shell bypass 403
UnknownSec Shell
:
/
home
/
innovagencyco
/
mail
/
new
/ [
drwxr-x--x
]
upload
mass deface
mass delete
console
info server
name :
1729748700.M409513P2736706.imr70-cvps01.hostserv.co.za,S=8118,W=8278
Return-Path: <takedown-response+62456447@netcraft.com> Delivered-To: innovagencyco@imr70-cvps01.hostserv.co.za Received: from imr70-cvps01.hostserv.co.za by imr70-cvps01.hostserv.co.za with LMTP id WNOHFdzeGWdCwikA+LLMVA (envelope-from <takedown-response+62456447@netcraft.com>) for <innovagencyco@imr70-cvps01.hostserv.co.za>; Thu, 24 Oct 2024 07:45:00 +0200 Return-path: <takedown-response+62456447@netcraft.com> Envelope-to: support@innovagency.co.za Delivery-date: Thu, 24 Oct 2024 07:45:00 +0200 Received: from spamtitan-filter08.hostserv.co.za ([41.185.250.80]:13870) by imr70-cvps01.hostserv.co.za with esmtp (Exim 4.98) (envelope-from <takedown-response+62456447@netcraft.com>) id 1t3qea-0000000BTx1-3PxY for support@innovagency.co.za; Thu, 24 Oct 2024 07:45:00 +0200 Received: from localhost (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id E5E2D17588B3 for <support@innovagency.co.za>; Thu, 24 Oct 2024 07:44:59 +0200 (SAST) X-Quarantine-ID: <5PPX5Ol2fMva> X-Virus-Scanned: by SpamTitan at hostserv.co.za X-Spam-Flag: NO X-Spam-Score: 1.709 X-Spam-Level: * X-Spam-Status: No, score=1.709 tagged_above=-999 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1, BOUNCE_MESSAGE=0.1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DNSWL_DWL_MED=-0.2, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SPFWL=-0.2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, ST_KGM_OBFUSCATE_1=0.4, ST_KGM_OBFUSCATE_2=0.8, ST_LONG_ENVELOPE_FROM=0.906, URIBL_BLOCKED=0.001] autolearn=disabled Received: from spamtitan-filter08.hostserv.co.za (localhost [127.0.0.1]) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTP id EC064175887C for <support@innovagency.co.za>; Thu, 24 Oct 2024 07:44:43 +0200 (SAST) Authentication-Results: spamtitan-filter08.hostserv.co.za; dkim=pass (2048-bit rsa key sha256) header.d=netcraft.com header.i=@netcraft.com header.b=Il7hISB0 header.a=rsa-sha256 header.s=default202405-yu9bqteb95aqcfpg x-bits=2048; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none policy.policy-from=p header.from=netcraft.com; spf=pass smtp.mailfrom=takedown-response+62456447@netcraft.com smtp.helo=mail-1c.netcraft.com Received-SPF: pass (netcraft.com: 52.31.138.216 is authorized to use 'takedown-response+62456447@netcraft.com' in 'mfrom' identity (mechanism 'ip4:52.31.138.216' matched)) receiver=spamtitan-filter08.hostserv.co.za; identity=mailfrom; envelope-from="takedown-response+62456447@netcraft.com"; helo=mail-1c.netcraft.com; client-ip=52.31.138.216 Received: from mail-1c.netcraft.com (mail-1c.netcraft.com [52.31.138.216]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by spamtitan-filter08.hostserv.co.za (Postfix) with ESMTPS id E6FAF1758871 for <support@innovagency.co.za>; Thu, 24 Oct 2024 07:44:42 +0200 (SAST) Received: from walleye.netcraft.com (unknown [10.9.0.