Received: from BYAPR05MB5815.namprd05.prod.outlook.com (2603:10b6:a03:c6::19)

1. Received: from BYAPR05MB5815.namprd05.prod.outlook.com (2603:10b6:a03:c6::19)
2. by BYAPR05MB4613.namprd05.prod.outlook.com with HTTPS; Fri, 15 Oct 2021
3. 13:01:48 +0000
4. Received: from BN6PR22CA0060.namprd22.prod.outlook.com (2603:10b6:404:ca::22)
5. by BYAPR05MB5815.namprd05.prod.outlook.com (2603:10b6:a03:c6::19) with
6. Microsoft SMTP Server (version=TLS1_2,
7. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.11; Fri, 15 Oct
8. 2021 13:01:45 +0000
9. Received: from BN8NAM04FT011.eop-NAM04.prod.protection.outlook.com
10. (2603:10b6:404:ca:cafe::1d) by BN6PR22CA0060.outlook.office365.com
11. (2603:10b6:404:ca::22) with Microsoft SMTP Server (version=TLS1_2,
12. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.14 via Frontend
13. Transport; Fri, 15 Oct 2021 13:01:45 +0000
14. Authentication-Results: spf=temperror (sender IP is 5.9.59.50)
15. smtp.mailfrom=Ubuntu-2004-focal-64-minimal; REDACTED by Marty; dkim=none
16. (message not signed) header.d=none;REDACTED by Marty; dmarc=none action=none
17. header.from=Ubuntu-2004-focal-64-minimal;
18. Received-SPF: TempError (protection.outlook.com: error in processing during
19. lookup of Ubuntu-2004-focal-64-minimal: DNS Timeout)
20. Received: from Ubuntu-2004-focal-64-minimal (5.9.59.50) by
21. BN8NAM04FT011.mail.protection.outlook.com (10.13.161.109) with Microsoft SMTP
22. Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
23. 15.20.4608.15 via Frontend Transport; Fri, 15 Oct 2021 13:01:43 +0000
24. Received: by Ubuntu-2004-focal-64-minimal (Postfix, from userid 110)
25. id DF5906C27A9; Fri, 15 Oct 2021 15:07:06 +0200 (CEST)
26. Received: by Ubuntu-2004-focal-64-minimal (Postfix, from userid 111)
27. id 323946C1172; Fri, 15 Oct 2021 14:47:06 +0200 (CEST)
28. Subject: Important Security Alert
29. To: REDACTED by Marty
30. X-Mailer: mail (GNU Mailutils 3.7)
31. Message-Id: <20211015124706.323946C1172@Ubuntu-2004-focal-64-minimal>
32. Date: Fri, 15 Oct 2021 14:47:06 +0200 (CEST)
33. From: steasys@Ubuntu-2004-focal-64-minimal
34. Return-Path: steasys@Ubuntu-2004-focal-64-minimal
35. X-MS-Exchange-Organization-ExpirationStartTime: 15 Oct 2021 13:01:44.1040
36. (UTC)
37. X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
38. X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
39. X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
40. X-MS-Exchange-Organization-Network-Message-Id:
41. 8f960358-9f26-4e67-0b92-08d98fdbf041
42. X-EOPAttributedMessage: 0
43. X-EOPTenantAttributedMessage: 5a589c08-32c3-4d84-8cb2-48d77520a99b:0
44. X-MS-Exchange-Organization-MessageDirectionality: Incoming
45. X-MS-PublicTrafficType: Email
46. MIME-Version: 1.0
47. X-MS-Exchange-Organization-AuthSource:
48. BN8NAM04FT011.eop-NAM04.prod.protection.outlook.com
49. X-MS-Exchange-Organization-AuthAs: Anonymous
50. X-MS-Office365-Filtering-Correlation-Id: 8f960358-9f26-4e67-0b92-08d98fdbf041
