fracassohellas.gr hacked account #190
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
this is probably a hacked account that's been sending spam/virus since at least 14/1. got 3 messages so far, 2 attached with .jar file, 1 without( that was FWed again -4mins later- attached with a .jar file).
Tried to contact account owner, but got no response..
Msg1
`Return-Path: [email protected]
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
.org
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,RDNS_NONE,
ZIP_ATTACHED autolearn=no autolearn_force=no version=3.4.2
X-Original-To: e@.org
Delivered-To: e@.org
Received: from eshop2.atnet.gr (unknown [IPv6:2a01:4f8:192:4438::2])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by .org (Postfix) with ESMTPS id 349E62BE3A2F
for <e@*.org>; Mon, 14 Jan 2019 11:33:35 +0200 (EET)
Authentication-Results: *.org; dmarc=none (p=none dis=none) header.from=fracassohellas.gr
Received: from webmail.frodida.gr (localhost.localdomain [127.0.0.1])
by eshop2.atnet.gr (Postfix) with ESMTPA id 2BE40E8066F;
Mon, 14 Jan 2019 10:24:11 +0100 (CET)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_13665ea33678fcded6fc8d8b8d1af4fc"
Date: Mon, 14 Jan 2019 10:24:11 +0100
From: Sales [email protected]
To: undisclosed-recipients:;
Subject: Re: New Order 14218
In-Reply-To: [email protected]
References: [email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Message-ID: [email protected]
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.1.10
X-Virus-Scanned: clamav-milter 0.100.2 at *.org
X-Virus-Status: Clean
--=_13665ea33678fcded6fc8d8b8d1af4fc
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
format=flowed
Χαί�ετε
FYI
Εδώ επισυνάπτονται τα νÎα Ï€Ï�οϊόντα και κάνετε την επιλογή σας.
Thanks
Georgieva
--=_13665ea33678fcded6fc8d8b8d1af4fc
Content-Transfer-Encoding: base64
Content-Type: application/zip;
name=ORG_INV3765.jar
Content-Disposition: attachment;
filename=ORG_INV3765.jar;
size=691410
`
Msg2
Return-Path: <[email protected]> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on *.org X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_05,KHOP_DYNAMIC autolearn=no autolearn_force=no version=3.4.2 X-Original-To: e*@*.org Delivered-To: e*@*.org Received: from server.tyropoulos.gr (static.146.190.46.78.clients.your-server.de [78.46.190.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by *.org (Postfix) with ESMTPS id 696F02BC0439 for <e*@*.org>; Tue, 22 Jan 2019 12:20:07 +0200 (EET) Authentication-Results: *.org; dmarc=none (p=none dis=none) header.from=fracassohellas.gr Received: from webmail.tyropoulos.gr (localhost [IPv6:::1]) by server.tyropoulos.gr (Postfix) with ESMTPSA id AC9FC25DBA45; Tue, 22 Jan 2019 12:16:05 +0200 (EET) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 22 Jan 2019 11:16:05 +0100 From: Sales <[email protected]> To: undisclosed-recipients:; Subject: Re: Re: New Order 14218 In-Reply-To: <[email protected]> References: <[email protected]> Message-ID: <[email protected]> X-Sender: [email protected] User-Agent: Roundcube Webmail/1.3.6 X-Virus-Scanned: clamav-milter 0.100.2 at *.org X-Virus-Status: CleanMsg3
`Return-Path: [email protected]
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
.org
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_05,KHOP_DYNAMIC
autolearn=no autolearn_force=no version=3.4.2
X-Original-To: e@.org
Delivered-To: e@.org
Received: from server.tyropoulos.gr (static.146.190.46.78.clients.your-server.de [78.46.190.146])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by .org (Postfix) with ESMTPS id D3D522BC1559
for <e@.org>; Tue, 22 Jan 2019 12:24:18 +0200 (EET)
Authentication-Results: *.org; dmarc=none (p=none dis=none) header.from=fracassohellas.gr
Received: from webmail.tyropoulos.gr (localhost [IPv6:::1])
by server.tyropoulos.gr (Postfix) with ESMTPSA id A5872203BD86;
Tue, 22 Jan 2019 12:20:49 +0200 (EET)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_b21c5ce210888430f1c65cfaaa31e6d0"
Date: Tue, 22 Jan 2019 11:20:49 +0100
From: Sales [email protected]
To: undisclosed-recipients:;
Subject: Fwd: Re: Re: New Order 14218
In-Reply-To: [email protected]
References: [email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Message-ID: [email protected]
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.3.6
X-Virus-Scanned: clamav-milter 0.100.2 at *.org
X-Virus-Status: Clean
--=_b21c5ce210888430f1c65cfaaa31e6d0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
format=flowed
γεια σας
FYI
Î’Ï�ίσκονται τα συνημμÎνα τα στοιχεία που παÏ�ατίθενται για τη νÎα
πα�αγγελία, τι νομίζετε;
rgs
Ακ�ογιαλο�
--=_b21c5ce210888430f1c65cfaaa31e6d0
Content-Transfer-Encoding: base64
Content-Type: application/octet-stream;
name=INV2944.ha.jar
Content-Disposition: attachment;
filename=INV2944.ha.jar;
size=699091`