Facebook
From Buff Bushbaby, 3 Days ago, written in Plain Text.
Embed
Download Paste or View Raw
Hits: 39
  1. Your network has been compromised and you sent us spam as part of  a
  2. hitwheeste ddos attack meant to overwhelm our email server.
  3. Gobi.com.sg website was recently brought down by hitwheeste ddos.
  4. for more on what we have found out on the attack
  5. http://zifsoft.com/2018/04/28/hitwheeste-ddos/
  6. We would appreciate if you could help us look into this.
  7. Your email was triggered by a fake registration. Please check your forms.
  8. Hitwheeste ddos attack starts with unsecured forms (ours was ninja forms)
  9. and unchallenged comments. you should take steps to secure them
  10. -----------------------------------------------------------
  11. ---original email header---
  12. Return-Path:
  13.  
  14. X-Original-To: info@gobi.com.sg
  15. Delivered-To: x14518238@homiemail-mx34.g.dreamhost.com
  16. Received: from mail2.cba.pl (mail2.cba.pl [95.211.144.67])
  17.         (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
  18.         (No client certificate requested)
  19.         by homiemail-mx34.g.dreamhost.com (Postfix) with ESMTPS id
  20. BC882600C7F54
  21.         for ; Mon,  7 May 2018 12:46:27 -0700 (PDT)
  22. Received: from localhost (localhost [127.0.0.1])
  23.         by mail.cba.pl (Postfix) with ESMTP id 355CF1783244
  24.         for ; Mon,  7 May 2018 21:46:26 +0200 (CEST)
  25. X-Virus-Scanned: Debian amavisd-new at localhost
  26. Received: from mkwk019.cba.pl (mkwk019 [37.48.70.196])
  27.         by mail.cba.pl (Postfix) with ESMTP id B11DB1785B43
  28.         for ; Mon,  7 May 2018 21:46:24 +0200 (CEST)
  29. Received: by mkwk019.cba.pl (Postfix, from userid 0)
  30.         id 8288D26236F; Mon,  7 May 2018 21:46:24 +0200 (CEST)
  31. To: info@gobi.com.sg
  32. Subject: Welcome to
  33. X-PHP-Originating-Script:
  34. /profiles/r/ra/rad/radiogoldlive/radiogoldlive.cba.pl/includes/phpmailer_inc
  35. lude.php
  36. Date: Mon, 7 May 2018 21:46:24 +0200
  37. From: admin
  38. Reply-to: admin
  39. Message-ID: <0887b7c35354bfe187b9d9541193ad67@www.radiogoldlive.cba.pl>
  40. X-Priority: 3
  41. X-Mailer: PHPMailer [version 1.73]
  42. MIME-Version: 1.0
  43. Content-Transfer-Encoding: 8bit
  44. Content-Type: text/plain; charset=iso-8859-2
  45.  
  46. -----------------------------------------------------------
  47. Witaj Wrabeimirm,
  48.  
  49. Witamy w serwisie . Oto Twoje dane potrzebne do zalogowania si─Ö na naszej
  50. stronie:
  51.  
  52. Nazwa U┼╝ytkownika - Nick: Wrabeimirm
  53. Hasło: a@kTni3s94J
  54.  
  55. Mo┼╝esz aktywowa─ç swoje konto klikaj─ůc na poni┼╝szy odno┼Ťnik:
  56. http://www.radiogoldlive.pl/register.php?activate=fb305bf12ec171079fabf74a85
  57. 77d208