51. X-MS-TrafficTypeDiagnostic: BYAPR05MB5815:
52. X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
53. X-MS-Exchange-Organization-SCL: 5
54. X-Forefront-Antispam-Report:
55. CIP:5.9.59.50;CTRY:DE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:Ubuntu-2004-focal-64-minimal;PTR:static.50.59.9.5.clients.your-server.de;CAT:SPM;SFS:(9686003)(36906005)(4744005)(42882007)(22186003)(6916009)(3480700007)(450100002)(86362001)(42186006)(356005)(83380400001)(81166007)(6266002)(58800400005)(5660300002)(426003)(1096003)(63350400001)(1076003)(33656002)(8676002)(33716001)(2616005)(7116003)(26005)(2160300002)(336012)(1557600010);DIR:INB;
56. X-Microsoft-Antispam: BCL:0;
57. X-MS-Exchange-UnifiedGroup-DisplayName: REDACTED by Marty
58. X-MS-Exchange-UnifiedGroup-Address: REDACTED by Marty
59. X-MS-Exchange-UnifiedGroup-MailboxGuid: 3ca36a1c-ef48-4efd-a72f-e23edb1ed776
60. X-Auto-Response-Suppress: DR, OOF, AutoReply
61. X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2021 13:01:43.9181
62. (UTC)
63. X-MS-Exchange-CrossTenant-Network-Message-Id: 8f960358-9f26-4e67-0b92-08d98fdbf041
64. X-MS-Exchange-CrossTenant-Id: 5a589c08-32c3-4d84-8cb2-48d77520a99b
65. X-MS-Exchange-CrossTenant-AuthSource:
66. BN8NAM04FT011.eop-NAM04.prod.protection.outlook.com
67. X-MS-Exchange-CrossTenant-AuthAs: Anonymous
68. X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
69. X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5815
70. X-MS-Exchange-Transport-EndToEndLatency: 00:00:04.9407463
71. X-MS-Exchange-Processed-By-BccFoldering: 15.20.4608.015
72. X-Microsoft-Antispam-Mailbox-Delivery:
73. ucf:0;jmr:1;auth:0;dest:J;ENG:(910001)(944506458)(944626604)(750132)(520011016);
74. X-Microsoft-Antispam-Message-Info:
75. =?us-ascii?Q?POGHnTusQQqH3QreL1/aykrE1dh2VF1+XeUxVbH4i2uCDlB+NqCqyYCPbD92?=
76. =?us-ascii?Q?y0bQUKYZkUCQgPd0u8yUmDhm/rELUryIoHj5HIFcmtnWjZIRNR7gnVE2Vsot?=
77. =?us-ascii?Q?sPeQVzkSialIRB4qf3iHSSOMDWIMGMZ0VX5GiKGEFL9xTe926pFg/WgypNhD?=
78. =?us-ascii?Q?30utRAD5AL63VxS+V38TUneDjH+965IYGyrwAI+b4wg25Gt1d61SUWillQpb?=
79. =?us-ascii?Q?rhgeh3haDckrqFMX6K+s112RkKhFz/8pKCQ1BiAXbXB8/ttyDm56K9s+2ivj?=
80. =?us-ascii?Q?K4weYTdHmaKpX0MWO3mmEdM3xyVN0zHQRrM+IWFK3VwWO9zDzXMAaClApvOv?=
81. =?us-ascii?Q?9n3a9244p6oVwz1HeLsPZRhVNBDWnFgTdsaRf3Cp3MBtWKjg0GeSchw/Wqef?=
82. =?us-ascii?Q?MdojRN0iZcwmnc3Yy7tAALYQwLllaXGVbRxXxmtTlZm7yhhPAeBP+jspzS5l?=
83. =?us-ascii?Q?AJYmyrYZam6bLT3AZ4/3rXKTNiWm6l22AlfHVCvD+4QGPDI3QuKo7egNDvBz?=
84. =?us-ascii?Q?nks+GnJ4KcgPfhWQb5w/IyTrgneD0D2QyoMnGCuHSrZSuaYiFBYSL2o5HHr3?=
85. =?us-ascii?Q?nSJRFUX4uZWbs+jMe3HIzcj4u77o2RWMsfnBZciwHBgytGxXlLNXK9/CJ3+v?=
86. =?us-ascii?Q?jan2lY/LUYvtuWTna4fu1i9GUs0/2d8c0L0wtAVykdxn8m6LDoQ09CpANoc7?=
87. =?us-ascii?Q?/3v0VfM/mPW+C4fuBE3FRJG3otpicTgBow4J2J42iSoN2MA0FCBmTMpTaldd?=
88. =?us-ascii?Q?Ni+C1CGSX9Ou5J64T+J9464x0agHEg0zrYvlvumtEaVe84qNdP4Htz5emECo?=
89. =?us-ascii?Q?yqk/9DrECmIp2B1APHlz7GNbABgatdOGnwEDYk38YvdAUpfATIAsXIuHAHSk?=
