Logo



PHP Mailer Script list, useful to spot hacked/hijacked servers

Click here to view the below list plus whether each mailer is alive or not (slower)

Address of PHP Mailer script Subject (link) Date
unlockviagsmcare.com/me.php
Link | Homepage of potentially hijacked domain | WHOIS
ttention:Beneficiary, Fro 2016-05-25 17:12:29
io_uigyuhoi.netne.net/v2.php
Link | Homepage of potentially hijacked domain | WHOIS
Please update your accoun 2016-05-25 12:35:42
o-ogle.org/dwx/admin/index.php
Link | Homepage of potentially hijacked domain | WHOIS
[PAL-rID: #01605.22] Prob 2016-05-23 18:07:29
www.alsalambahrain.com/index.php
Link | Homepage of potentially hijacked domain | WHOIS
Currency Converter Discla 2016-05-18 22:21:33
appui.ca/leafmailer.php
Link | Homepage of potentially hijacked domain | WHOIS
Unauthorized access ! 2016-05-17 18:11:59
meditacionenmurcia.org/post.php
Link | Homepage of potentially hijacked domain | WHOIS
Notice to appear in Court 2016-05-13 19:17:41
donkeymails.com/bbee/l1.php
Link | Homepage of potentially hijacked domain | WHOIS
DEAR FRIEND 2016-05-10 15:51:03
scores.info/mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
Your Email Was Logged In 2016-05-10 05:11:23
www.doctorksa.com/app/webroot/newCaptcha/$BeNnY$.php
Link | Homepage of potentially hijacked domain | WHOIS
BUSINESS PROPOSAL 2016-05-06 08:02:01
www.brandmarketingconcepts.com/dr1.php
Link | Homepage of potentially hijacked domain | WHOIS
URGENT AND CONFIDENTIAL 2016-05-04 13:56:38
drmirkinnutritionflorida.com/wp-includes/Text/Diff/Renderer/hammmmed.php
Link | Homepage of potentially hijacked domain | WHOIS
Dear Esteemed Customer 2016-04-29 04:01:34
drmirkinnutritionflorida.com/wp-includes/Text/Diff/Renderer/hammmmed.php
Link | Homepage of potentially hijacked domain | WHOIS
Dear Esteemed Customer. 2016-04-21 11:50:26
office.x3po.com/admin/envio_4.php
Link | Homepage of potentially hijacked domain | WHOIS
Renan Almeida de Oliveira 2016-04-07 14:52:50
www.audruvis.lt/js/damn/Hard.script.php
Link | Homepage of potentially hijacked domain | WHOIS
Bonjour, 2016-03-31 06:30:03
www.offshoringmybusiness.com/composers.php
Link | Homepage of potentially hijacked domain | WHOIS
Mail Order 2016-03-30 22:44:47
www.poltronaskastrup.com.br/wp-config.php
Link | Homepage of potentially hijacked domain | WHOIS
HAVE YOU RECEIVED YOUR FU 2016-03-29 21:20:06
www.sulambiental.eng.br/site/wp-admin/maint/_.php
Link | Homepage of potentially hijacked domain | WHOIS
Please verify 2016-03-26 06:53:55
critmas.xyz/paygetinbox/zeemoney.php
Link | Homepage of potentially hijacked domain | WHOIS
From :Customer Service an 2016-03-10 06:00:08
www.wivesbehindthebadge.org/FBTB/inbox.php
Link | Homepage of potentially hijacked domain | WHOIS
l'Assurance Maladie en li 2016-03-04 21:36:04
www.microactivism.org/muslim.php
Link | Homepage of potentially hijacked domain | WHOIS
CAN YOU ADOPT MY CHILD? 2016-03-03 12:20:37
aoi.co.id/,/PRO Mailer V2.php
Link | Homepage of potentially hijacked domain | WHOIS
Usd 33,950 Transfer 2016-03-03 10:40:27
novauniaoalimentos.com.br/v1/flash/send.php
Link | Homepage of potentially hijacked domain | WHOIS
Your Approved Funds $5,80 2016-02-24 06:19:10
biocruz.cl/wp-admin/buzz.php
Link | Homepage of potentially hijacked domain | WHOIS
Kindly update to our late 2016-02-24 03:08:21
baursmagic.com/wp-admin/wp-next.php
Link | Homepage of potentially hijacked domain | WHOIS
Attn: Announcement 2016-02-22 10:26:07
grrasplacements.com/ for 127.0.0.1 Date: Sun, 21 Feb 2016 14:05:17 -0600 From: Tricia Flowers Message-ID: <7ffdf6b47089f75696b958e6778ab860@grrasplacements.com> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_7ffdf6b47089f75696b958e6778ab860" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - host.grrassolutions.in X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [512 499] / [47 12] X-AntiAbuse: Sender Address Domain - grrasplacements.com X-Get-Message-Sender-Via: host.grrassolutions.in: authenticated_id: grraspla/from_h X-Authenticated-Sender: host.grrassolutions.in: tricia_flowers@grrasplacements.com X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/grraspla/public_html/new1/1/wp-includes/images/search.php
