Showing posts with label Spam. Show all posts
Showing posts with label Spam. Show all posts

Saturday, November 5, 2022

XtraMailer spam service phishing tool







 https://twitter.com/neonprimetime/status/1589084560675201024?s=46&t=CMAHRgmBZRQ-vkxgYQ9Znw


#XtraMailer spam service for credential #phishing 

urlscan.io/result/9274723…

mailer login: 62.210.81[.]212/XtraMailerLogin

stolen creds posted to: 62.210.81[.].212/next.php


https://twitter.com/prodaft/status/1286580568801640448?s=46&t=CMAHRgmBZRQ-vkxgYQ9Znw


were here in the past

hxxp://conferencias.falcorp[.]net

hxxp://195.154.164[.]184

hxxp://195.154.164[.]25

htxxp://62.210.72[.]29


tool error message that shows some internal information


urlscan.io/dom/8f93bd4e-7…


/var/www/xtramailer/vendor/laravel/framework/src/Illuminate/Routing/


RouteCollection.php

Router.php

Pipeline.php


Foundation/Http/Kernel.php

/fideloper/proxy/src/TrustProxies.php

/Middleware/TransformsRequest

/CheckForMaintenanceMode.php

/var/www/xtramailer/public/index.php


some related variables to #XtraMailer spam service #phishing tool


FACEBOOK_CALLBACK_URL

FACEBOOK_CLIENT_ID

FACEBOOK_CLIENT_SECRET

FCGI_ROLE

GOOGLE_APPLICATION_CREDENTIALS

MAIL_PASSWORD

MAIL_USERNAME

PUSHER_APP_ID

PUSHER_APP_KEY

PUSHER_APP_SECRET

RMQ_PASSWORD

RMQ_USER





Posted by at 1 comment:
Labels: , , ,

Tuesday, November 1, 2022

Mega Super Autouploader - msau




Related Social Media Posts

 @500mk500

https://twitter.com/500mk500/status/1586505814839558145?s=20&t=e_pnOL_iyOz5x_fGUE5RpQ

Mega Super Autouploader

https://github.com/stamparm/maltrail/commit/7fca81e41937db476b1ddec47a7f01d1152355d6


Login pages found
http://analiticslist[.]com/msau/
http://solien[.]cc/msau/

Related Domains

alternative[.]am amazon-aws-cloud[.]com analiticslist[.]com app[.]sell-dar[.]com blackbirdpedalboards[.]com bwd86[.]com bwd87[.]com ciaraodoherty[.]com course[.]internationalglobalnetwork[.]com elevatearchitecture[.]com epicgeocaching[.]com go2namibia[.]com hellodolly[.]pw irishfireside[.]com megauploader[.]xyz mesonges[.]fr mrmikesgraphics[.]com nederland-server32[.]email nigerianstalk[.]org oficina[.]motonic[.]com[.]br portfolio[.]whitneybennettblog[.]com smokeyrow[.]com solien[.]cc studiomanufacturing[.]com[.]br thermalwise[.]ca tribuna[.]ee unsinkableplunkett[.]com www[.]agshacks[.]com www[.]cccmarketing[.]vegas www[.]cindyhayen[.]com www[.]datatech911[.]com www[.]kellyurbanphotography[.]com www[.]lottiedababy[.]com www[.]luxuryworldinteriors[.]in www[.]sarahbrownphotography[.]com[.]au www[.]thebiggestworld[.]com www[.]treetopscommunications[.]co[.]uk

Root folder names
www/megauploader.xyz/
www/msau/
www/msau_jml/
www/msau2612/

Files in the Kit
work.php
Core/MainSettings.php
DrwContent/ProcessingMacroses.php
DrwContent/ProcessResTemplate.php
DrwContent/Prs.php
DrwContent/GetContent.php

Sample errors found:
Deprecated: Implicit conversion from float 522588.00000000006 to int loses precision in /var/www/html/msau/Core/MainSettings.php on line 357

Deprecated: Implicit conversion from float 252717.00000000003 to int loses precision in /var/www/html/msau/DrwContent/Prs.php on line 90



Warning: preg_replace(): Unknown modifier '\' in /var/www/www-root/data/www/megauploader.xyz/DrwContent/ProcessResTemplate.php on line 83

Warning: preg_replace(): Unknown modifier '\' in /var/www/www-root/data/www/megauploader.xyz/DrwContent/ProcessResTemplate.php on line 83




Warning: shuffle() expects parameter 1 to be array, string given in /var/www/www-root/data/www/megauploader.xyz/Core/MainSettings.php on line 358

Warning: implode(): Invalid arguments passed in /var/www/www-root/data/www/megauploader.xyz/DrwContent/ProcessingMacroses.php on line 122

