Return-Path: <> X-Original-To: www-data@webserver Delivered-To: www-data@webserver Received: by webserver.centroenergia.cl (Postfix) id F3D80203930; Thu, 19 Jan 2023 23:10:11 -0300 (-03) Date: Thu, 19 Jan 2023 23:10:11 -0300 (-03) From: MAILER-DAEMON@webserver (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: www-data@webserver Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="7F30C20391B.1674180611/webserver.centroenergia.cl" Content-Transfer-Encoding: 8bit Message-Id: <20230120021011.F3D80203930@webserver.centroenergia.cl> This is a MIME-encapsulated message. --7F30C20391B.1674180611/webserver.centroenergia.cl Content-Description: Notification Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit This is the mail system at host webserver.centroenergia.cl. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <-i@webserver> (expanded from <-i>): bad address syntax (expanded from ): unknown user: "/usr/sbin/sendmail" <-t@webserver> (expanded from <-t>): bad address syntax : host gmail-smtp-in.l.google.com[64.233.190.27] said: 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both 550-5.7.26 do not pass). SPF check for [webserver] does not pass with ip: 550-5.7.26 [200.9.100.182].To best protect our users from spam, the message has 550-5.7.26 been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. j3-20020a4ad183000000b004f52121c661si11628709oor.37 - gsmtp (in reply to end of DATA command) --7F30C20391B.1674180611/webserver.centroenergia.cl Content-Description: Delivery report Content-Type: message/delivery-status Content-Transfer-Encoding: 8bit Reporting-MTA: dns; webserver.centroenergia.cl X-Postfix-Queue-ID: 7F30C20391B X-Postfix-Sender: rfc822; www-data@webserver Arrival-Date: Thu, 19 Jan 2023 23:10:10 -0300 (-03) Final-Recipient: rfc822; -i@webserver Original-Recipient: rfc822;-i@webserver Action: failed Status: 5.1.3 Diagnostic-Code: X-Postfix; bad address syntax Final-Recipient: rfc822; /usr/sbin/sendmail@webserver Original-Recipient: rfc822;/usr/sbin/sendmail@webserver Action: failed Status: 5.1.1 Diagnostic-Code: X-Postfix; unknown user: "/usr/sbin/sendmail" Final-Recipient: rfc822; -t@webserver Original-Recipient: rfc822;-t@webserver Action: failed Status: 5.1.3 Diagnostic-Code: X-Postfix; bad address syntax Final-Recipient: rfc822; oscarnunezmata@gmail.com Original-Recipient: rfc822;oscarnunezmata@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.26 This message does not pass authentication checks (SPF and DKIM both 550-5.7.26 do not pass). SPF check for [webserver] does not pass with ip: 550-5.7.26 [200.9.100.182].To best protect our users from spam, the message has 550-5.7.26 been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. j3-20020a4ad183000000b004f52121c661si11628709oor.37 - gsmtp --7F30C20391B.1674180611/webserver.centroenergia.cl Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Return-Path: Received: by webserver.centroenergia.cl (Postfix, from userid 33) id 7F30C20391B; Thu, 19 Jan 2023 23:10:10 -0300 (-03) To: oscarnunezmata@gmail.com Subject: ::: Comunidad Solar :: "Your Site Has Been Hacked" X-PHP-Originating-Script: 5000:class-phpmailer.php Date: Fri, 20 Jan 2023 02:10:10 +0000 From: Halina Simson Reply-To: hacker@lacunademibebe.com Message-ID: X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) X-WPCF7-Content-Type: text/plain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit De: Halina Simson Asunto: Your Site Has Been Hacked Cuerpo del Mensaje Your Site Has Been Hacked PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website https://www.comunidadsolar.cl and extracted your databases. How did this happen? Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server. What does this mean? We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your https://www.comunidadsolar.cl was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets. How do I stop this? We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.14 BTC). The amount(approximately): $3000 (0.14 BTC) The Address Part 1: bc1qj9u7gmjk5kznnnjgs The Address Part 2: fvs35fftmtfh7n6wk6jt2 So, you have to manually copy + paste Part1 and Part2 in one string made of 42 characters with no space between the parts that start with "b" and end with "2" is the actually address where you should send the money to. Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 72 hours after receiving this message or the database leak, e-mails dispatched, and de-index of your site WILL start! How do I get Bitcoins? You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. What if I don’t pay? If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers. This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied. -- Este correo fue enviado utilizando contact form en ::: Comunidad Solar :: (http://comunidadsolar.centroenergia.cl) --7F30C20391B.1674180611/webserver.centroenergia.cl--