HEX
Server: Apache/2
System: Linux server-27-254-144-72.da.direct 5.10.0-33-amd64 #1 SMP Debian 5.10.226-1 (2024-10-03) x86_64
User: bannong (1179)
PHP: 8.1.26
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/bannong/Maildir/new/
Upload Files
File: /home/bannong/Maildir/new/1684231460.H132420P11133.server1.chonlatee.com
Return-path: <>
Envelope-to: bannong@bannongsaischool.com
Delivery-date: Tue, 16 May 2023 17:04:20 +0700
Received: from mail by server1.chonlatee.com with local (Exim 4.92)
	id 1pyrXX-0002tU-Vz
	for bannong@bannongsaischool.com; Tue, 16 May 2023 17:04:20 +0700
X-Failed-Recipients: itchonlatee@gmail.com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@server1.chonlatee.com>
To: bannong@bannongsaischool.com
Content-Type: multipart/report; report-type=delivery-status; boundary=1684231459-eximdsn-450865962
MIME-Version: 1.0
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1pyrXX-0002tU-Vz@server1.chonlatee.com>
Date: Tue, 16 May 2023 17:04:19 +0700

--1684231459-eximdsn-450865962
Content-type: text/plain; charset=us-ascii

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  itchonlatee@gmail.com
    host gmail-smtp-in.l.google.com [74.125.68.27]
    SMTP error from remote mail server after end of data:
    550-5.7.26 Unauthenticated email from gmail.com is not accepted due to domain's
    550-5.7.26 DMARC policy. Please contact the administrator of gmail.com domain
    550-5.7.26 if this was a legitimate mail. Please visit
    550-5.7.26  https://support.google.com/mail/answer/2451690 to learn about the
    550 5.7.26 DMARC initiative. h22-20020a170902ac9600b001ae3e5b31b5si646453plr.193 - gsmtp

--1684231459-eximdsn-450865962
Content-type: message/delivery-status

Reporting-MTA: dns; server1.chonlatee.com

Action: failed
Final-Recipient: rfc822;itchonlatee@gmail.com
Status: 5.0.0
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.26 Unauthenticated email from gmail.com is not accepted due to domain's
 550-5.7.26 DMARC policy. Please contact the administrator of gmail.com domain
 550-5.7.26 if this was a legitimate mail. Please visit
 550-5.7.26  https://support.google.com/mail/answer/2451690 to learn about the
 550 5.7.26 DMARC initiative. h22-20020a170902ac9600b001ae3e5b31b5si646453plr.193 - gsmtp

--1684231459-eximdsn-450865962
Content-type: message/rfc822

Return-path: <bannong@bannongsaischool.com>
Received: from bannong by server1.chonlatee.com with local (Exim 4.92)
	(envelope-from <bannong@bannongsaischool.com>)
	id 1pyrXL-0002tH-Ak
	for itchonlatee@gmail.com; Tue, 16 May 2023 17:04:07 +0700
To: itchonlatee@gmail.com
Subject: We Found Holes In Your Website
X-PHP-Originating-Script: 796:class-phpmailer.php
Date: Tue, 16 May 2023 10:04:07 +0000
From: Bradly Chamberlin <itchonlatee@gmail.com>
Reply-To: Bradly Chamberlin <hacker@sekebusiness.com>
Message-ID: <7620968b400126168e07a30063737ea5@bannongsaischool.com>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8

<p><strong>From:</strong> <a href="mailto:hacker@sekebusiness.com">Bradly Chamberlin</a> &#60;hacker@sekebusiness.com&#62; </p>
<p><strong>Message:</strong><br />
We have hacked your website bannongsaischool.com and extracted your databases. This was due to the security holes you had in your your site/server which have gained us remote control of everything that was on the server. </p>
<p>Our team is mostly interested in customer, administrative, and employee information which we have extracted through your databases once we got remote control over the server. It still needs to be sorted out but it will be well-organized once finished. First, we will be going through the emails/sms information and contacting the recipient how you held in disregard about their information being exposed to a hacking group when you could have stopped it. This would be detrimental to your personal image with these relationships with these people. Lastly, now that we have information not only will we be monetizing off it with our methods but made public or sold to other people that will do whatever they wish with the information also after we are done.</p>
<p>Now you can put a stop to this by paying a $3000 fee (0.11 BTC) in bitcoin. You can find our address by visiting https://www.blockchain.com/explorer/addresses/btc/39PHuTwgY5THshy9VJoUXWebDA5jCprPmP where you can copy and paste the address or scan the QR code. We will be notified of payment which we will then delete the information we have obtained, patch the hole in the site/server which we got in and remove you from any future targeting in the future. You have 72 hours in doing so after viewing this message or the series of steps will commence. You can obtain bitcoin through such services such as paxful.com or do a search on bing.com</p>


--1684231459-eximdsn-450865962--
@ Telegram