Standalone tools used: TracerouteNG / FOCA / Maltego / Nmap
Online tools used: IP Tracker & Blockchain
We all know the annoying scam E-Mails which flood our mailboxes. In recent months a new scam mail popped up claiming to have filmed the victim masturbating while watching porn and that if no money is sent to a certain bitcoin wallet the video will be released.
Though the E-Mail has all the red flags in it to show that it is indeed a scam E-Mail (bad wording, no proof/facts of the video, not addressed by name of the victim) people have payed the money to various bitcoin wallets in the past.
After again receiving such an E-Mail I saw something different this time: It was not a “throw away” E-Mail address but an E-Mail address tied to an actual existing webpage/domain name called davidstephensusc.com (mail.davidstephensusc.com with an AX record also exists). So this caught my attention and I did a quick research to find out where the page is hosted and whether I can gather any additional information and check if there is a possibility to shut down the domain for good.