Link | Homepage of potentially hijacked domain | WHOIS
Horny fitness model livin 2016-02-21 20:06:21
nexuscorporation.in/ for 127.0.0.1 Date: Sun, 21 Feb 2016 19:12:00 +0530 From: Sheryl Sandoval Message-ID: <2d619e48daab15b9a393118cbc0ca922@nexuscorporation.in> X-Priority: 3 X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_2d619e48daab15b9a393118cbc0ca922" Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mail.etcsfzc.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [511 500] / [47 12] X-AntiAbuse: Sender Address Domain - nexuscorporation.in X-Get-Message-Sender-Via: mail.etcsfzc.com: authenticated_id: nexus/from_h X-Authenticated-Sender: mail.etcsfzc.com: sheryl_sandoval@nexuscorporation.in X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/nexus/public_html/wp-admin/css/colors/ocean/info54.php
Link | Homepage of potentially hijacked domain | WHOIS
I'm touching my pu$$y thi 2016-02-21 13:42:05
countryautismnetwork.org.au/wp-best.php
Link | Homepage of potentially hijacked domain | WHOIS
Imp 2016-02-20 16:24:36
www.donkeymails.com/scripts/mail.php
Link | Homepage of potentially hijacked domain | WHOIS
Opportunity to work as NG 2016-02-19 23:59:37
www.uta-rus.com/upload/0/elord.php
Link | Homepage of potentially hijacked domain | WHOIS
making contact for your s 2016-02-04 05:57:27
powerteamlink.com/rotator/inc/AIKMAN.php
Link | Homepage of potentially hijacked domain | WHOIS
Activait your PayPal acco 2016-01-28 10:59:31
sinanoori.com/downloader/promo.php
Link | Homepage of potentially hijacked domain | WHOIS
message re?u 2016-01-27 03:59:12
www.fourkidscoffee.com/ckeditor/samples/assets/Wat3rMailer.php
Link | Homepage of potentially hijacked domain | WHOIS
Dear Friend 2016-01-19 13:28:19
piemonte.fite.it/userfiles/files/bill.php
Link | Homepage of potentially hijacked domain | WHOIS
pleas check the informati 2015-12-30 23:02:11
imagewearcw.com/france1.php
Link | Homepage of potentially hijacked domain | WHOIS
child for adoption. 2015-12-29 21:12:19
purl.asu.edu/sites/default/files/AzA.php
Link | Homepage of potentially hijacked domain | WHOIS
(Apple Service) 2015-12-25 13:10:25
www.dimaal-taif.com/wp-includes/wp-mail.php
Link | Homepage of potentially hijacked domain | WHOIS
double your bitcoin to 10 2015-12-20 13:30:47
natureaudions.doitaffiliatebiz.com/blog/wp-content/themes/startup/wp-mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
Order Enquiry, 2015-12-10 08:53:33
natureaudions.doitaffiliatebiz.com/blog/wp-content/themes/startup/wp-mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
Order Enquiry.. 2015-12-08 20:10:30
mobmtz.com/images/2.php
Link | Homepage of potentially hijacked domain | WHOIS
[Paypal Alert] Please Con 2015-11-30 13:12:58
www.dragonleisure.bt/cache/1.php
Link | Homepage of potentially hijacked domain | WHOIS
Next Of Kin 2015-11-15 17:02:59
webmail.dspeir.gr/index.php
Link | Homepage of potentially hijacked domain | WHOIS
Re: Hello 2015-11-11 02:26:20
www.dragonleisure.bt/cache/1.php
Link | Homepage of potentially hijacked domain | WHOIS
Re-confirm YOUR NAME,ADDR 2015-11-09 13:33:22
www.informationdynamo.com/goals.php
Link | Homepage of potentially hijacked domain | WHOIS
Re:Breaking News Nov ,201 2015-11-03 17:00:14
movielink.ml/templates/beez3/mailerxd.php
Link | Homepage of potentially hijacked domain | WHOIS
U.S AMBASSADOR FUND NOTIF 2015-11-03 12:07:25
www.donkeymails.com/pages/m.php
Link | Homepage of potentially hijacked domain | WHOIS
We have sent to you sever 2015-10-26 11:57:15
movielink.ml/templates/beez3/mailerxd.php
Link | Homepage of potentially hijacked domain | WHOIS
U.S AMBASSADOR TO NIGERIA 2015-10-26 11:20:03
movielink.ml/templates/beez3/mailerxd.php
Link | Homepage of potentially hijacked domain | WHOIS