90. =?us-ascii?Q?9kFRpN3jfj+uJ5QfhUQBZ3bIfm0t2w4OpBIEUjdSknta8kUAjBN5UOykndPu?=
91. =?us-ascii?Q?o0VYOyHmaWqwuweapkA4FNdHONddgLRuLpQLvbmgqCtmaJymb3EkWZUXW95E?=
92. =?us-ascii?Q?6WBRV74VPFNCwWzedP/t/T/XGFp3aQ6MmF3c3OD5T7kC3f2xxZABTl7OGpXe?=
93. =?us-ascii?Q?O7yntH2nCkEuOMVYywk1azRHhC+RJBQQLlTxiYkKbpoyZGHtvPmIfdrJ+wfb?=
94. =?us-ascii?Q?SApnpqRRTHJXlIV4LPkjb+Go/npCsmA60OY8jouhMQObpF4s8mbgWLiBnAjd?=
95. =?us-ascii?Q?7CzeOIDyLhN9swYma0Xu22BHKUJUxq1HkLQ+3ZT9Txb73HpBIUgjFv5vKClV?=
96. =?us-ascii?Q?gz3sudxl61bHWbZqkqc1AaTiuMIHF5HNAOQ9FNOi/Xw0JpE/N7zuGDDWBv3O?=
97. =?us-ascii?Q?+bldk3n/8jfLMRE6gPa4xGUJC/VM4DZqG9adOu4EywMCI1sDjlJh5OXf6s2j?=
98. =?us-ascii?Q?bslw4AN/MsJ4NaxXXRy5Jr6pSGcLVF8pQpdbeEx3qORGNvfQmcsEeV1uq5WW?=
99. =?us-ascii?Q?EeOOAh/yhywy5H75k00bAet89X0t8yWY7gu6aNoldiRrOW8Hks1svzVqTCGD?=
100. =?us-ascii?Q?qGYVSVs3myqLO2q7GYY3LwQjbneLSJq+MDfIMKZxVuxXwEt/LbyuECjYIzEr?=
101. =?us-ascii?Q?/BCoAOIOJ8eJlomGhL1vIAM+gr++HX46vqkDQcDlEe173KwE8h1Dnw82Ldo5?=
102. =?us-ascii?Q?wIq005/x908pYRM6UEhjsvCK2cHXRy8k9iv2srg6Lg7KmWBrmSAUUfKVGUZ3?=
103. =?us-ascii?Q?rc+ALmiYJkY3etkYI3ThWAvbc71a8XWRwRvl9gHCAV0xouImjti9NAxIhb0Y?=
104. =?us-ascii?Q?/e5xsirQ8T/W3ualnzE3agbnqDtQkoj8OtWewWb/GuurYngSOysgt+MKwbUd?=
105. =?us-ascii?Q?5P4NP0doDnvFN/Gu9Gdu9AHWLlLtvmt1jLP9rf3f4mpVC9jZDyAJES85P0dw?=
106. =?us-ascii?Q?c3UI80FjYDbWFqip2Wlhe8kCCgAauibXwviDiXokmIu9MwUt84MptI/4rSoU?=
107. =?us-ascii?Q?+ecUKX+uR07Bux8QGNJa1DjXIZkmrddRrDWCo4BkKKaz6Wb0SjN5pXJCFhZ1?=
108. =?us-ascii?Q?3q5x4ultTN13R5z5T901TVG7BGeqTSttjlRSSeZB/C8+lmOwHPhqqOMZGVfV?=
109. =?us-ascii?Q?JEe/WAKD5ZPX+BNfavx6B+gjCVhRdtsE3WdaFCIZUynCKvHl4efg+tmD9wy6?=
110. =?us-ascii?Q?2Sq8sETTHmVJAP1+YCm+gfziKWvAfBFudJvaqd46SJ0S1gox7iGs3IyR5CRD?=
111. =?us-ascii?Q?AK8E+Lrmeapjtuq3Drpa2I2p9LnrD+PDMnKwnjfWrWYQSn7v6upok0Xsm+t9?=
112. =?us-ascii?Q?y1Laj2JPWp+oYBy7PMh519P7PNu9c+Pm61ehZuLrwg=3D=3D?=
113. Content-type: text/plain;
114. charset="UTF-8"
115. Content-transfer-encoding: 7bit
116.  
117. [EXTERNAL]
118.  
119. Hello fellow ASN owner/IX operator,
120.  
121. We (<https://lowendtalk.com> and <https://lowendspirit.com>), have hacked into your central routers, and are going to destroy all of your routes/BGP configuration within the next 10 minutes; we have your backups, too! We do not care about your company, etc., we are only interested in destroying it for the lulz. You can check for yourself in the SSH auth logs. Our IP is "159.196.14.47" :)
122. If you would like this to not happen, please open a ticket on <https://support.lowendtalk.com>, and post your ASN within the next 5 minutes. As proof, we know that you are terrible with IPv6, and your central routers are Cisco/MikroTik.
123. We are only interested in also supporting our sponsor, which is <https://www.buyvm.net>. They have a much better network than you do, anyway!
124.  
125. Kind Regards,
126.  
127. raindog308 (l33t bot operator), PieHasBeenEaten (elite hacker), and FAT32 (fat32@mail.com)
128.  
129.