming "has full control", with extortion-style message promising nothing in return for a Bitcoin credit.
Authorities are likely well closing in by now on this idiot(s) because of the fingerprints they are leaving each time such as these:
Sat, 04 Nov 2023 10:12:31 +0000
Received: from sjytjjr ([117.147.29.17]) by 16808.com with MailEnable ESMTP; Thu, 8 Mar 2029 15:05:15 +0500
Received: (qmail 39539 invoked by uid 395); 8 Mar 2029 15:05:13 +0500
Sun, 05 Nov 2023 12:27:32 +0000
Received: from nnqqioe ([141.211.116.187]) by 29853.com with MailEnable ESMTP; Sun, 5 Nov 2023 20:27:30 +0800
Received: (qmail 28320 invoked by uid 283); 5 Nov 2023 20:27:28 +0800
Sun, 05 Nov 2023 12:00:51 +0000
Received: from itadqfe ([109.239.107.20]) by 46870.com with MailEnable ESMTP; Sun, 5 Nov 2023 18:00:48 +0600
Received: (qmail 40412 invoked by uid 404); 5 Nov 2023 18:00:46 +0600
Sun, 05 Nov 2023 11:41:17 +0000
Received: from vmbpghm ([175.196.218.27]) by 27863.com with MailEnable ESMTP; Sun, 5 Nov 2023 14:41:16 +0300
Received: (qmail 41373 invoked by uid 413); 5 Nov 2023 14:41:14 +0300
Sun, 05 Nov 2023 10:41:31 +0000
Received: from qnjccgy ([32.42.183.93]) by 89743.com with MailEnable ESMTP; Sun, 5 Nov 2023 15:41:29 +0500
Received: (qmail 97666 invoked by uid 976); 5 Nov 2023 15:41:27 +0500
Sun, 05 Nov 2023 08:28:45 +0000
Received: from ithpnvo ([118.29.207.106]) by 98481.com with MailEnable ESMTP; Sun, 5 Nov 2023 14:28:43 +0600
Received: (qmail 15284 invoked by uid 152); 5 Nov 2023 14:28:41 +0600
Sun, 05 Nov 2023 07:55:17 +0000
Received: from mwjjfbb ([122.27.228.146]) by 82280.com with MailEnable ESMTP; Sun, 5 Nov 2023 09:55:15 +0200
Received: (qmail 86720 invoked by uid 867); 5 Nov 2023 09:55:13 +0200
Sun, 05 Nov 2023 07:49:57 +0000
Received: from dkkhfnr ([127.243.246.151]) by 67508.com with MailEnable ESMTP; Sun, 5 Nov 2023 13:49:52 +0600
Received: (qmail 95319 invoked by uid 953); 5 Nov 2023 13:49:50 +0600
Sun, 05 Nov 2023 07:38:14 +0000
Received: from blzqlaa ([117.38.95.240]) by 13401.com with MailEnable ESMTP; Sun, 5 Nov 2023 13:38:48 +0600
Received: (qmail 48948 invoked by uid 489); 5 Nov 2023 13:38:46 +0600
Sun, 05 Nov 2023 06:16:06 +0000
Received: from axzqxzh ([150.92.164.125]) by 40107.com with MailEnable ESMTP; Sun, 5 Nov 2023 14:16:03 +0800
Received: (qmail 41562 invoked by uid 415); 5 Nov 2023 14:16:01 +0800
Sun, 05 Nov 2023 05:45:06 +0000
Received: from btlesnb ([150.165.208.116]) by 64263.com with MailEnable ESMTP; Sun, 5 Nov 2023 11:45:03 +0600
Received: (qmail 79712 invoked by uid 797); 5 Nov 2023 11:45:01 +0600
Sun, 05 Nov 2023 05:24:18 +0000
Received: from sdhfstd ([141.179.139.39]) by 87871.com with MailEnable ESMTP; Sun, 5 Nov 2023 11:24:16 +0600
Received: (qmail 49947 invoked by uid 499); 5 Nov 2023 11:24:14 +0600
Sun, 05 Nov 2023 05:41:05 +0000
Received: from xavtuyw ([13.120.104.22]) by 99070.com with MailEnable ESMTP; Sun, 5 Nov 2023 13:18:59 +0800
Received: (qmail 93701 invoked by uid 937); 5 Nov 2023 13:18:57 +0800
Sun, 05 Nov 2023 05:06:17 +0000
Received: from xokqmho ([137.156.80.111]) by 08145.com with MailEnable ESMTP; Sat, 4 Nov 2023 22:06:03 -0700
Received: (qmail 12856 invoked by uid 128); 4 Nov 2023 22:06:01 -0700
Sun, 05 Nov 2023 04:42:38 +0000
Received: from cdkobsd ([121.151.25.130]) by 19625.com with MailEnable ESMTP; Sat, 4 Nov 2023 21:42:29 -0700
Received: (qmail 24953 invoked by uid 249); 4 Nov 2023 21:42:27 -0700
Sun, 05 Nov 2023 03:51:24 +0000
Received: from pbhtfob ([195.89.34.4]) by 65973.com with MailEnable ESMTP; Sun, 5 Nov 2023 08:51:10 +0500
Received: (qmail 79684 invoked by uid 796); 5 Nov 2023 08:51:08 +0500
Sun, 05 Nov 2023 02:56:22 +0000
