I asked her and it seems it is a few years old and have been changed multiple times since then. However it could be an old website/forum she is not using anymore however unlikely that is.
GDPR made it so that if you do not respond to request of continued use, they should delete your profile - thus most old unanswered registrations on websites and forums should vanish. If not ... well, the GDPR boss lady in EU is Danish and does NOT take NO for an answer, so do you have a spare couple of million Euros lying around for a fine?
My concern is ... What website was hacked to obtain this password, and when?
Code: Select all
Return-Path: important@williehowell.com
Delivered-To: spam@acme.inc
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on datacenter.acme.inc
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.5 required=3.0 tests=BAYES_99,BAYES_999,INVALID_MSGID,KAM_NUMSUBJECT,
RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,TO_IN_SUBJ autolearn=disabled version=3.4.0
X-Spam-Virus: No
X-Spam-Report: * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* 2.6 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
* [46.161.42.91 listed in bl.mailspike.net]
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000] * 0.6 INVALID_MSGID Message-Id is not valid, according to RFC 2822
* 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
* 0.5 KAM_NUMSUBJECT Subject ends in numbers excluding current years
* 0.1 TO_IN_SUBJ To address is in Subject
Received: from mail.williehowell.com (mail.williehowell.com [46.161.42.91]) by mx.acme.inc ;
Tue, 7 Aug 2018 09:21:11 +0200
From: "Luisa" <important>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=UTF-8
Mime-Version: 1.0 (1.0)
Subject: jane@acme.inc:tellno1
Message-Id: <B3608E88-D826-294D-27D4-588CF7900BE5@>
Date: Tue, 7 Aug 2018 00:20:12 -0700
To: jane@acme.inc
X-hMailServer-Spam: YES
X-hMailServer-Reason-2: RBL - Rejected by Barracuda Reputation Block List - (Score: 5)
X-hMailServer-Reason-3: Tagged as Spam by SpamAssassin - (Score: 7)
X-hMailServer-Reason-Score: 12
X-Envelope-To: jane@acme.inc
X-Envelope-OriginalTo: jane@acme.inc
X-Envelope-From: important@williehowell.com
X-hMailServer-LoopCount: 1
It appears that, (tellno1), is your password. You may not know me and you are most likely wondering why you are
getting this e-mail, right?
actually, I setup a trojans on the adult vids (adult) web-site and guess what, you visited this website to have fun
(you know very well what I mean). During the time you were watching videos, your internet browser started off
functioning as a RDP (Remote Desktop) which gave me accessibility to your screen and web camera. after that, my
computer software obtained your complete contacts from your Messenger, Outlook, FB, along with emails.
What did I do?
I produced a double-screen video. Very first part shows the recording you're seeing (you've got a good taste haha .
. .), and Second part shows the recording of your webcam.
what exactly should you do?
Well, in my opinion, $1000 is really a reasonable price for your little hidden secret. You'll make the payment by
Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).
BTC Address: 19DMNvvUXfXDe3S8e7NPQLzRZkfRXCMj7g
(It's case sensitive, so copy and paste it)
Very important:
You have some days in order to make the payment. (I have a unique pixel within this e-mail, and at this moment I
know that you've read through this email message). If I do not get the BitCoins, I will certainly send your videos
to all of your contacts including family, co-workers, and so on. Having said that, if I get the payment, I'll
destroy the recording immidiately. If you want evidence, reply with "Yes!" and i'll certainly send your videos to
your 6 contacts. It is a non-negotiable offer, that being said don't waste my personal time and yours by responding
to this message.
)
Code: Select all
08/07/18 11:47:31 whois 46.161.42.91@whois.geektools.com
whois -h whois.geektools.com 46.161.42.91 ...
GeekTools Whois Proxy v5.0.6 Ready.
Checking access for ***.***.72.165... ok.
Final results obtained from whois.ripe.net.
Results:
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '46.161.42.0 - 46.161.42.255'
% Abuse contact for '46.161.42.0 - 46.161.42.255' is 'webshieldsup@gmail.com'
inetnum: 46.161.42.0 - 46.161.42.255
netname: WebShield
descr: WebShield Network
country: RU
org: ORG-WS171-RIPE
admin-c: KIV106-RIPE
tech-c: KIV106-RIPE
status: ASSIGNED PA
mnt-routes: MNT-PINSUPPORT
mnt-domains: VSERVER-MNT
mnt-by: MNT-PINSUPPORT
mnt-by: MNT-PIN
created: 2018-03-12T18:06:50Z
last-modified: 2018-04-16T21:56:01Z
source: RIPE # Filtered
organisation: ORG-WS171-RIPE
org-name: Barbarich_Viacheslav_Yuryevich
org-type: OTHER
address: Russia
address: Marks
address: 5-ya liniya, d.17
abuse-c: ACRO5735-RIPE
admin-c: BVY17-RIPE
tech-c: BVY17-RIPE
mnt-ref: MNT-PIN
mnt-ref: MNT-PINSUPPORT
mnt-by: MNT-PINSUPPORT
created: 2017-04-01T16:43:45Z
last-modified: 2018-05-01T21:23:09Z
source: RIPE # Filtered
person: Kucharavenka Ihar Valerievich
address: Lesi Ukrainki, 9
address: Kiev
address: Ukraine
phone: +380 95 5037029
nic-hdl: KIV106-RIPE
mnt-by: MNT-PINSUPPORT
created: 2017-03-03T17:13:11Z
last-modified: 2017-10-30T23:40:32Z
source: RIPE # Filtered
% Information related to '46.161.42.0/24AS41995'
route: 46.161.42.0/24
origin: AS41995
mnt-by: MNT-PINSUPPORT
created: 2018-04-04T19:26:44Z
last-modified: 2018-04-04T19:26:44Z
source: RIPE
% This query was served by the RIPE Database Query Service version 1.91.2 (WAGYU)
(big boy. )
