MrCl0wnLab/Bitcoin Address.log

## Bitcoin Address.log
Bitcoin Address
- 1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm

Bitcoin Abuse Database
- https://www.bitcoinabuse.com/reports/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm

Block Chain
- https://www.blockchain.com/btc/address/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm

## General Info.log
Infos
- https://ipinfo.io/200.7.138.18
- https://www.shodan.io/host/200.7.138.18
- https://urlscan.io/ip/200.7.138.18
- https://urlscan.io/domain/mail.evelia.unrc.edu.ar
- https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=00ae91c2-fd8e-4ec5-9758-497834df6b5a

{
    "ip": "200.7.138.18",
    "hostname": "mail.evelia.unrc.edu.ar",
    "city": "Río Cuarto",
    "region": "Cordoba",
    "country": "AR",
    "loc": "-33.1307,-64.3499",
    "org": "AS27770 Universidad Nacional de Rio Cuarto",
    "postal": "5800",
    "timezone": "America/Argentina/Cordoba",
    "asn": {
        "asn": "AS27770",
        "name": "Universidad Nacional de Rio Cuarto",
        "domain": "unrc.edu.ar",
        "route": "200.7.128.0/20",
        "type": "education"
    },
    "company": {
        "name": "Universidad Nacional de Rio Cuarto",
        "domain": "unrc.edu.ar",
        "type": "education"
    },
    "privacy": {
        "vpn": false,
        "proxy": false,
        "tor": false,
        "relay": false,
        "hosting": false,
        "service": ""
    },
    "abuse": {
        "address": "Ruta 36 Km., 601, Unidad de Tecnología de la Información, X5804BYA - Rio Cuarto - Córdoba",
        "country": "AR",
        "email": "cyde@UTI.UNRC.EDU.AR",
        "name": "Carlos Cristobal Sabroe Yde",
        "network": "200.7.128.0/20",
        "phone": "+54  3584676183 [0000]"
    },
    "domains": {
        "total": 0,
        "domains": []
    },
    "isLimited": false,
    "tokenDetails": {
        "core": {
            "daily": 2147483647,
            "monthly": 50000
        },
        "hostio": {
            "daily": 2147483647,
            "monthly": 1000,
            "result_limit": 5
        }
    }
}

