Hacked By AnonymousFox
Current Path : /home/allslyeo/mail/.info@zombie_wtf/new/ |
|
Current File : //home/allslyeo/mail/.info@zombie_wtf/new/1708945886.M583364P1418434.business33.web-hosting.com,S=5796,W=5898 |
Return-Path: <takedown-response+52170381@netcraft.com>
Delivered-To: info@zombie.wtf
Received: from business33.web-hosting.com
by business33.web-hosting.com with LMTP
id yFlmIt5x3GXCpBUA3lZrWA
(envelope-from <takedown-response+52170381@netcraft.com>)
for <info@zombie.wtf>; Mon, 26 Feb 2024 06:11:26 -0500
Return-path: <takedown-response+52170381@netcraft.com>
Envelope-to: info@zombie.wtf
Delivery-date: Mon, 26 Feb 2024 06:11:26 -0500
Received: from mail2.netcraft.com ([52.31.138.216]:58385)
by business33.web-hosting.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.2)
(envelope-from <takedown-response+52170381@netcraft.com>)
id 1reYtD-0068nF-1U
for info@zombie.wtf;
Mon, 26 Feb 2024 06:11:26 -0500
Received: from walleye.netcraft.com (ip-10-8-0-81.eu-west-1.compute.internal [10.8.0.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail2.netcraft.com (Postfix) with ESMTPS id E6C9AB0EB
for <info@zombie.wtf>; Mon, 26 Feb 2024 11:09:36 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail2.netcraft.com E6C9AB0EB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default202103; t=1708945776;
bh=EAszMLplRk8gue975W6pc+Tkft0nQ5tHJr9eJ6rvSa8=;
h=Date:From:Subject:References:In-Reply-To:To:From;
b=SymLnR8NAUB2awJbN/wM20t6kgEhrATVY3NK4nh1a8lVqn15ROVrHpF6YW0Vp29uS
gAj8lUneY7hP46RzzjpZZU+ZzVgJUh32juw9awaT4GAFqaOrhc8WDFbFkI3DTz52xC
Jr+VVdBsHyf0ZT/xJZ9OSiai4LtLCBNG4F3pvhkY5EZI5FLMncstIbLKpGEGyHD8Td
DQLrPLtLTVavLNQWs8AzarH3zqS0nS4pq+agOCMcYiwIMp8dC8nq6Ow6OriYXjZYLb
ICeueos5uvQ2U2Hy3DU25dJq6fak0lMYPeaW69MaEY0A8in/PtBpgUu6Qm2U62rutg
6eljvMHUX8e+g==
Received: by walleye.netcraft.com (Postfix, from userid 507)
id E0A45A26; Mon, 26 Feb 2024 11:09:36 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Mon, 26 Feb 2024 11:09:36 +0000
From: Netcraft Takedown Service <takedown-response+52170381@netcraft.com>
Subject: Re: Issue 52170381: Malicious web shell at hxxps://zombie[.]wtf/wp-content/uploads/gravity_forms/g/b/d/h/ilwfgoatubk.php
References: <bd0f2d38be1587e4a45a60075377ec96@takedown.netcraft.com>
In-Reply-To: <bd0f2d38be1587e4a45a60075377ec96@takedown.netcraft.com>
To: info@zombie.wtf
Message-Id: <179ba097e2fe05c7c5e1529d13c7ea90@takedown.netcraft.com>
X-Spam-Status: No, score=-0.1
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "business33.web-hosting.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Hello, We have discovered a malicious web shell being hosted
on your network: We have tried to contact you previously regarding this attack,
but your spam filter is preventing our emails from being delivered to you
due to the fraudulent URL. Please see our Incident Page for inf [...]
Content analysis details: (-0.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: netcraft.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 GAPPY_SUBJECT Subject: contains G.a.p.p.y-T.e.x.t
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Flag: NO
Hello,
We have discovered a malicious web shell being hosted on your network:
We have tried to contact you previously regarding this attack, but your spam filter is preventing our emails from being delivered to you due to the fraudulent URL. Please see our Incident Page for information about this attack: https://incident.netcraft.com/eff69baa85ac/
Web shells are scripts that attackers upload to compromised web-servers in order to gain remote access. When accessed using a web browser, web shells can allow attackers to upload files, execute arbitrary commands on the server, and send spam. Web shells are often used to create phishing or malware attacks on the compromised server.
Attackers often attempt to disguise web shells as benign pages. Common techniques include returning a fake 404 page and making the web shell input fields on the page invisible. Please check the attacker is not attempting to hide the web shell before dismissing this report.
We previously contacted you about this issue on 2024-02-26 10:14:10 (UTC).
More information about the detected issue is provided at https://incident.netcraft.com/eff69baa85ac/
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 52170381
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.
Hacked By AnonymousFox1.0, Coded By AnonymousFox