Received: from bxmuigp ([71.59.44.146]) by 23764.com with MailEnable ESMTP; Sun, 5 Nov 2023 08:56:07 +0600
Received: (qmail 30367 invoked by uid 303); 5 Nov 2023 08:56:05 +0600
Malware Bragging
Nov 5th, 23
Sat, 04 Nov 2023 10:12:31 +0000
Received: from sjytjjr ([117.147.29.17]) by 16808.com with MailEnable ESMTP; Thu, 8 Mar 2029 15:05:15 +0500
Received: (qmail 39539 invoked by uid 395); 8 Mar 2029 15:05:13 +0500
Sun, 05 Nov 2023 16:49:04 +0000
Received: from emiddzl ([130.244.236.176]) by 22843.com with MailEnable ESMTP; Sun, 5 Nov 2023 23:48:58 +0700
Received: (qmail 40557 invoked by uid 405); 5 Nov 2023 23:48:56 +0700
Sun, 05 Nov 2023 15:20:38 +0000
Received: from ekluzov ([147.172.24.61]) by 81222.com with MailEnable ESMTP; Sun, 5 Nov 2023 21:20:34 +0600
Received: (qmail 99015 invoked by uid 990); 5 Nov 2023 21:20:32 +0600
Sun, 05 Nov 2023 15:18:50 +0000
Received: from unnakms ([166.208.125.250]) by 56929.com with MailEnable ESMTP; Sun, 5 Nov 2023 21:18:47 +0600
Received: (qmail 64721 invoked by uid 647); 5 Nov 2023 21:18:45 +0600
I recorded you
Nov 5th, 23
I've received many emails in the last 48 hours requesting bitcoin payment to the reported bitcoin wallet and it's spoofing my own email address
I RECORDED YOU!
Nov 5th, 23
The email was sent by the scammer (not me) using my own email address
I RECORDED YOU!
Nov 6th, 23
I RECORDED YOU!
BTC address: 1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
I RECORDED YOU!
Nov 6th, 23
Emails sent to you from your own email address (spoofed address)
I RECORDED YOU!
Nov 6th, 23
I received a large number of emails like the one attached, and the two addresses used throughout are:
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
1HTAhiza95JocaB3ZtXrv5qmGPkjpBECNa
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Nov 6th, 23
Sending several threatening emails.
I RECORDED YOU!
Nov 7th, 23
Malware Bragging
Nov 7th, 23
More fingerprint data left by bitcoin scammer:
Sat, 04 Nov 2023 10:12:31 +0000
Received: from sjytjjr ([117.147.29.17]) by 16808.com with MailEnable ESMTP; Thu, 8 Mar 2029 15:05:15 +0500
Received: (qmail 39539 invoked by uid 395); 8 Mar 2029 15:05:13 +0500
Tue, 07 Nov 2023 09:11:19 +0000
Received: from imxxpgn ([56.120.28.49]) by 90485.com with MailEnable ESMTP; Tue, 7 Nov 2023 15:11:18 +0300
Received: (qmail 91560 invoked by uid 915); 7 Nov 2023 15:11:16 +0300
I recorded you
Nov 7th, 23
Uses header hack to show coming from oneself.
I RECORDED YOU!
Nov 7th, 23
Email fisching
Nov 7th, 23
Spoofs as if sent from your own email
Email scame sent from my email itself
Nov 7th, 23
I recorded you
Nov 8th, 23
I recorded you
Nov 8th, 23
email came from 5.127.174.133 (entel.bo) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 5.127.174.133 (entel.bo) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 181.115.235.122 (entel.bo) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
I RECORDED YOU!
Nov 8th, 23
Condensed.......
Some time ago your device was infected with my private trojan, R.A.T (Remote Administration Tool),...
My trojan allowed me to access your files, accounts and your camera.
All you need is $1200 USD in Bitcoin (BTC) transfer to my account.
My Bitcoin (BTC) address is: 1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
I RECORDED YOU!
Nov 8th, 23
I recorded you
Nov 8th, 23
I recorded you
Nov 8th, 23
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Nov 8th, 23
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Common garden variety Sextortion scam
Nov 9th, 23
Just another dog turd with the same old sextortion rubbish wasting bandwidth.
Common garden variety Sextortion scam
Nov 9th, 23
Just another dog turd with the same old sextortion rubbish wasting bandwidth.