## NOTIFICAÇÃO.eml
Delivered-To: {VITIMA}@gmail.com
Received: by 2002:a17:522:c091:b0:445:e024:c7cc with SMTP id i17csp274614pvt;
        Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw55mNAo44n0P3q29wk+mi/NaD65dWnsalKOX4SzwCN5kOdQgRW3UHjUNCWrAyQJw1hBK+G
X-Received: by 2002:a05:6808:124d:b0:322:3600:d84a with SMTP id o13-20020a056808124d00b003223600d84amr4195174oiv.108.1650547085112;
        Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1650547085; cv=none;
        d=google.com; s=arc-20160816;
        b=qvCQzd4TPGvGMK5KihYWrbqluKbnxnYhy7tR7Fk5OuVratnYuHbd7qwkWiFJTxYmoy
         TvK0gmv85r4Z3JC6hyZisq8GK4bbIh9wWjrVV9Ddt1/k+YrtZSDTYVjYJgYoNEGnhMhJ
         S0V0IqrtTSlYpTWJDHbSjIy6N7C7tKhBcwis0KamaudFjhh4918Lb6ZQx59J5Nwy0mQK
         RC+52ILiDqfeKb7ynzoshywWXOYSoVHCdpPw+lqsoslZF/aAuks7dsbbpU0Ee9ziO/BQ
         nrmRcYodUZ5eZYWzpK2GTePz3SJjcMQcNo2ifapc9H+kvkkBN9K0q2Ae39UjrYzOgL1/
         vvMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from;
        bh=fQk8BRusT+BG02NcF/aZDQATuIw6U8hnXeTccKmqvHc=;
        b=VHZlV2uQ8QpW3MUwvvfBaSatS+cVdg3+UJYyvBGGqECO9eb2pR62CIsCZP8Cf/TdlA
         66mCMPofI/EDEn/5bpmcOxb3LAqYFd84G6XvUaqNHEDoczQqvzBMVbHGOmWRzqGmUWaw
         Yr+i0SHzg/dwfMF2RUEZdHmxXOv/feLibTYv/nV2cWN1NiVp9tBHGKt6iJ0dAqzhdGAh
         qYN6QxN8RRd3m0Oq0dxoRKxAgvRu6T/uEiSE4gwoZx60pXL6sdPjDBZ5EDZ/pz7RXgP+
         pCp3uvAgwFgjHhK4iQqN6nIIPCaxgZ6J+oOWPC3pdIrbWZ6q2M7DxYNedMyquBts0RXX
         IqRg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <noresponder@mail.evelia.unrc.edu.ar>
Received: from mail.evelia.unrc.edu.ar (mail.evelia.unrc.edu.ar. [200.7.138.18])
        by mx.google.com with ESMTP id s7-20020a4ac107000000b00329db2aa86csi2631493oop.82.2022.04.21.06.18.04
        for <{VITIMA}@gmail.com>;
        Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) client-ip=200.7.138.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from mail.evelia.unrc.edu.ar (vps-73875.fhnet.fr [188.213.28.11]) by mail.evelia.unrc.edu.ar (Postfix) with ESMTPSA id 165B83246E4 for <{VITIMA}@GMAIL.COM>; Thu, 21 Apr 2022 10:04:24 -0300 (-03)
From: {VITIMA}@gmail.com
To: {VITIMA}@gmail.com
Subject: NOTIFICAÇÃO
Date: 21 Apr 2022 15:04:24 +0200
Message-ID: <20220421150424.9F651561F0FF1CEA@GMAIL.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Oi!
Como voc=C3=AA deve ter notado, enviei um e-mail da sua conta. Isso signifi=
ca que tenho acesso total =C3=A0 sua conta.
Estou te observando h=C3=A1 alguns meses.
O fato =C3=A9 que voc=C3=AA foi infectado com njrat atrav=C3=A9s de um site=
 adulto que voc=C3=AA visitou.
Se voc=C3=AA n=C3=A3o est=C3=A1 familiarizado com isso, vou explicar.
Njrat me d=C3=A1 acesso total e controle seu dispositivo.
Isso significa que posso ver tudo na tela, ligar a c=C3=A2mera e o microfon=
e, mas voc=C3=AA n=C3=A3o sabe disso.
Tamb=C3=A9m tenho acesso a todos os seus contatos e toda a sua correspond=
=C3=AAncia.
Fiz um v=C3=ADdeo mostrando como voc=C3=AA se satisfaz na metade esquerda d=
a tela, e na metade direita voc=C3=AA v=C3=AA o v=C3=ADdeo que assistiu.
Com um clique do mouse, posso enviar este v=C3=ADdeo para todos os seus e-m=
ails e contatos nas redes sociais.
Tamb=C3=A9m posso postar acesso a toda a sua correspond=C3=AAncia de e-mail=
 e mensageiros que voc=C3=AA usa.
Se voc=C3=AA quiser evitar isso,
transferir a quantia de 400 USD  para o meu endere=C3=A7o bitcoin (se voc=
=C3=AA n=C3=A3o souber como fazer isso, escreva para o Google: =E2=80=9CCom=
pre Bitcoin=E2=80=9D).

Meu endere=C3=A7o bitcoin (BTC Wallet) =C3=A9: 1PBgsz3bar9N64omj7APSY7rATQ2=
fyH6Vm

Ap=C3=B3s receber o pagamento, excluirei o v=C3=ADdeo e voc=C3=AA nunca mai=
s me ouvir=C3=A1. Dou-lhe 48 horas para pagar.
Eu tenho um aviso lendo esta carta, e o cron=C3=B4metro funcionar=C3=A1 qua=
ndo voc=C3=AA vir esta carta.
Apresentar uma reclama=C3=A7=C3=A3o em algum lugar n=C3=A3o faz sentido por=
que este e-mail n=C3=A3o pode ser rastreado como meu endere=C3=A7o bitcoin.=
 Eu n=C3=A3o cometo nenhum erro.
Se eu descobrir que voc=C3=AA compartilhou esta mensagem com outra pessoa, =
o v=C3=ADdeo ser=C3=A1 distribu=C3=ADdo imediatamente.
Atenciosamente!
	Bitcoin Address
	- 1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm

	Bitcoin Abuse Database
	- https://www.bitcoinabuse.com/reports/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm

	Block Chain
	- https://www.blockchain.com/btc/address/1PBgsz3bar9N64omj7APSY7rATQ2fyH6Vm
	Infos
	- https://ipinfo.io/200.7.138.18
	- https://www.shodan.io/host/200.7.138.18
	- https://urlscan.io/ip/200.7.138.18
	- https://urlscan.io/domain/mail.evelia.unrc.edu.ar
	- https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=00ae91c2-fd8e-4ec5-9758-497834df6b5a

