????

Your IP : 18.117.151.198


Current Path : /home/innovagencyco/mail/new/
Upload File :
Current File : /home/innovagencyco/mail/new/1729044686.M436584P1584471.imr70-cvps01.hostserv.co.za,S=8211,W=8372

Return-Path: <takedown-response+62456393@netcraft.com>
Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za
Received: from imr70-cvps01.hostserv.co.za
	by imr70-cvps01.hostserv.co.za with LMTP
	id AC/6F84gD2dXLRgA+LLMVA
	(envelope-from <takedown-response+62456393@netcraft.com>)
	for <innovagencyco@imr70-cvps01.hostserv.co.za>; Wed, 16 Oct 2024 04:11:26 +0200
Return-path: <takedown-response+62456393@netcraft.com>
Envelope-to: support@innovagency.co.za
Delivery-date: Wed, 16 Oct 2024 04:11:26 +0200
Received: from spamtitan-filter02.hostserv.co.za ([41.185.250.20]:12069)
	by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.97.1)
	(envelope-from <takedown-response+62456393@netcraft.com>)
	id 1t0tVW-00000006fY7-1fwk
	for support@innovagency.co.za;
	Wed, 16 Oct 2024 04:11:26 +0200
Received: from localhost (localhost [127.0.0.1])
	by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTP id 22B571570122
	for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:18 +0200 (SAST)
X-Quarantine-ID: <TaKgNa9c682v>
X-Virus-Scanned: by SpamTitan at hostserv.co.za
X-Spam-Flag: NO
X-Spam-Score: 1.71
X-Spam-Level: *
X-Spam-Status: No, score=1.71 tagged_above=-999 required=5
	tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1,
	DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
	DNSWL_DWL_MED=-0.2, KAM_SHORT=0.001, RCVD_IN_DNSWL_BLOCKED=0.001,
	RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
	RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8,
	ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled
Received: from spamtitan-filter02.hostserv.co.za (localhost [127.0.0.1])
	by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTP id D41E0156F2C0
	for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:13 +0200 (SAST)
Authentication-Results: spamtitan-filter02.hostserv.co.za;
        dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com
          header.i=@netcraft.com header.b=Ky9BQpWX header.a=rsa-sha256
          header.s=default202405-yu9bqteb95aqcfpg x-bits=2048;
        dmarc=pass policy.published-domain-policy=reject
          policy.applied-disposition=none policy.evaluated-disposition=none
          policy.policy-from=p header.from=netcraft.com;
        spf=pass smtp.mailfrom=takedown-response+62456393@netcraft.com
          smtp.helo=mail-1c.netcraft.com
Received-SPF: pass
        (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456393@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched))
        receiver=spamtitan-filter02.hostserv.co.za;
        identity=mailfrom;
        envelope-from="takedown-response+62456393@netcraft.com";
        helo=mail-1c.netcraft.com;
        client-ip=52.31.138.216
Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTPS id 0A9BB156F160
	for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:02 +0200 (SAST)
Received: from walleye.netcraft.com (unknown [10.9.0.81])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mail-1c.netcraft.com (Postfix) with ESMTPS id 0914E4FA8
	for <support@innovagency.co.za>; Wed, 16 Oct 2024 02:11:07 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com 0914E4FA8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
	s=default202405-yu9bqteb95aqcfpg; t=1729044667;
	bh=j4MffpkaKq8C//SihxbfKuISERFPOW4A9X9ilJ0NGo8=;
	h=Date:From:Subject:To:From;
	b=Ky9BQpWX7gfEAy69iYeMAhw8O34uPl5uiEXKAwsjJkEIH+tKAHdTD31J0v4WqDxAw
	 2+Viz6lSNu4p4sk8fi1eK6ansaOhbCa7Vfbwn748ldhprGqq25O3CntYfBSP01tEM4
	 24o9bNgKDDYe0noL2Dre/hVhsyi7yMGVLraV1ieZSy3tgNVy8wyedipJ7YrPWXsq9s
	 sc/orCvqMzaNUSrNRcTSyDs2ZcGKcQw+4IIh841Vn9owyHg9W12PnkQikpapQVRRIm
	 McPYq5XSOktk9ZjgYvtxNi5uRnYNi1GaCIUAcBR+k4px9HZ1fVr+7xa4viPxX0vfI7
	 NBwCh/H43C7HA==
Received: by walleye.netcraft.com (Postfix, from userid 507)
	id 03811130F; Wed, 16 Oct 2024 02:11:07 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_17290446662573915800"; report-type="feedback-report"
MIME-Version: 1.0
Date: Wed, 16 Oct 2024 02:11:06 +0000
From: Netcraft Takedown Service <takedown-response+62456393@netcraft.com>
Subject: Issue 62456393: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/apib1.anz.com.apinetbank.htm
To: support@innovagency.co.za
Message-Id: <0007270a90602e659c1fb92a52de6bc5@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)

This is a multi-part message in MIME format.

--_----------=_17290446662573915800
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Hello,

We have discovered a phishing attack on your network.

hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/apib1.anz.com.apinetbank.htm [41.185.64.77]
hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/loginInetANZ.php [41.185.64.77]
hxxps://www[.]isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77]

It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Australia
New Zealand

You may not have been aware of this attack, however, you are still responsible for removing it.

This attack targets our customer, ANZ Fiji, website URL http://www.anz.com/fiji/en/personal/.

Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.

Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.

More information about the detected issue is provided at https://incident.netcraft.com/995c9c437ff1/

Kind regards,

Netcraft

Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 62456393

To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.

This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_17290446662573915800
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Wed, 16 Oct 2024 02:11:06 +0000

Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_17290446662573915800
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Wed, 16 Oct 2024 02:11:06 +0000

eyJSZXBvcnQiOnsiUmVwb3J0ZXJDYXNlSUQiOiI2MjQ1NjM5MyIsIlJlcG9ydFR5cGUiOiJQaGlz
aGluZyIsIlNvdXJjZVVybCI6Imh0dHBzOi8vaXNvbnhwLmlubm92YWdlbmN5LmNvLnphL3dwLWFk
bWluL3gxL2FwaWIxLmFuei5jb20uYXBpbmV0YmFuay5odG0iLCJEYXRlIjoiMjAyNC0xMC0xNlQw
MTo1MzowM1oiLCJTb3VyY2VJcCI6IjQxLjE4NS42NC43NyIsIlJlcG9ydENsYXNzIjoiQ29udGVu
dCIsIlJlcG9ydGVyTm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vOTk1
YzljNDM3ZmYxLyBmb3IgbW9yZSBpbmZvcm1hdGlvbiJ9LCJWZXJzaW9uIjoiMSIsIkRpc2Nsb3N1
cmUiOnRydWUsIk9uQmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmdEb21haW4iOiJ3d3cuYW56LmNv
bSIsIkNvbXBsYWluYW50T3JnRW1haWwiOiJ0YWtlZG93bi1yZXNwb25zZSs2MjQ1NjM5M0BuZXRj
cmFmdC5jb20iLCJDb21wbGFpbmFudE9yZyI6IkFOWiBGaWppIn0sIlJlcG9ydGVySW5mbyI6eyJS
ZXBvcnRlck9yZ0RvbWFpbiI6Im5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtl
ZG93bi1yZXNwb25zZSs2MjQ1NjM5M0BuZXRjcmFmdC5jb20iLCJSZXBvcnRlck9yZyI6Ik5ldGNy
YWZ0In19

--_----------=_17290446662573915800--