shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
mail
/
new
/ [
drwxr-x--x
]
upload
mass deface
mass delete
console
info server
name :
1729044686.M436584P1584471.imr70-cvps01.hostserv.co.za,S=8211,W=8372
Return-Path: <takedown-response+62456393@netcraft.com> Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za Received: from imr70-cvps01.hostserv.co.za by imr70-cvps01.hostserv.co.za with LMTP id AC/6F84gD2dXLRgA+LLMVA (envelope-from <takedown-response+62456393@netcraft.com>) for <innovagencyco@imr70-cvps01.hostserv.co.za>; Wed, 16 Oct 2024 04:11:26 +0200 Return-path: <takedown-response+62456393@netcraft.com> Envelope-to: support@innovagency.co.za Delivery-date: Wed, 16 Oct 2024 04:11:26 +0200 Received: from spamtitan-filter02.hostserv.co.za ([41.185.250.20]:12069) by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.97.1) (envelope-from <takedown-response+62456393@netcraft.com>) id 1t0tVW-00000006fY7-1fwk for support@innovagency.co.za; Wed, 16 Oct 2024 04:11:26 +0200 Received: from localhost (localhost [127.0.0.1]) by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTP id 22B571570122 for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:18 +0200 (SAST) X-Quarantine-ID: <TaKgNa9c682v> X-Virus-Scanned: by SpamTitan at hostserv.co.za X-Spam-Flag: NO X-Spam-Score: 1.71 X-Spam-Level: * X-Spam-Status: No, score=1.71 tagged_above=-999 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DNSWL_DWL_MED=-0.2, KAM_SHORT=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8, ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled Received: from spamtitan-filter02.hostserv.co.za (localhost [127.0.0.1]) by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTP id D41E0156F2C0 for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:13 +0200 (SAST) Authentication-Results: spamtitan-filter02.hostserv.co.za; dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com header.i=@netcraft.com header.b=Ky9BQpWX header.a=rsa-sha256 header.s=default202405-yu9bqteb95aqcfpg x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none policy.policy-from=p header.from=netcraft.com; spf=pass smtp.mailfrom=takedown-response+62456393@netcraft.com smtp.helo=mail-1c.netcraft.com Received-SPF: pass (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456393@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched)) receiver=spamtitan-filter02.hostserv.co.za; identity=mailfrom; envelope-from="takedown-response+62456393@netcraft.com"; helo=mail-1c.netcraft.com; client-ip=52.31.138.216 Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by spamtitan-filter02.hostserv.co.za (Postfix) with ESMTPS id 0A9BB156F160 for <support@innovagency.co.za>; Wed, 16 Oct 2024 04:23:02 +0200 (SAST) Received: from walleye.netcraft.com (unknown [10.9.0.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-1c.netcraft.com (Postfix) with ESMTPS id 0914E4FA8 for <support@innovagency.co.za>; Wed, 16 Oct 2024 02:11:07 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com 0914E4FA8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com; s=default202405-yu9bqteb95aqcfpg; t=1729044667; bh=j4MffpkaKq8C//SihxbfKuISERFPOW4A9X9ilJ0NGo8=; h=Date:From:Subject:To:From; b=Ky9BQpWX7gfEAy69iYeMAhw8O34uPl5uiEXKAwsjJkEIH+tKAHdTD31J0v4WqDxAw 2+Viz6lSNu4p4sk8fi1eK6ansaOhbCa7Vfbwn748ldhprGqq25O3CntYfBSP01tEM4 24o9bNgKDDYe0noL2Dre/hVhsyi7yMGVLraV1ieZSy3tgNVy8wyedipJ7YrPWXsq9s sc/orCvqMzaNUSrNRcTSyDs2ZcGKcQw+4IIh841Vn9owyHg9W12PnkQikpapQVRRIm McPYq5XSOktk9ZjgYvtxNi5uRnYNi1GaCIUAcBR+k4px9HZ1fVr+7xa4viPxX0vfI7 NBwCh/H43C7HA== Received: by walleye.netcraft.com (Postfix, from userid 507) id 03811130F; Wed, 16 Oct 2024 02:11:07 +0000 (UTC) Content-Transfer-Encoding: 8bit Content-Type: multipart/report; boundary="_----------=_17290446662573915800"; report-type="feedback-report" MIME-Version: 1.0 Date: Wed, 16 Oct 2024 02:11:06 +0000 From: Netcraft Takedown Service <takedown-response+62456393@netcraft.com> Subject: Issue 62456393: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/apib1.anz.com.apinetbank.htm To: support@innovagency.co.za Message-Id: <0007270a90602e659c1fb92a52de6bc5@takedown.netcraft.com> X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) This is a multi-part message in MIME format. --_----------=_17290446662573915800 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Hello, We have discovered a phishing attack on your network. hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/apib1.anz.com.apinetbank.htm [41.185.64.77] hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/loginInetANZ.php [41.185.64.77] hxxps://www[.]isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77] It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries: Australia New Zealand You may not have been aware of this attack, however, you are still responsible for removing it. This attack targets our customer, ANZ Fiji, website URL http://www.anz.com/fiji/en/personal/. Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible. Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline. More information about the detected issue is provided at https://incident.netcraft.com/995c9c437ff1/ Kind regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 62456393 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_17290446662573915800 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Wed, 16 Oct 2024 02:11:06 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_17290446662573915800 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Wed, 16 Oct 2024 02:11:06 +0000 eyJSZXBvcnQiOnsiUmVwb3J0ZXJDYXNlSUQiOiI2MjQ1NjM5MyIsIlJlcG9ydFR5cGUiOiJQaGlz aGluZyIsIlNvdXJjZVVybCI6Imh0dHBzOi8vaXNvbnhwLmlubm92YWdlbmN5LmNvLnphL3dwLWFk bWluL3gxL2FwaWIxLmFuei5jb20uYXBpbmV0YmFuay5odG0iLCJEYXRlIjoiMjAyNC0xMC0xNlQw MTo1MzowM1oiLCJTb3VyY2VJcCI6IjQxLjE4NS42NC43NyIsIlJlcG9ydENsYXNzIjoiQ29udGVu dCIsIlJlcG9ydGVyTm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vOTk1 YzljNDM3ZmYxLyBmb3IgbW9yZSBpbmZvcm1hdGlvbiJ9LCJWZXJzaW9uIjoiMSIsIkRpc2Nsb3N1 cmUiOnRydWUsIk9uQmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmdEb21haW4iOiJ3d3cuYW56LmNv bSIsIkNvbXBsYWluYW50T3JnRW1haWwiOiJ0YWtlZG93bi1yZXNwb25zZSs2MjQ1NjM5M0BuZXRj cmFmdC5jb20iLCJDb21wbGFpbmFudE9yZyI6IkFOWiBGaWppIn0sIlJlcG9ydGVySW5mbyI6eyJS ZXBvcnRlck9yZ0RvbWFpbiI6Im5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtl ZG93bi1yZXNwb25zZSs2MjQ1NjM5M0BuZXRjcmFmdC5jb20iLCJSZXBvcnRlck9yZyI6Ik5ldGNy YWZ0In19 --_----------=_17290446662573915800--
© 2024 UnknownSec