The first $5000.00 was se 2015-10-23 11:10:50
www.hathareclothing.com/ for 105.108.192.104 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Message-Id: Date: Sat, 10 Oct 2015 20:24:12 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator3004.hostgator.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [32534 500] / [47 12] X-AntiAbuse: Sender Address Domain - gator3004.hostgator.com X-BWhitelist: no X-Source-IP: X-Exim-ID: 1Zl5My-000Ebw-AR X-Source: /opt/php52/bin/php-cgi X-Source-Args: /opt/php52/bin/php-cgi /home3/mpickle7/public_html/hathareclothing.com/bloh.php
Link | Homepage of potentially hijacked domain | WHOIS
[ PayPal ] : View your re 2015-10-11 02:24:18
voicenowapp.com/voiceapp/app/webroot/index.php
Link | Homepage of potentially hijacked domain | WHOIS
Thank you for joining Mos 2015-10-01 12:15:18
www.relocations2go.com/uk/sms/maxo.php
Link | Homepage of potentially hijacked domain | WHOIS
=====Job Referral==== 2015-09-30 10:48:07
www.starcbe.com/mail.php
Link | Homepage of potentially hijacked domain | WHOIS
URGENT 2015-09-24 10:10:39
brilliantlogic.com.au/waterside/administrator/index.php
Link | Homepage of potentially hijacked domain | WHOIS
mail 2015-09-13 03:44:02
www.dragonleisure.bt/cache/1.php
Link | Homepage of potentially hijacked domain | WHOIS
prise de contact 2015-09-05 14:29:31
iplekepcekulakameliyati.com/wp-content/themes/mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
UN Compensation Notice 2015-09-01 14:38:40
inboxmail.work/101.php
Link | Homepage of potentially hijacked domain | WHOIS
A PROPOSAL FOR YOU 0 2015-09-01 12:28:07
www.pensalab.com.br/inboxhmar.php
Link | Homepage of potentially hijacked domain | WHOIS
investment 2015-08-31 13:08:16
www.zindagitrust.org/ncpf.php
Link | Homepage of potentially hijacked domain | WHOIS
Lets Work Together 2015-08-24 04:29:31
www.abundanthope.net/talkitup/admincp/mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
impots gouv 2015-08-14 16:01:22
www.moldse.md/newsenderphp/Mailer-inbox.php
Link | Homepage of potentially hijacked domain | WHOIS
Loan office 2015-08-13 01:04:00
www.degustaemporio.com.br/segun1.php
Link | Homepage of potentially hijacked domain | WHOIS
Assistance Needed. 2015-07-24 21:42:01
cgtechnosoft.net/djewels/magmi/plugins/inc/magmi_datasource.php
Link | Homepage of potentially hijacked domain | WHOIS
Get Your Loans Today : 2015-07-18 02:47:08
binis.com.gr/wp-content/06.php
Link | Homepage of potentially hijacked domain | WHOIS
READ NOW! 2015-07-09 08:41:34
seleron.ro/mail.php
Link | Homepage of potentially hijacked domain | WHOIS
No subject 2015-06-28 22:47:17
www.tulioantunes.com.br/admin/assets/ckeditor/kcfinder/upload/files/sender.php
Link | Homepage of potentially hijacked domain | WHOIS
update your account.. 2015-06-25 13:36:43
esthetiquebelleetbien.com/wp-includes/pomo/mo.php
Link | Homepage of potentially hijacked domain | WHOIS
R?ponse Urgente : 2015-06-24 02:20:41
cortesdecima.com/wp-content/ads.php
Link | Homepage of potentially hijacked domain | WHOIS
*Online Trade Assurance-V 2015-06-22 16:19:17
nalandahmr.org/med.php
Link | Homepage of potentially hijacked domain | WHOIS
IN TRUST, LOVE TRUTH AND, 2015-06-17 06:05:59
www.hasgal.com.sv/mailer.php
Link | Homepage of potentially hijacked domain | WHOIS
FW: price amendment 2015-06-16 17:45:35
kurniacahyagroup.com/images/banners/shuta.php
Link | Homepage of potentially hijacked domain | WHOIS
Wells Fargo Bank Security 2015-06-13 14:07:01
www.z016.ruanacabelos.com.br/_01_formulario.php
Link | Homepage of potentially hijacked domain | WHOIS
site_profissional_com_pai 2015-06-12 19:44:51
www.lvbikeads.com/mailattach..php
Link | Homepage of potentially hijacked domain | WHOIS
Dearest Friend I need You 2015-06-11 14:01:25