	{
	"ip": "200.7.138.18",
	"hostname": "mail.evelia.unrc.edu.ar",
	"city": "Río Cuarto",
	"region": "Cordoba",
	"country": "AR",
	"loc": "-33.1307,-64.3499",
	"org": "AS27770 Universidad Nacional de Rio Cuarto",
	"postal": "5800",
	"timezone": "America/Argentina/Cordoba",
	"asn": {
	"asn": "AS27770",
	"name": "Universidad Nacional de Rio Cuarto",
	"domain": "unrc.edu.ar",
	"route": "200.7.128.0/20",
	"type": "education"
	},
	"company": {
	"name": "Universidad Nacional de Rio Cuarto",
	"domain": "unrc.edu.ar",
	"type": "education"
	},
	"privacy": {
	"vpn": false,
	"proxy": false,
	"tor": false,
	"relay": false,
	"hosting": false,
	"service": ""
	},
	"abuse": {
	"address": "Ruta 36 Km., 601, Unidad de Tecnología de la Información, X5804BYA - Rio Cuarto - Córdoba",
	"country": "AR",
	"email": "cyde@UTI.UNRC.EDU.AR",
	"name": "Carlos Cristobal Sabroe Yde",
	"network": "200.7.128.0/20",
	"phone": "+54 3584676183 [0000]"
	},
	"domains": {
	"total": 0,
	"domains": []
	},
	"isLimited": false,
	"tokenDetails": {
	"core": {
	"daily": 2147483647,
	"monthly": 50000
	},
	"hostio": {
	"daily": 2147483647,
	"monthly": 1000,
	"result_limit": 5
	}
	}
	}
	Delivered-To: {VITIMA}@gmail.com
	Received: by 2002:a17:522:c091:b0:445:e024:c7cc with SMTP id i17csp274614pvt;
	Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
	X-Google-Smtp-Source: ABdhPJw55mNAo44n0P3q29wk+mi/NaD65dWnsalKOX4SzwCN5kOdQgRW3UHjUNCWrAyQJw1hBK+G
	X-Received: by 2002:a05:6808:124d:b0:322:3600:d84a with SMTP id o13-20020a056808124d00b003223600d84amr4195174oiv.108.1650547085112;
	Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
	ARC-Seal: i=1; a=rsa-sha256; t=1650547085; cv=none;
	d=google.com; s=arc-20160816;
	b=qvCQzd4TPGvGMK5KihYWrbqluKbnxnYhy7tR7Fk5OuVratnYuHbd7qwkWiFJTxYmoy
	TvK0gmv85r4Z3JC6hyZisq8GK4bbIh9wWjrVV9Ddt1/k+YrtZSDTYVjYJgYoNEGnhMhJ
	S0V0IqrtTSlYpTWJDHbSjIy6N7C7tKhBcwis0KamaudFjhh4918Lb6ZQx59J5Nwy0mQK
	RC+52ILiDqfeKb7ynzoshywWXOYSoVHCdpPw+lqsoslZF/aAuks7dsbbpU0Ee9ziO/BQ
	nrmRcYodUZ5eZYWzpK2GTePz3SJjcMQcNo2ifapc9H+kvkkBN9K0q2Ae39UjrYzOgL1/
	vvMw==
	ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
	h=content-transfer-encoding:mime-version:message-id:date:subject:to
	:from;
	bh=fQk8BRusT+BG02NcF/aZDQATuIw6U8hnXeTccKmqvHc=;
	b=VHZlV2uQ8QpW3MUwvvfBaSatS+cVdg3+UJYyvBGGqECO9eb2pR62CIsCZP8Cf/TdlA
	66mCMPofI/EDEn/5bpmcOxb3LAqYFd84G6XvUaqNHEDoczQqvzBMVbHGOmWRzqGmUWaw
	Yr+i0SHzg/dwfMF2RUEZdHmxXOv/feLibTYv/nV2cWN1NiVp9tBHGKt6iJ0dAqzhdGAh
	qYN6QxN8RRd3m0Oq0dxoRKxAgvRu6T/uEiSE4gwoZx60pXL6sdPjDBZ5EDZ/pz7RXgP+
	pCp3uvAgwFgjHhK4iQqN6nIIPCaxgZ6J+oOWPC3pdIrbWZ6q2M7DxYNedMyquBts0RXX
	IqRg==
	ARC-Authentication-Results: i=1; mx.google.com;
	spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar;
	dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
	Return-Path: <noresponder@mail.evelia.unrc.edu.ar>
	Received: from mail.evelia.unrc.edu.ar (mail.evelia.unrc.edu.ar. [200.7.138.18])
	by mx.google.com with ESMTP id s7-20020a4ac107000000b00329db2aa86csi2631493oop.82.2022.04.21.06.18.04
	for <{VITIMA}@gmail.com>;
	Thu, 21 Apr 2022 06:18:05 -0700 (PDT)
	Received-SPF: pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) client-ip=200.7.138.18;
	Authentication-Results: mx.google.com;
	spf=pass (google.com: domain of noresponder@mail.evelia.unrc.edu.ar designates 200.7.138.18 as permitted sender) smtp.mailfrom=noresponder@mail.evelia.unrc.edu.ar;
	dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
	Received: from mail.evelia.unrc.edu.ar (vps-73875.fhnet.fr [188.213.28.11]) by mail.evelia.unrc.edu.ar (Postfix) with ESMTPSA id 165B83246E4 for <{VITIMA}@GMAIL.COM>; Thu, 21 Apr 2022 10:04:24 -0300 (-03)
	From: {VITIMA}@gmail.com
	To: {VITIMA}@gmail.com
	Subject: NOTIFICAÇÃO
	Date: 21 Apr 2022 15:04:24 +0200
	Message-ID: <20220421150424.9F651561F0FF1CEA@GMAIL.COM>
	MIME-Version: 1.0
	Content-Type: text/plain; charset="utf-8"
	Content-Transfer-Encoding: quoted-printable

