Return-Path: <> Delivered-To: arizona@ns1.southerncaliforniaweatherforce.com Received: from ns1.southerncaliforniaweatherforce.com by ns1.southerncaliforniaweatherforce.com with LMTP id +qjHFjyQ+l4jWAAAomzWrA (envelope-from <>) for ; Mon, 29 Jun 2020 18:07:08 -0700 Return-path: <> Envelope-to: arizona@ns1.southerncaliforniaweatherforce.com Delivery-date: Mon, 29 Jun 2020 18:07:08 -0700 Received: from mailnull by ns1.southerncaliforniaweatherforce.com with local (Exim 4.92) id 1jq4js-0005rp-Al for arizona@ns1.southerncaliforniaweatherforce.com; Mon, 29 Jun 2020 18:07:08 -0700 X-Failed-Recipients: hacker@tomatobaby.com Auto-Submitted: auto-replied From: Mail Delivery System To: arizona@ns1.southerncaliforniaweatherforce.com Content-Type: multipart/report; report-type=delivery-status; boundary=1593479228-eximdsn-647173170 MIME-Version: 1.0 Subject: Mail delivery failed: returning message to sender Message-Id: Date: Mon, 29 Jun 2020 18:07:08 -0700 --1593479228-eximdsn-647173170 Content-type: text/plain; charset=us-ascii This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: hacker@tomatobaby.com host smtp.secureserver.net [68.178.213.37] SMTP error from remote mail server after end of data: 552 5.2.0 q4jqjDlUvZ8zH - q4jqjDlUvZ8zHq4jsjyKZh This message has been rejected due to content judged to be spam by the internet community IB212 - If you feel this is in error, please submit a request using the following page. --1593479228-eximdsn-647173170 Content-type: message/delivery-status Reporting-MTA: dns; ns1.southerncaliforniaweatherforce.com Action: failed Final-Recipient: rfc822;hacker@tomatobaby.com Status: 5.0.0 Remote-MTA: dns; smtp.secureserver.net Diagnostic-Code: smtp; 552 5.2.0 q4jqjDlUvZ8zH - q4jqjDlUvZ8zHq4jsjyKZh This message has been rejected due to content judged to be spam by the internet community IB212 - If you feel this is in error, please submit a request using the following page. --1593479228-eximdsn-647173170 Content-type: message/rfc822 Return-path: Received: from arizona by ns1.southerncaliforniaweatherforce.com with local (Exim 4.92) (envelope-from ) id 1jq4jq-0005rb-Nr for hacker@tomatobaby.com; Mon, 29 Jun 2020 18:07:06 -0700 To: hacker@tomatobaby.com Subject: Confirmation: Message received... X-PHP-Script: arizonaweatherforce.com/index.php for 194.187.249.182 X-PHP-Originating-Script: 1012:class-phpmailer.php Date: Tue, 30 Jun 2020 01:07:06 +0000 From: "theweatherspaceads@gmail.com" Message-ID: <059adb088fa66daeedc2893925669b09@arizonaweatherforce.com> X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) X-Mailer: PHP/5.6.40 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Thank you for your message. We will reply you as soon as possible. This is a copy of the data sent: Email: hacker@tomatobaby.com Subject: Su sitio ha sido Message: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website http://www.arizonaweatherforce.com and extracted your databases. How did this happen? Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server. What does this mean? We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.arizonaweatherforce.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets. How do I stop this? We are willing to refrain from destroying your site\'s reputation for a small fee. The current fee is .33 BTC in bitcoins ($3000 USD). Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive): 1FjMYuEXXRSPbey42fRkHwLgH1yohE2PZF Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start! How do I get Bitcoins? You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you https://cex.io/ for buying bitcoins. What if I don’t pay? If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers. This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied. Best Regards. --1593479228-eximdsn-647173170--