shirtsbydesign.net/ for 69.16.250.36 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Message-Id: Date: Thu, 11 Jun 2015 04:40:59 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - host2.iwriter.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [502 501] / [47 12] X-AntiAbuse: Sender Address Domain - host2.iwriter.com X-Get-Message-Sender-Via: host2.iwriter.com: authenticated_id: linkmetr/only user confirmed/virtual account not confirmed X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/linkmetr/public_html/shirtsbydesign.net/wp-includes/fonts/fontd/fontss.php
Link | Homepage of potentially hijacked domain | WHOIS
[PayPal] :Update your acc 2015-06-11 09:41:05
www.majmamodiran.ir/modules/mod_feed/tmpl/PostMan.php
Link | Homepage of potentially hijacked domain | WHOIS
UNPAID FUND RECOVERED LET 2015-06-11 00:32:17
immo-hr.net/missiongp.com/wp-includes/images/smilies/ro.php
Link | Homepage of potentially hijacked domain | WHOIS
Dear customer 2015-06-09 12:27:54
virtualdigdev.com/ for 198.57.164.57 MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 From: Message-Id: Date: Sun, 07 Jun 2015 01:21:16 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - dig.digmarketing.org X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [694 32007] / [47 12] X-AntiAbuse: Sender Address Domain - dig.digmarketing.org X-Get-Message-Sender-Via: dig.digmarketing.org: authenticated_id: virtuald/only user confirmed/virtual account not confirmed X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/virtuald/public_html/mai.php
Link | Homepage of potentially hijacked domain | WHOIS
You have to contact him d 2015-06-07 07:21:26
www.rulmentipitesti.ro/images/brands/14/me/maxo.php
Link | Homepage of potentially hijacked domain | WHOIS
INFORMATION ABOUT YOUR FU 2015-06-06 22:32:29
www.gupapp.com/wp-content/uploads/339b71d925bd093df3fc0ed0ea0731cb.php
Link | Homepage of potentially hijacked domain | WHOIS
Compliments of The day 2015-06-04 12:29:12
escuchafuerte.net/wp-content/themes/twentythirteen/inc/compat.php
Link | Homepage of potentially hijacked domain | WHOIS
PayPal : Your account has 2015-06-03 01:36:16
masterpotolkov12.ru/wp-admin/hatty.php
Link | Homepage of potentially hijacked domain | WHOIS
Earthlink RDP Now In Stoc 2015-06-02 04:16:31
masterpotolkov12.ru/wp-admin/hatty.php
Link | Homepage of potentially hijacked domain | WHOIS
Earthlink RDP Now In Stoc 2015-06-02 03:52:43
masterpotolkov12.ru/wp-admin/hatty.php
Link | Homepage of potentially hijacked domain | WHOIS
Important: Regarding Your 2015-06-02 00:16:44
www.elfab.com/index.php
Link | Homepage of potentially hijacked domain | WHOIS
Barrister Phillip Adams h 2015-05-30 11:16:13
fremontrodentsociety.com/index.php
Link | Homepage of potentially hijacked domain | WHOIS
Раскру 2015-05-27 22:50:06
fremontrodentsociety.com/index.php
Link | Homepage of potentially hijacked domain | WHOIS
От 10 до 1000 2015-05-27 16:18:52
www.inspired-resources.com/formprocess.php
Link | Homepage of potentially hijacked domain | WHOIS
Send to a friend/colleagu 2015-05-24 23:24:11
wprinter.com.br/deeda.php
Link | Homepage of potentially hijacked domain | WHOIS
felixcramb@gmail.com 2015-05-18 04:50:52
www.premier-tg.com/wp-content/gallery/22.php
Link | Homepage of potentially hijacked domain | WHOIS
Last App Update 2015-05-16 18:20:31
www.stylemagazin.cz/images/stories/sent.php
Link | Homepage of potentially hijacked domain | WHOIS
(impots.Gouv) 2015-05-16 17:25:06
216.15.209.132/~glbtcolorado/wp-admin/find.php
Link | Homepage of potentially hijacked domain | WHOIS
Re: Bill of Lading and In 2015-05-14 11:05:57
www.inanyevent.ky/wp-includes/SimplePie/XML/Declaration/bless.php
Link | Homepage of potentially hijacked domain | WHOIS
New Login Feature Updated 2015-05-14 10:33:13
www.vermontswings.com/~vermonts/slideshows/files/De___Bros.php
Link | Homepage of potentially hijacked domain | WHOIS
Hello Baby! 2015-05-13 21:52:37
www.alhadithaoman.com/index.php
Link | Homepage of potentially hijacked domain | WHOIS
STRICTLY CONFIDENTIAL 2015-05-12 18:28:49
www.billyscrimsher.com/cgi2012/iknow.php
Link | Homepage of potentially hijacked domain | WHOIS
You have a DHL shipment 2015-05-12 07:44:11

Next