	Oi!
	Como voc=C3=AA deve ter notado, enviei um e-mail da sua conta. Isso signifi=
	ca que tenho acesso total =C3=A0 sua conta.
	Estou te observando h=C3=A1 alguns meses.
	O fato =C3=A9 que voc=C3=AA foi infectado com njrat atrav=C3=A9s de um site=
	adulto que voc=C3=AA visitou.
	Se voc=C3=AA n=C3=A3o est=C3=A1 familiarizado com isso, vou explicar.
	Njrat me d=C3=A1 acesso total e controle seu dispositivo.
	Isso significa que posso ver tudo na tela, ligar a c=C3=A2mera e o microfon=
	e, mas voc=C3=AA n=C3=A3o sabe disso.
	Tamb=C3=A9m tenho acesso a todos os seus contatos e toda a sua correspond=
	=C3=AAncia.
	Fiz um v=C3=ADdeo mostrando como voc=C3=AA se satisfaz na metade esquerda d=
	a tela, e na metade direita voc=C3=AA v=C3=AA o v=C3=ADdeo que assistiu.
	Com um clique do mouse, posso enviar este v=C3=ADdeo para todos os seus e-m=
	ails e contatos nas redes sociais.
	Tamb=C3=A9m posso postar acesso a toda a sua correspond=C3=AAncia de e-mail=
	e mensageiros que voc=C3=AA usa.
	Se voc=C3=AA quiser evitar isso,
	transferir a quantia de 400 USD para o meu endere=C3=A7o bitcoin (se voc=
	=C3=AA n=C3=A3o souber como fazer isso, escreva para o Google: =E2=80=9CCom=
	pre Bitcoin=E2=80=9D).

	Meu endere=C3=A7o bitcoin (BTC Wallet) =C3=A9: 1PBgsz3bar9N64omj7APSY7rATQ2=
	fyH6Vm

	Ap=C3=B3s receber o pagamento, excluirei o v=C3=ADdeo e voc=C3=AA nunca mai=
	s me ouvir=C3=A1. Dou-lhe 48 horas para pagar.
	Eu tenho um aviso lendo esta carta, e o cron=C3=B4metro funcionar=C3=A1 qua=
	ndo voc=C3=AA vir esta carta.
	Apresentar uma reclama=C3=A7=C3=A3o em algum lugar n=C3=A3o faz sentido por=
	que este e-mail n=C3=A3o pode ser rastreado como meu endere=C3=A7o bitcoin.=
	Eu n=C3=A3o cometo nenhum erro.
	Se eu descobrir que voc=C3=AA compartilhou esta mensagem com outra pessoa, =
	o v=C3=ADdeo ser=C3=A1 distribu=C3=ADdo imediatamente.
	Atenciosamente!