Skip to main content

Bitcoin Blackmail from IP Address 182.185.219.212

in category Projects -> Uncategorized -> Bitcoin Blackmail from IP Address 182.185.219.212. Updated at Thu, 01 Feb 2024 12:08:34 EST

Bitcoin blackmail attempt received on Feb 01, 2024

Email received at 04:25 on Feb 01, 2024

Subject: A new payment schedule has been approved.

Hello pervert,

I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I'm getting at.

It's been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I've learned about all aspects of your private life, but one is of special significance to me.

I've recorded many videos of you jerking off to highly controversial porn videos. Given that the "questionable" genre is almost always the same, I can conclude that you have sick perversion.

I doubt you'd want your friends, family and co-workers to know about it. However, I can do it in a few clicks. Every number in your contact book will suddenly receive these videos - on WhatsApp, on Telegram, on Skype, on email - everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.

Don't think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you.

Better late than never.
I'm some kind of God who sees everything. However, don't panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.

Transfer $1490 USD to my bitcoin wallet: 1E3mVbLSLLUgdmrp8GV5RRu1Qz5FkWs4rJ

Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure - my benefit is only money. Otherwise, I wouldn't be writing to you, but destroy your life without a word in a second.

I'll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don't worry, it's very simple. Just google "crypto exchange" and then it will be no harder than buying some useless stuff on Amazon.

I strongly warn you against the following:
) Do not reply to this email. I sent it from a temp email so I am untraceable.
) Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
) Don't try to reset or destroy your devices.

As I mentioned above: I'm monitoring all your activity, so you either agree to my terms or the videos are published.

Also, don't forget that cryptocurrencies are anonymous, so it's impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from each other.

And some friendly advice: from now on, don't be so careless about your online security.



The Mail Log

The very first thing I do when I receive a weird email is check the headers. This email had weird headers, no TLS, used my personal email address for both the from and to addresses. Obviously this person is targeting me personally, this is probably not a script send, not a bot. From a Thunderbird client? On an old windows machine? I do a lot of email testing so I recognize the header type is just weird. It looks like this:

Email headers for this item:

Return-Path: myemail
Delivered-To: myemail
Message-ID: <65BBA9C4.5080708@myemail>
Date: Thu, 01 Feb 2024 18:25:08 +0400
From: myemail
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: myemail
Subject: A new payment schedule has been approved.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



I found this old page discussing old Thunderbird versions. 15 year old Thunderbird mailer? Then I found this concerning Windows NT 6.1. That mailer and system are almost older than I am.

The mail log for this item:

Feb  1 04:25:13 smtpd[19651]: connect from unknown[182.185.219.212]
Feb  1 04:25:13 smtpd[19651]: F2D2A21A09: client=unknown[182.185.219.212]
Feb  1 04:25:14 cleanup[19659]: F2D2A21A09: message-id=<65BBA9C4.5080708@myemail>
Feb  1 04:25:14 qmgr[6257]: F2D2A21A09: from=myemail, size=3450, nrcpt=1 (queue active)
Feb  1 04:25:14 msgid=65BBA9C4.5080708: saved mail to INBOX

The Sender

Next I'll head to the SANS Internet Storm Center to get some info about that ip address:

Stats for ip address 182.185.219.212

Hostname: 	182.185.219.212
Country: 	PK
AS: 	17557
AS Name: 	PKTELECOM-AS-PK Pakistan Telecommunication Company Limited, PK
Network: 	182.185.192.0/18 (182.185.192.0-182.185.255.255) 182.186.0.0
Reports: 	- none -
Targets: 	- none -
First Reported: 	N/A
Most Recent Report: 	N/A
Comment: 	- none -
Abuse POC Email: 	abuse.irt@ptcl.net

What you decide to do with that ip address info is up to you. The sender client is in Pakistan. From the roughness of this email and the odd email headers I am going to guess that the person who sent the email is not real smart (yes, simply because they are doing this) so that probably is their real (current) ip address. It's highly unlikely this email was sent from a cell phone, the headers would have looked different. This email was most likely sent from an old pc windows system that stopped doing updates a long time ago. That's my best guess. It doesn't really matter at the moment. But if I get enough with that same machine foot print then that becomes important.

When it comes to obtaining info about an ip address and malicious activity you do have to be careful. A smart scammer would relay through an anonymous command control machine somewhere with an unaware owner. Likewise, the ip address could be rotating, it is probably not static.. but it might be. Sort of.. devices on certain residential ISP networks do often have a static ip. I ran nmap on it. It's live with closed ports.

But here's the kicker with these types of scammer emails.. the bitcoin address. Bitcoin addresses are traceable so let's get some info about that btc address.

The Wallet

There are lots of places to look up the transaction history of a BTC wallet address. I'll be using blockonomics.co today.

The line in the email that gave the BTC address was this one:
Transfer $1490 USD to my bitcoin wallet: 1E3mVbLSLLUgdmrp8GV5RRu1Qz5FkWs4rJ
so if I run that address I see that this wallet has 4 transactions since Jan 31, 2024. It looks like he might have been successful in scamming someone somewhere.

Then I will head to bitref.com and double check.

Total transactions: 4. Most recent:⟳
Date ▼	Amount	USD
	2024-02-01 01:43:46	0.03500000	$1489.32
	2024-01-31 19:47:54	0.00221337	$94.18
	2024-01-31 17:51:36	0.00948624	$403.66
	2024-01-31 17:18:34	0.02380282	$1012.86
Total Received:	0.07050243	$3000.02
Total Sent:	0.00000000	$0.00



We've definitely got an active scammer wallet address here. It can take top place in our Bitcoin BlackMailers Track and Trace list. I hope he (or she) enjoys this expose.




Keywords
bitcoin scammer, bitcoin blackmail