Strange recovery / password phrase

[WildDreams]

Hi

I hope I'm posting this to the correct forum, please excuse a newbie.

I received an email that looks like it may have been sent to my address by mistake, but it looks suspiciously like some sort of crypto recovery phrase!

It was sent From: "*******" <*******@aydinbey.biz.ua> any I can't seem to find any info about aydinbey.biz.ua except that it's a mail server hosted in the Ukraine and was registered by some entity that has registered various bitcoin sites - clue 1

clue 2 - The subject line is as follows, uzmuthp eccaljr atmihnp evnektl    (4 groups of 7 characters)
The body just contains another 5 groups of 7 characters in a similar format to the subject.

Strangely, the from address is also made up of 2 groups of 7 characters  in a similar format to the subject

unfortunately this only makes 11 words in total which do not meet the 12 word BIP39 criteria.

I have also translated the words to Cyrillic but they don't appear in the Ukrainian BIP wordlist either.

Does anyone have any ideas?

 

[1713980161]

1713980161

[1713980161]

1713980161

[odolvlobo]

Does the email have a body? Does it contain a url to click on? Post the entire email including its headers. Regardless, it is unlikely to be a seed.

[jackg]

You could try the 11 words in electrum or somewhere similar and just see if it works. It's' not normally exactly 12 words, sometimes it can be 13 or 14 so it might have a chance of being 11 also.

You could also experiment to see if anything works on an offline copy of the bitaddress.org website on "wallet details" to see if it's a private key you have.

[HCP]

It's more probable that this is just some sort of spam or phising email gone wrong...

Assuming it IS a recovery phrase of some description, it seems logical  that given that it's arrived via email, it would mean it's from some sort of online service like a web wallet or exchange or something like that.

However, I'm not aware of any web wallets that use that format for recovery phrases.

[eelp0904251]

 Consider the sender and recipient information too.  7 character seems to be a key of some sort. Does your email address contain 7 characters?

[nc50lc]

Before thinking about the email if it was something else, ask yourself if you're expecting an email regarding a passphrase.
You might be wasting your time on that.

Emails containing malware and links aren't "that" rare specially if you're actively using that particular email address as a contact on websites that requires registration or subscription.
Can you tell us about your email address' info (not your email address) if it contains a name which is known among Bitcoin users like "Satoshi", "Nakamoto", "John Mcafee" etc because those are often targeted by malicious email senders.

[WildDreams]

Hi

Thanks for all the reply's

The body of the email only contains the 5 groups of 7 character "words", all in text
I have a catchall mailbox for my website and the Envelope-to: address is in my domain.

The To: address is for someone else.

Return-path: <ytmoqys@aydinbey.biz.ua>
Envelope-to: ****@**************.co.za                                        (within my domain)
Delivery-date: Thu, 31 May 2018 10:47:21 +0200
Received: from mail.aydinbey.biz.ua ([185.49.70.99])
   by www22.jnb2.host-h.net with esmtp (Exim 4.84_2)
   (envelope-from <ytmoqys@aydinbey.biz.ua>)
   id 1fOJEr-0005yu-3n
   for ****@****************.co.za; Thu, 31 May 2018 10:47:21 +0200                    (within my domain)
Received: from aydinbey.biz.ua (mail.aydinbey.biz.ua [185.49.70.99])
   by mail.aydinbey.biz.ua (Postfix) with ESMTPA id 193B6AE06;
   Thu, 31 May 2018 09:29:44 +0300 (EEST)
Message-ID: <cf7201d3f8c1$e0a36ea0$38728164@ytmoqys>
From: "adnyqfy" <ytmoqys@aydinbey.biz.ua>
To: <******@******.co.za>                                                                                      (other receipient)
Subject: uzmuthp eccaljr atmihnp evnektl
Date: Thu, 31 May 2018 09:29:30 +0300
MIME-Version: 1.0
Content-Type: text/plain;
   charset="windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
X-Virus-Scanned: Clear (ClamAV 0.99.2/24619/Thu May 31 06:34:57 2018)
X-Unfudged-Spam-Score: -0.0 (/)
Delivered-To: creatird-*****@******************.co.za                                         (within my domain)
 
******* ******* ******* ******* *******                                                            (just in case it is a key to millions )
 

[WildDreams]

BUMP

Has anyone any other ideas?

Thanks

[jackg]

BUMP

Has anyone any other ideas?

Thanks

What does the first word begin with?
What happens when you put it into electrum, anything? Try putting it in as a bip38 seed and setting the derivation path to different things like m/0'/0 or m/49'/0'/0.


The others were probably right though this might just be an email sent to tease you into wondering what it could be that the private key contains rather than it actually having anything in it as some sort of spam attempt.