Last active
October 5, 2022 20:22
-
-
Save MrCl0wnLab/c01423c76aa5fc593a0f1491bf239670 to your computer and use it in GitHub Desktop.
Full Dump email extorsão
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bitcoin Address | |
- 1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm | |
Bitcoin Abuse Database | |
- https://www.bitcoinabuse.com/reports/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm | |
Block Chain | |
- https://www.blockchain.com/btc/address/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Infos | |
- https://ipinfo.io/200.7.138.18 | |
- https://www.shodan.io/host/200.7.138.18 | |
- https://urlscan.io/ip/200.7.138.18 | |
- https://urlscan.io/domain/mail.evelia.unrc.edu.ar | |
- https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=00ae91c2-fd8e-4ec5-9758-497834df6b5a | |
{ | |
"ip": "200.7.138.18", | |
"hostname": "mail.evelia.unrc.edu.ar", | |
"city": "Río Cuarto", | |
"region": "Cordoba", | |
"country": "AR", | |
"loc": "-33.1307,-64.3499", | |
"org": "AS27770 Universidad Nacional de Rio Cuarto", | |
"postal": "5800", | |
"timezone": "America/Argentina/Cordoba", | |
"asn": { | |
"asn": "AS27770", | |
"name": "Universidad Nacional de Rio Cuarto", | |
"domain": "unrc.edu.ar", | |
"route": "200.7.128.0/20", | |
"type": "education" | |
}, | |
"company": { | |
"name": "Universidad Nacional de Rio Cuarto", | |
"domain": "unrc.edu.ar", | |
"type": "education" | |
}, | |
"privacy": { | |
"vpn": false, | |
"proxy": false, | |
"tor": false, | |
"relay": false, | |
"hosting": false, | |
"service": "" | |
}, | |
"abuse": { | |
"address": "Ruta 36 Km., 601, Unidad de Tecnología de la Información, X5804BYA - Rio Cuarto - Córdoba", | |
"country": "AR", | |
"email": "cyde@UTI.UNRC.EDU.AR", | |
"name": "Carlos Cristobal Sabroe Yde", | |
"network": "200.7.128.0/20", | |
"phone": "+54 3584676183 [0000]" | |
}, | |
"domains": { | |
"total": 0, | |
"domains": [] | |
}, | |
"isLimited": false, | |
"tokenDetails": { | |
"core": { | |
"daily": 2147483647, | |
"monthly": 50000 | |
}, | |
"hostio": { | |
"daily": 2147483647, | |
"monthly": 1000, | |
"result_limit": 5 | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Delivered-To: {VITIMA}@gmail.com | |
Received: by 2002:a17:522:c091:b0:445:e024:c7cc with SMTP id i17csp274614pvt; | |
Thu, 21 Apr 2022 06:18:05 -0700 (PDT) | |
X-Google-Smtp-Source: ABdhPJw55mNAo44n0P3q29wk+mi/NaD65dWnsalKOX4SzwCN5kOdQgRW3UHjUNCWrAyQJw1hBK+G | |
X-Received: by 2002:a05:6808:124d:b0:322:3600:d84a with SMTP id o13-20020a056808124d00b003223600d84amr4195174oiv.108.1650547085112; | |
Thu, 21 Apr 2022 06:18:05 -0700 (PDT) | |
ARC-Seal: i=1; a=rsa-sha256; t=1650547085; cv=none; | |
d=google.com; s=arc-20160816; | |
b=qvCQzd4TPGvGMK5KihYWrbqluKbnxnYhy7tR7Fk5OuVratnYuHbd7qwkWiFJTxYmoy | |
TvK0gmv85r4Z3JC6hyZisq8GK4bbIh9wWjrVV9Ddt1/k+YrtZSDTYVjYJgYoNEGnhMhJ | |
S0V0IqrtTSlYpTWJDHbSjIy6N7C7tKhBcwis0KamaudFjhh4918Lb6ZQx59J5Nwy0mQK | |
RC+52ILiDqfeKb7ynzoshywWXOYSoVHCdpPw+lqsoslZF/aAuks7dsbbpU0Ee9ziO/BQ | |
nrmRcYodUZ5eZYWzpK2GTePz3SJjcMQcNo2ifapc9H+kvkkBN9K0q2Ae39UjrYzOgL1/ | |
vvMw== | |
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; | |
h=content-transfer-encoding:mime-version:message-id:date:subject:to | |
:from; | |
bh=fQk8BRusT+BG02NcF/aZDQATuIw6U8hnXeTccKmqvHc=; | |
b=VHZlV2uQ8QpW3MUwvvfBaSatS+cVdg3+UJYyvBGGqECO9eb2pR62CIsCZP8Cf/TdlA | |
66mCMPofI/EDEn/5bpmcOxb3LAqYFd84G6XvUaqNHEDoczQqvzBMVbHGOmWRzqGmUWaw | |
Yr+i0SHzg/dwfMF2RUEZdHmxXOv/feLibTYv/nV2cWN1NiVp9tBHGKt6iJ0dAqzhdGAh | |
