AnonSec Shell
Server IP : 172.67.216.113  /  Your IP : 104.23.243.33   [ Reverse IP ]
Web Server : Apache
System : Linux cpanel01wh.bkk1.cloud.z.com 2.6.32-954.3.5.lve1.4.59.el6.x86_64 #1 SMP Thu Dec 6 05:11:00 EST 2018 x86_64
User : cp648411 ( 1354)
PHP Version : 7.2.34
Disable Function : NONE
Domains : 0 Domains
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home2/cp648411/mail/.spam/new/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /home2/cp648411/mail/.spam/new/1704783148.M94101P281259.cpanel01wh.bkk1.cloud.z.com,S=7003,W=7148
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from cpanel01wh.bkk1.cloud.z.com
	by cpanel01wh.bkk1.cloud.z.com with LMTP
	id oL3LAyztnGWrSgQACXZrZg
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 09 Jan 2024 13:52:28 +0700
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 09 Jan 2024 13:52:28 +0700
Received: from mail2.netcraft.com ([52.31.138.216]:57630)
	by cpanel01wh.bkk1.cloud.z.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96.2)
	(envelope-from <[email protected]>)
	id 1rN5yH-001CC1-0e
	for [email protected];
	Tue, 09 Jan 2024 13:52:27 +0700
Received: from walleye.netcraft.com (ip-10-8-0-81.eu-west-1.compute.internal [10.8.0.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail2.netcraft.com (Postfix) with ESMTPS id A46F25DFA9
	for <[email protected]>; Tue,  9 Jan 2024 06:51:36 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.netcraft.com A46F25DFA9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
	s=default202103; t=1704783096;
	bh=0VMXz30GNOrZF+8IxWxg14FV+TQ03smKYDwBTKrZ51A=;
	h=Date:From:Subject:To:From;
	b=gFQ2Pv70ZgapB3XtRZxTLv0gT6NU5JJFMRYN66cug5i5b9Jvec2jD1FwAlWVDNCXb
	 mDjJ6QHQ8mBUQYo8yVdXDZnd5tIdb0jr5dnvwGEWkZQ7HRSjkOkrOAXfkBJhGld/Q9
	 VPkD5Cr0kBc8mNAjjvl53aL35tCHFnr94ABwWP0T1tZkKDmHMAGR2hHFSLlEEIcq3J
	 Fe6H1yF8kX4BvUKB3zz/ZnHbLkEa/bDoVopWZww8K9XS2CMIRO/M0Y8YCY8by3fG2p
	 xczcnTUtvk66D6FxRCvWSeMN+gZV/6vQud2ByoJ+dCqCcR0Ea5ZX/ByKF+PURoM8mZ
	 mdiu3iG8Qr37Q==
Received: by walleye.netcraft.com (Postfix, from userid 507)
	id A189F10DC; Tue,  9 Jan 2024 06:51:36 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_170478309616662611374"; report-type="feedback-report"
MIME-Version: 1.0
Date: Tue, 9 Jan 2024 06:51:36 +0000
From: Netcraft Takedown Service <[email protected]>
To: [email protected]
Message-Id: <[email protected]>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: Yes, score=5.8
X-Spam-Score: 58
X-Spam-Bar: +++++
X-Spam-Report: Spam detection software, running on the system "cpanel01wh.bkk1.cloud.z.com",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  Hello, We have discovered a phishing attack on your network.
    hxxp://simded[.]com/CaiiiXa/home/ hxxp://simded[.]com/CaiiiXa/ 
 Content analysis details:   (5.8 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  5.0 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 1.0000]
  1.0 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 1.0000]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Spam-Flag: YES
Subject:  ***SPAM***  Issue 49923866: Phishing attack at hxxp://simded[.]com/CaiiiXa/home/

This is a multi-part message in MIME format.

--_----------=_170478309616662611374
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Hello,

We have discovered a phishing attack on your network.

hxxp://simded[.]com/CaiiiXa/home/
hxxp://simded[.]com/CaiiiXa/

It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Spain
France

You may not have been aware of this attack, however, you are still responsible for removing it.

This attack targets our customer, Caixa Bank, website URL https://www.caixabank.es/.

Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.

Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.

More information about the detected issue is provided at https://incident.netcraft.com/04960a62cc0a/

Kind regards,

Netcraft

Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 49923866

To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: [email protected].

This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_170478309616662611374
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Tue, 9 Jan 2024 06:51:36 +0000

Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_170478309616662611374
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Tue, 9 Jan 2024 06:51:36 +0000

eyJSZXBvcnQiOnsiRGF0ZSI6IjIwMjQtMDEtMDlUMDY6NTA6MTlaIiwiU291cmNlVXJsIjoiaHR0
cDovL3NpbWRlZC5jb20vQ2FpaWlYYS9ob21lLyIsIlJlcG9ydENsYXNzIjoiQ29udGVudCIsIlJl
cG9ydFR5cGUiOiJQaGlzaGluZyIsIlJlcG9ydGVyTm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNpZGVu
dC5uZXRjcmFmdC5jb20vMDQ5NjBhNjJjYzBhLyBmb3IgbW9yZSBpbmZvcm1hdGlvbiIsIlNvdXJj
ZUlwIjoiMTcyLjY3LjE4Mi40NSIsIlJlcG9ydGVyQ2FzZUlEIjoiNDk5MjM4NjYifSwiVmVyc2lv
biI6IjEiLCJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3Bv
bnNlKzQ5OTIzODY2QG5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3JnRG9tYWluIjoibmV0Y3JhZnQu
Y29tIiwiUmVwb3J0ZXJPcmciOiJOZXRjcmFmdCJ9LCJEaXNjbG9zdXJlIjp0cnVlLCJPbkJlaGFs
Zk9mIjp7IkNvbXBsYWluYW50T3JnIjoiQ2FpeGEgQmFuayIsIkNvbXBsYWluYW50T3JnRW1haWwi
OiJ0YWtlZG93bi1yZXNwb25zZSs0OTkyMzg2NkBuZXRjcmFmdC5jb20iLCJDb21wbGFpbmFudE9y
Z0RvbWFpbiI6Ind3dy5jYWl4YWJhbmsuZXMifX0=

--_----------=_170478309616662611374--

Anon7 - 2022
AnonSec Team