Maybe you have entered your private key in a phishing website.
You can't identify the hacker only with that address. It seems that the account was new and created solely for that purpose (storage of stolen tokens/Eth). There's no outgoing transaction as of yet and the address continue to receive tokens.
What I noticed was most tokens received were limited to Utrust, PHI, STP, SPA, SDE, TKT, ebit, COPYTRACK, Transmission, GlobCoin Crypto Platform. Does one of these tokens send you an email or let you fill out something connected to your wallet? If yes, that might be the cause.
nightmare. you want to say that if some company sends an e-mail, then it can be to crack a wallet? so do not answer then and do not open the letter at all?