qYN6QxN8RRd3m0Oq0dxoRKxAgvRu6T/uEiSE4gwoZx60pXL6sdPjDBZ5EDZ/pz7RXgP+ | |
pCp3uvAgwFgjHhK4iQqN6nIIPCaxgZ6J+oOWPC3pdIrbWZ6q2M7DxYNedMyquBts0RXX | |
IqRg== | |
ARC-Authentication-Results: i=1; mx.google.com; | |
spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar; | |
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com | |
Return-Path: <noresponder@mail.evelia.unrc.edu.ar> | |
Received: from mail.evelia.unrc.edu.ar (mail.evelia.unrc.edu.ar. [200.7.138.18]) | |
by mx.google.com with ESMTP id s7-20020a4ac107000000b00329db2aa86csi2631493oop.82.2022.04.21.06.18.04 | |
for <{VITIMA}@gmail.com>; | |
Thu, 21 Apr 2022 06:18:05 -0700 (PDT) | |
Received-SPF: pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) client-ip=200.7.138.18; | |
Authentication-Results: mx.google.com; | |
spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar; | |
dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com | |
Received: from mail.evelia.unrc.edu.ar (vps-73875.fhnet.fr [188.213.28.11]) by mail.evelia.unrc.edu.ar (Postfix) with ESMTPSA id 165B83246E4 for <{VITIMA}@GMAIL.COM>; Thu, 21 Apr 2022 10:04:24 -0300 (-03) | |
From: {VITIMA}@gmail.com | |
To: {VITIMA}@gmail.com | |
Subject: NOTIFICAÇÃO | |
Date: 21 Apr 2022 15:04:24 +0200 | |
Message-ID: <20220421150424.9F651561F0FF1CEA@GMAIL.COM> | |
MIME-Version: 1.0 | |
Content-Type: text/plain; charset="utf-8" | |
Content-Transfer-Encoding: quoted-printable | |
Oi! | |
Como voc=C3=AA deve ter notado, enviei um e-mail da sua conta. Isso signifi= | |
ca que tenho acesso total =C3=A0 sua conta. | |
Estou te observando h=C3=A1 alguns meses. | |
O fato =C3=A9 que voc=C3=AA foi infectado com njrat atrav=C3=A9s de um site= | |
adulto que voc=C3=AA visitou. | |
Se voc=C3=AA n=C3=A3o est=C3=A1 familiarizado com isso, vou explicar. | |
Njrat me d=C3=A1 acesso total e controle seu dispositivo. | |
Isso significa que posso ver tudo na tela, ligar a c=C3=A2mera e o microfon= | |
e, mas voc=C3=AA n=C3=A3o sabe disso. | |
Tamb=C3=A9m tenho acesso a todos os seus contatos e toda a sua correspond= | |
=C3=AAncia. | |
Fiz um v=C3=ADdeo mostrando como voc=C3=AA se satisfaz na metade esquerda d= | |
a tela, e na metade direita voc=C3=AA v=C3=AA o v=C3=ADdeo que assistiu. | |
Com um clique do mouse, posso enviar este v=C3=ADdeo para todos os seus e-m= | |
ails e contatos nas redes sociais. | |
Tamb=C3=A9m posso postar acesso a toda a sua correspond=C3=AAncia de e-mail= | |
e mensageiros que voc=C3=AA usa. | |
Se voc=C3=AA quiser evitar isso, | |
transferir a quantia de 400 USD para o meu endere=C3=A7o bitcoin (se voc= | |
=C3=AA n=C3=A3o souber como fazer isso, escreva para o Google: =E2=80=9CCom= | |
pre Bitcoin=E2=80=9D). | |
Meu endere=C3=A7o bitcoin (BTC Wallet) =C3=A9: 1PBgsz3bar9N64omj7APSY7rATQ2= | |
fyH6Vm | |
Ap=C3=B3s receber o pagamento, excluirei o v=C3=ADdeo e voc=C3=AA nunca mai= | |
s me ouvir=C3=A1. Dou-lhe 48 horas para pagar. | |
Eu tenho um aviso lendo esta carta, e o cron=C3=B4metro funcionar=C3=A1 qua= | |
ndo voc=C3=AA vir esta carta. | |
Apresentar uma reclama=C3=A7=C3=A3o em algum lugar n=C3=A3o faz sentido por= | |
que este e-mail n=C3=A3o pode ser rastreado como meu endere=C3=A7o bitcoin.= | |
Eu n=C3=A3o cometo nenhum erro. | |
Se eu descobrir que voc=C3=AA compartilhou esta mensagem com outra pessoa, = | |
o v=C3=ADdeo ser=C3=A1 distribu=C3=ADdo imediatamente. | |
Atenciosamente! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment