https://twitter.com/neonprimetime/status/1589084560675201024?s=46&t=CMAHRgmBZRQ-vkxgYQ9Znw
#XtraMailer spam service for credential #phishing
urlscan.io/result/9274723…
mailer login: 62.210.81[.]212/XtraMailerLogin
stolen creds posted to: 62.210.81[.].212/next.php
https://twitter.com/prodaft/status/1286580568801640448?s=46&t=CMAHRgmBZRQ-vkxgYQ9Znw
were here in the past
hxxp://conferencias.falcorp[.]net
hxxp://195.154.164[.]184
hxxp://195.154.164[.]25
htxxp://62.210.72[.]29
tool error message that shows some internal information
urlscan.io/dom/8f93bd4e-7…
/var/www/xtramailer/vendor/laravel/framework/src/Illuminate/Routing/
RouteCollection.php
Router.php
Pipeline.php
Foundation/Http/Kernel.php
/fideloper/proxy/src/TrustProxies.php
/Middleware/TransformsRequest
/CheckForMaintenanceMode.php
/var/www/xtramailer/public/index.php
some related variables to #XtraMailer spam service #phishing tool
FACEBOOK_CALLBACK_URL
FACEBOOK_CLIENT_ID
FACEBOOK_CLIENT_SECRET
FCGI_ROLE
GOOGLE_APPLICATION_CREDENTIALS
MAIL_PASSWORD
MAIL_USERNAME
PUSHER_APP_ID
PUSHER_APP_KEY
PUSHER_APP_SECRET
RMQ_PASSWORD
RMQ_USER