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail-1c.netcraft.com (Postfix) with ESMTPS id 19A6E335B for <support@innovagency.co.za>; Thu, 24 Oct 2024 05:44:41 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail-1c.netcraft.com 19A6E335B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com; s=default202405-yu9bqteb95aqcfpg; t=1729748681; bh=yYATvkezLePyfFJUprWyS1Wh4XUDl96fiCkymmOtWOI=; h=Date:From:Subject:To:From; b=Il7hISB0o6nKXYdXfXSKtFpDNtELkYOnnUu40FBtxOEnVanVhJBGIjJ4CMQjcxXTR A/7HXcmKXL2E0PX2K9Y8M/0k4tzFWgHL+7p3Ck1XmEt6xgEJhoUt9xJFR2BcM/MHpH Lr1+IA/YudhNwgJahKxSQniHmjDQhOUCQFGN3k2lDhHApwEP1RhyWCuueJnJgKXrAl FpdLxInLnDMISDWQBNwRY+NnHwb8MHX+/7XfOU+UvCOFMop+OwQApSsq55jQoOOrlB mt5i6nxuRkXqY0dsIubrlgZhCkX5katzSmOLqXOtAxUhEaFIDZPyCH/We4In5SM1OF G9h/sQXtG//yg== Received: by walleye.netcraft.com (Postfix, from userid 507) id 15D0E10EE; Thu, 24 Oct 2024 05:44:41 +0000 (UTC) Content-Transfer-Encoding: 8bit Content-Type: multipart/report; boundary="_----------=_172974868126136341121"; report-type="feedback-report" MIME-Version: 1.0 Date: Thu, 24 Oct 2024 05:44:41 +0000 From: Netcraft Takedown Service <takedown-response+62456447@netcraft.com> Subject: Issue 62456447: Phishing attack at hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html To: support@innovagency.co.za Message-Id: <04c70af3eee8a88268a47dd8466b5153@takedown.netcraft.com> X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) This is a multi-part message in MIME format. --_----------=_172974868126136341121 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Hello, We have discovered a phishing attack on your network. hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html [41.185.64.77] Although we have previously contacted you about this attack, we are contacting you again because it has recently reappeared. It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries: Australia We previously contacted you about this issue on 2024-10-23 22:09:18 (UTC). Since our last notification, the following additional URL(s) have been detected: hxxps://isonxp.innovagency.co[.]za/wp-admin/x1/questions.html You may not have been aware of this attack, however, you are still responsible for removing it. Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible. More information about the detected issue is provided at https://incident.netcraft.com/373c101fd6aa/ Kind regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 62456659 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_172974868126136341121 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:41 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_172974868126136341121 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Thu, 24 Oct 2024 05:44:41 +0000 eyJWZXJzaW9uIjoiMSIsIk9uQmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmciOiJBTlogQXVzdHJh bGlhIiwiQ29tcGxhaW5hbnRPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNlKzYyNDU2NDQ3QG5l dGNyYWZ0LmNvbSIsIkNvbXBsYWluYW50T3JnRG9tYWluIjoid3d3LmFuei5jb20uYXUifSwiUmVw b3J0Ijp7IlJlcG9ydGVyTm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20v MzczYzEwMWZkNmFhLyBmb3IgbW9yZSBpbmZvcm1hdGlvbiIsIkZpcnN0U2VlbiI6IjIwMjQtMTAt MTZUMDI6MDI6NDNaIiwiU291cmNlSXAiOiI0MS4xODUuNjQuNzciLCJEYXRlIjoiMjAyNC0xMC0y NFQwNTo0MzowNloiLCJSZXBvcnRDbGFzcyI6IkNvbnRlbnQiLCJTb3VyY2VVcmwiOiJodHRwczov L2lzb254cC5pbm5vdmFnZW5jeS5jby56YS93cC1hZG1pbi94MS9xdWVzdGlvbnMuaHRtbCIsIlJl cG9ydFR5cGUiOiJQaGlzaGluZyIsIlJlcG9ydGVyQ2FzZUlEIjoiNjI0NTY2NTkifSwiRGlzY2xv c3VyZSI6dHJ1ZSwiUmVwb3J0ZXJJbmZvIjp7IlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtlZG93bi1y ZXNwb25zZSs2MjQ1NjQ0N0BuZXRjcmFmdC5jb20iLCJSZXBvcnRlck9yZyI6Ik5ldGNyYWZ0Iiwi UmVwb3J0ZXJPcmdEb21haW4iOiJuZXRjcmFmdC5jb20ifX0= --_----------=_172974868126136341121--
© 2024 UnknownSec