I RECIORDED YOU!
Nov 9th, 23
I RECORDED YOU!
Nov 9th, 23
... My trojan allowed me to access your files, accounts and your camera. ...
Sends mail with manipulated header to make it look like it originated from your own adress. Demands payment to wallet under threat of leaking personal data to social circle
After that send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.
My Bitcoin (BTC) address is: 1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Yes, that's how the address looks like, copy and paste my address, it's (cAsE-sEnSEtiVE).
I RECORDED YOU!
Nov 9th, 23
I RECOREDED YOU
Nov 9th, 23
email came from 213.230.93.148 (bkm.uz) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 41.59.100.242 (ttcldata.net) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 83.149.45.150 (sonicduo.com) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
emailed hotel establishment accusing owner(s) of viewing pornography and committing sexual acts. states they hacked hotel tech and “recorded” it. they didn’t obviously.
Sextortion via email
Nov 9th, 23
It's always sent to my own [hacked] email address, FROM my own [hacked] email address. It's been going on for at least 5+ years. It always says
:
You truly enjoy checking out porn websites and watching dirty videos, while having a lot of kinky fun.
I RECORDED YOU (through your camera) SATISFYING YOURSELF!
----
That would be amazing because the computer he says he has hacked (a desktop workstationn) does NOT have a camera or microphone attached to it, and never has. I ignore his crap because I know he can't possibly have anything. But I'm a 78-year-old FEMALE, and am hardly the type of person to be looking at porn sites.
At what point does this rise to the level of "preying upon the elderly"?
phising email
Nov 9th, 23
Malware Bragging
Nov 9th, 23
Suddenly stopped receiving these "I RECORDED YOU" messages the very next day after I had published a few dozen of this Bitcoin owner's "online fingerprints".
Such as:
Delivery-date: Wed, 08 Nov 2023 06:38:15 +0000
Received: from [31.192.248.66] (port=60083)
Wed, 08 Nov 2023 06:38:15 +0000
Received: from gjwskxo ([25.98.98.11]) by 32119.com with MailEnable ESMTP; Wed, 8 Nov 2023 12:38:09 +0600
Received: (qmail 46676 invoked by uid 466); 8 Nov 2023 12:38:07 +0600
Moronic amateurs....
I Recorded You! scam
Nov 9th, 23
Spoofs your own email address as the sender.
I Recorded You
Nov 9th, 23
Same fake RAT scam, new BTC address.
I RECODED YOU!
Nov 10th, 23
Sends me this email 16 times a night, it’s insane
I RECORDED YOU!
Nov 10th, 23
Spoofs your own email address, claims to have recorded you masturbating, and will send the non-existent video to friends & family.
I RECORDED YOU!
Nov 10th, 23
I RECORDED YOU!!!
Nov 10th, 23
i recorded you
Nov 10th, 23
i recorded you
Nov 10th, 23
I Recorded You
Nov 10th, 23
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Nov 10th, 23
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
Nov 10th, 23
I RECORDED YOU!
Nov 10th, 23
I RECORDED YOU
Nov 10th, 23
I RECORDED YOU!
Nov 10th, 23
Received: from svdzjut ([15.252.73.93]) by 35882.com with MailEnable ESMTP; Sat, 11 Nov 2023 09:36:25 +0600
Received: (qmail 79148 invoked by uid 791); 11 Nov 2023 09:36:23 +0600
I RECORDED YOU
Nov 11th, 23
I RECORD YOU!
Nov 11th, 23
Emails appear to be from you. Total scam. Claims to have recorded you pleasuring yourself. If that were true, he wouldn't be threatening to send it to everyone on my email list, as leaking that video would be a good thing for me. If he actually saw the video, he would know that. Obvious scam.
I RECORDED YOU!
Nov 11th, 23
email came from 213.230.92.101 (uznet.net) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 213.230.92.101 (uznet.net) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 213.230.92.101 (uznet.net) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 91.90.219.141 (netco.uz) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
email came from 2.132.217.86 (netco.uz) Typical low rate cut-n-paste attempt at illegal blackmail. If any hosting service is providing or hosting this wallet address do not block or cancel, only monitor access to obtain a fresh source IP address and notify and cooperate with the authorities. Be aware this kind of thing lowers the value of bitcoin and hurts your bottom line so anything you can do to bring this sad and pathetic idiot to justice will help your own profits.
I RECORDED YOU!
Nov 13th, 23
No URL in the email text. Just an account number for a bitcoin deposit of $1,200 to secure the blackmailer's silence.
I RECORDED YOU
Nov 13th, 23
I recorded you
Dec 4th, 23
he spoofed my email - and even though date says 2008 I recieved it on 4th December 2023. As he spoofed my email I can't include that in the image.
i recorded you scam
Feb 2nd, 24
1EfCwNrGgGbNAn4bKUX7XydSzFu4RHheC4
