????
Current Path : /home/innovagencyco/mail/new/ |
Current File : /home/innovagencyco/mail/new/1729748698.M241819P2736706.imr70-cvps01.hostserv.co.za,S=8132,W=8292 |
Return-Path: <takedown-response+62456447@netcraft.com> Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za Received: from imr70-cvps01.hostserv.co.za by imr70-cvps01.hostserv.co.za with LMTP id eLYxDtreGWdCwikA+LLMVA (envelope-from <takedown-response+62456447@netcraft.com>) for <innovagencyco@imr70-cvps01.hostserv.co.za>; Thu, 24 Oct 2024 07:44:58 +0200 Return-path: <takedown-response+62456447@netcraft.com> Envelope-to: webmaster@innovagency.co.za Delivery-date: Thu, 24 Oct 2024 07:44:58 +0200 Received: from spamtitan-filter08.hostserv.co.za ([41.185.250.80]:13803) by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.98) (envelope-from <takedown-response+62456447@netcraft.com>) id 1t3qeY-0000000BTwh-2fPk for webmaster@innovagency.co.za; Thu, 24 Oct 2024 07:44:58 +0200 Received: from localhost (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id C7D2F17588AB for <webmaster@innovagency.co.za>; Thu, 24 Oct 2024 07:44:57 +0200 (SAST) X-Quarantine-ID: <xIS2mG5D-eo3> X-Virus-Scanned: by SpamTitan at hostserv.co.za X-Spam-Flag: NO X-Spam-Score: 1.709 X-Spam-Level: * X-Spam-Status: No, score=1.709 tagged_above=-999 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DNSWL_DWL_MED=-0.2, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8, ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled Received: from spamtitan-filter08.hostserv.co.za (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id EE14D1758871 for <webmaster@innovagency.co.za>; Thu, 24 Oct 2024 07:44:43 +0200 (SAST) Authentication-Results: spamtitan-filter08.hostserv.co.za; dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com header.i=@netcraft.com header.b=N1GAYQLp header.a=rsa-sha256 header.s=default202405-yu9bqteb95aqcfpg x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none policy.policy-from=p header.from=netcraft.com; spf=pass smtp.mailfrom=takedown-response+62456447@netcraft.com smtp.helo=mail-1c.netcraft.com Received-SPF: pass (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456447@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched)) receiver=spamtitan-filter08.hostserv.co.za; identity=mailfrom; envelope-from="takedown-response+62456447@netcraft.com"; helo=mail-1c.netcraft.com; client-ip=52.31.138.216 Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTPS id 119B81758872 for <webmaster@innovagency.co.za>; Thu, 24 Oct 2024 07:44:43 +0200 (SAST) Received: from walleye.netcraft.com (unknown [10.9.0.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-1c.netcraft.com (Postfix) with ESMTPS id 9DF90460C for <webmaster@innovagency.co.za>; Thu, 24 Oct 2024 05:44:41 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com 9DF90460C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com; s=default202405-yu9bqteb95aqcfpg; t=1729748681; bh=s0a6KSe7DnIaJqGqaz1FSwNJcNzUYRz8mng26EeNEpU=; h=Date:From:Subject:To:From; b=N1GAYQLpem9FeI9lQaqT3Z/3iSqYYnh9i+apgV+swCi0Qsf7iaN0qByMt7ETPrcjK ToVGhIoP7IG9WU++0nQHs1PTmOe58e7ooz7gkS7Us2cPv3827K+StQg4NNj7mBGMuK e4Y46f/C7BRqJjS0fphsJga8KF2U2C+f2fGCImgbpEFPe0p0CkJ3DfKSlyMGqJXYO7 IPbvuX5iCmlpKtuY5wrWmEjLSqn8W5iyBnffdgrhTWlMZKS1F+EngnG5YvW1DHTP1w +7QCoX81tVVQd7o/acXWBK/0s2QEbLZ7CsiEypyU15g9uRUGSNZLuxS+LdPXb8c2sg LnzR+mAMzDO+w== Received: by walleye.netcraft.com (Postfix, from userid 507) id 9A05A10EE; Thu, 24 Oct 2024 05:44:41 +0000 (UTC) Content-Transfer-Encoding: 8bit Content-Type: multipart/report; boundary="_----------=_172974868126136341122"; report-type="feedback-report" MIME-Version: 1.0 Date: Thu, 24 Oct 2024 05:44:41 +0000 From: Netcraft Takedown Service <takedown-response+62456447@netcraft.com> Subject: Issue 62456447: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html To: webmaster@innovagency.co.za Message-Id: <63e43be2c3c005efe3e64fbe0cc2c062@takedown.netcraft.com> X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) This is a multi-part message in MIME format. --_----------=_172974868126136341122 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Hello, We have discovered a phishing attack on your network. hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77] Although we have previously contacted you about this attack, we are contacting you again because it has recently reappeared. It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries: Australia We previously contacted you about this issue on 2024-10-23 22:09:17 (UTC). Since our last notification, the following additional URL(s) have been detected: hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html You may not have been aware of this attack, however, you are still responsible for removing it. Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible. More information about the detected issue is provided at https://incident.netcraft.com/373c101fd6aa/ Kind regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 62456659 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_172974868126136341122 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:41 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_172974868126136341122 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:41 +0000 eyJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmciOiJOZXRjcmFmdCIsIlJlcG9ydGVyT3JnRG9t YWluIjoibmV0Y3JhZnQuY29tIiwiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNl KzYyNDU2NDQ3QG5ldGNyYWZ0LmNvbSJ9LCJEaXNjbG9zdXJlIjp0cnVlLCJSZXBvcnQiOnsiRGF0 ZSI6IjIwMjQtMTAtMjRUMDU6NDM6MDZaIiwiU291cmNlSXAiOiI0MS4xODUuNjQuNzciLCJTb3Vy Y2VVcmwiOiJodHRwczovL2lzb254cC5pbm5vdmFnZW5jeS5jby56YS93cC1hZG1pbi94MS9xdWVz dGlvbnMuaHRtbCIsIlJlcG9ydENsYXNzIjoiQ29udGVudCIsIlJlcG9ydGVyTm90ZXMiOiJTZWUg aHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vMzczYzEwMWZkNmFhLyBmb3IgbW9yZSBpbmZv cm1hdGlvbiIsIkZpcnN0U2VlbiI6IjIwMjQtMTAtMTZUMDI6MDI6NDNaIiwiUmVwb3J0VHlwZSI6 IlBoaXNoaW5nIiwiUmVwb3J0ZXJDYXNlSUQiOiI2MjQ1NjY1OSJ9LCJWZXJzaW9uIjoiMSIsIk9u QmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmciOiJBTlogQXVzdHJhbGlhIiwiQ29tcGxhaW5hbnRP cmdEb21haW4iOiJ3d3cuYW56LmNvbS5hdSIsIkNvbXBsYWluYW50T3JnRW1haWwiOiJ0YWtlZG93 bi1yZXNwb25zZSs2MjQ1NjQ0N0BuZXRjcmFmdC5jb20ifX0= --_----------=_172974868126136341122--