shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
mail
/
new
/ [
drwxr-x--x
]
upload
mass deface
mass delete
console
info server
name :
1729721365.M312635P2019913.imr70-cvps01.hostserv.co.za,S=7762,W=7916
Return-Path: <takedown-response+62456447@netcraft.com> Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za Received: from imr70-cvps01.hostserv.co.za by imr70-cvps01.hostserv.co.za with LMTP id QCNSDhV0GWdJ0h4A+LLMVA (envelope-from <takedown-response+62456447@netcraft.com>) for <innovagencyco@imr70-cvps01.hostserv.co.za>; Thu, 24 Oct 2024 00:09:25 +0200 Return-path: <takedown-response+62456447@netcraft.com> Envelope-to: support@innovagency.co.za Delivery-date: Thu, 24 Oct 2024 00:09:25 +0200 Received: from spamtitan-filter07.hostserv.co.za ([41.185.250.70]:59170) by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.98) (envelope-from <takedown-response+62456447@netcraft.com>) id 1t3jXh-00000008Tde-3Bce for support@innovagency.co.za; Thu, 24 Oct 2024 00:09:25 +0200 Received: from localhost (localhost [127.0.0.1]) by spamtitan-filter07.hostserv.co.za (Postfix) with ESMTP id 8716029F1694 for <support@innovagency.co.za>; Thu, 24 Oct 2024 00:02:38 +0200 (SAST) X-Quarantine-ID: <ZCnm-VJ_yiLX> X-Virus-Scanned: by SpamTitan at hostserv.co.za X-Spam-Flag: NO X-Spam-Score: 1.709 X-Spam-Level: * X-Spam-Status: No, score=1.709 tagged_above=-999 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DNSWL_DWL_MED=-0.2, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8, ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled Received: from spamtitan-filter07.hostserv.co.za (localhost [127.0.0.1]) by spamtitan-filter07.hostserv.co.za (Postfix) with ESMTP id 2DD6729F162E for <support@innovagency.co.za>; Thu, 24 Oct 2024 00:02:34 +0200 (SAST) Authentication-Results: spamtitan-filter07.hostserv.co.za; dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com header.i=@netcraft.com header.b=wu7Ogj2/ header.a=rsa-sha256 header.s=default202405-yu9bqteb95aqcfpg x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none policy.policy-from=p header.from=netcraft.com; spf=pass smtp.mailfrom=takedown-response+62456447@netcraft.com smtp.helo=mail-1c.netcraft.com Received-SPF: pass (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456447@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched)) receiver=spamtitan-filter07.hostserv.co.za; identity=mailfrom; envelope-from="takedown-response+62456447@netcraft.com"; helo=mail-1c.netcraft.com; client-ip=52.31.138.216 Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by spamtitan-filter07.hostserv.co.za (Postfix) with ESMTPS id ED51729F160A for <support@innovagency.co.za>; Thu, 24 Oct 2024 00:02:33 +0200 (SAST) Received: from walleye.netcraft.com (unknown [10.9.0.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-1c.netcraft.com (Postfix) with ESMTPS id 6C102454A for <support@innovagency.co.za>; Wed, 23 Oct 2024 22:09:18 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com 6C102454A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com; s=default202405-yu9bqteb95aqcfpg; t=1729721358; bh=t8AXEFY8iW/qIhE7UmftT25bHosDVnBV8CkyHHHSnXA=; h=Date:From:Subject:To:From; b=wu7Ogj2/axyBX+bn/arkgdKMufbV+NJyT77d2wJ3fsWYoH47y7OgqmnYLTKO/jt6p HUwOF6HoXpjkKvHXR6LcKQi5CW9UVOExVFVLDskVypmdfC7+Wt4+OygU1AJn1WLSHK lLGxGVe8xGgzPDw/LKvEbIuEkl9hdzx3dcISgFMGkAcfKx/+SD9evqrZ4gWtMCzAi1 tSO7ZKePaO1CfDLnZO/EbL6wojqrMKaQxDkS+QDJMyDZwN6YO6vCi48I8W/YbmBV5p 4v6YvixHAWj6BGf1y2ELu81V2e/E8gcbJ+FpGef8qa1CYONxYKdVb2uZHUj7d9p59E GcLvjMm+9WL8A== Received: by walleye.netcraft.com (Postfix, from userid 507) id 5D732B67; Wed, 23 Oct 2024 22:09:18 +0000 (UTC) Content-Transfer-Encoding: 8bit Content-Type: multipart/report; boundary="_----------=_17297213582613634699"; report-type="feedback-report" MIME-Version: 1.0 Date: Wed, 23 Oct 2024 22:09:18 +0000 From: Netcraft Takedown Service <takedown-response+62456447@netcraft.com> Subject: Issue 62456447: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html To: support@innovagency.co.za Message-Id: <dc55c832e2fa14f02e109e327de09399@takedown.netcraft.com> X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) This is a multi-part message in MIME format. --_----------=_17297213582613634699 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Hello, We have discovered a phishing attack on your network. hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77] It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries: Australia You may not have been aware of this attack, however, you are still responsible for removing it. Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible. More information about the detected issue is provided at https://incident.netcraft.com/373c101fd6aa/ Kind regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 62456659 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_17297213582613634699 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Wed, 23 Oct 2024 22:09:18 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_17297213582613634699 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Wed, 23 Oct 2024 22:09:18 +0000 eyJPbkJlaGFsZk9mIjp7IkNvbXBsYWluYW50T3JnRW1haWwiOiJ0YWtlZG93bi1yZXNwb25zZSs2 MjQ1NjQ0N0BuZXRjcmFmdC5jb20iLCJDb21wbGFpbmFudE9yZ0RvbWFpbiI6Ind3dy5hbnouY29t LmF1IiwiQ29tcGxhaW5hbnRPcmciOiJBTlogQXVzdHJhbGlhIn0sIlZlcnNpb24iOiIxIiwiRGlz Y2xvc3VyZSI6dHJ1ZSwiUmVwb3J0Ijp7IlJlcG9ydGVyQ2FzZUlEIjoiNjI0NTY2NTkiLCJSZXBv cnRUeXBlIjoiUGhpc2hpbmciLCJEYXRlIjoiMjAyNC0xMC0yM1QwMzozMDozNFoiLCJTb3VyY2VJ cCI6IjQxLjE4NS42NC43NyIsIlJlcG9ydENsYXNzIjoiQ29udGVudCIsIlNvdXJjZVVybCI6Imh0 dHBzOi8vaXNvbnhwLmlubm92YWdlbmN5LmNvLnphL3dwLWFkbWluL3gxL3F1ZXN0aW9ucy5odG1s IiwiUmVwb3J0ZXJOb3RlcyI6IlNlZSBodHRwczovL2luY2lkZW50Lm5ldGNyYWZ0LmNvbS8zNzNj MTAxZmQ2YWEvIGZvciBtb3JlIGluZm9ybWF0aW9uIiwiRmlyc3RTZWVuIjoiMjAyNC0xMC0xNlQw MjowMjo0M1oifSwiUmVwb3J0ZXJJbmZvIjp7IlJlcG9ydGVyT3JnIjoiTmV0Y3JhZnQiLCJSZXBv cnRlck9yZ0RvbWFpbiI6Im5ldGNyYWZ0LmNvbSIsIlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtlZG93 bi1yZXNwb25zZSs2MjQ1NjQ0N0BuZXRjcmFmdC5jb20ifX0= --_----------=_17297213582613634699--
© 2024 UnknownSec