Warning: shuffle() expects parameter 1 to be array, string given in /var/www/www-root/data/www/megauploader.xyz/Core/MainSettings.php on line 358

Warning: implode(): Invalid arguments passed in /var/www/www-root/data/www/megauploader.xyz/DrwContent/ProcessingMacroses.php on line 139



Fatal error: Uncaught TypeError: preg_replace_callback(): Argument #2 ($callback) must be a valid callback, function "strip_tags_smart" not found or invalid function name in /var/www/html/msau/Core/MainSettings.php:590 Stack trace: #0 /var/www/html/msau/Core/MainSettings.php(590): preg_replace_callback('~ <[/!]?+\n ...', 'strip_tags_smar...', '510 E 84th Stre...') #1 /var/www/html/msau/DrwContent/Prs.php(168): MainSettings->strip_tags_smart('510 E 84th Stre...') #2 /var/www/html/msau/DrwContent/GetContent.php(26): Prs->getSnippets('education+princ...', 7) #3 /var/www/html/msau/work.php(248): GetContent->__construct(Object(MainSettings), 'education princ...', '1f13728d2ef56b6...', Object(Prs)) #4 {main} thrown in /var/www/html/msau/Core/MainSettings.php on line 590


Deprecated: Implicit conversion from float 519715.00000000006 to int loses precision in /var/www/html/msau_jml/Core/MainSettings.php on line 358

Fatal error: Uncaught TypeError: shuffle(): Argument #1 ($array) must be of type array, string given in /var/www/html/msau_jml/Core/MainSettings.php:359 Stack trace: #0 /var/www/html/msau_jml/Core/MainSettings.php(359): shuffle('Ivermectin wher...') #1 /var/www/html/msau_jml/DrwContent/ProcessingMacroses.php(121): MainSettings->shuffleArr('Ivermectin wher...') #2 /var/www/html/msau_jml/DrwContent/ProcessingMacroses.php(31): ProcessingMacroses->UPMIXKEY() #3 /var/www/html/msau_jml/work.php(258): ProcessingMacroses->goWork() #4 {main} thrown in /var/www/html/msau_jml/Core/MainSettings.php on line 359

Notes:
Seems related to Wordpress sites
Seems like redirect spam to porn, pharma, seo spam, etc.
Posted by at 1 comment:
Labels: , , , ,

Wednesday, April 12, 2017

Somebody Sent out a Phish/Spam Template instead of the Phish

Saw this email. I would guess the attacker sent out the phish/spam template instead of the actual phish/spam!

From: alex@shedbar.com.br
To:
Date: 04/12/2017
Subject: {Say|Tell} No To {Fat|Being Fat}: {Act Now|Act Fast} & Get {Instant|Quick|Incredible|Fantastic|Marvelous|Outstanding} Results


{Having|Getting} the {body of you dreams|slim body|fit body|beach body} is {easier|much easier} than you {think|always thought|thought}, {all thanks to|thanks to|with the help of} the {correct|right|low carb} {diet|diet program|diet plan|nutrition plan|nutrition program}, {good|regular} {workout|gym workouts|workouts} and this {amazing|exclusive|revolutionary|advance|spectacular} {product|supplement|solution} that will {help you|allow you to|give you a chance to|give you an opportunity to|give you a possibility to} achieve {instant|quick|incredible|fantastic|marvelous|outstanding} results.
{Incredible|Revolutionary|Exceptional|Phenomenal|Outstanding|Glorious|Brilliant|Rapid-acting|Fast-acting} {product|supplement|solution} {working|suitable} for {all body types|types of bodies} has proven to {bring fast|show incredible|show fantastic|show quick|show jaw-dropping} results, {motivate|give motivation} for {ongoing|further} {weight reduction|weight loss}, improve {mood|your mood}, {reduce|decrease} appetite and {bring|provide} {all|other|many other} {positive|beneficial|great} effects.
{With the help of|Thanks to its} {exclusive|advanced|amazing|marvelous|unique|one-of-a-kind} formula {developed|created} {in collaboration|together} by {Japanese|German} and American {nutritionists|dietologists|scientists}, your {beach|fit|slim|dream} body is {only one click|one link} away, what are you waiting for?



More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Posted by at No comments:
Labels: ,

Wednesday, January 20, 2016

Dridex 120205 Letter-response A3 2-2 Tim@plan4print.co.uk

Dridex email with VBA Macro Microsoft Word attachment seen this morning.


Attachment was 120205 Letter-response A3 2-2.doc
sender Tim Speed
Subject Emailing: 120205 Letter-response A3 2-2
callouts to hxxp://www.lassethoresen.com

dynamoo blogs a bit about it here

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)