Jump to content

[HH#265481] [PL-763562] Phishing attack(s) hosted on: backspac.heliohost.org

HelioHost

By HelioHost
in Email Support

 Share

Recommended Posts

HelioHost Grand Master

HelioHost

Posted
Posted

Username: N/A, Server: N/A, Main Domain: N/A

 

During an investigation of fraud, we discovered a compromised website (back=

spac.heliohost.org) that is being used to attack our client and their custo=

mers.

 

In addition to the website owner, we have addressed this report to the resp=

onsible authoritative providers who have the ability to disable the malicio=

us content in question. Based on your relationship to the content in questi=

on, please see our specific request below.

 

This threat has been active for at least 1.7 hours.

 

hXXp://backspac.heliohost.org/security.intuit.com/c1_login.html

hXXp://backspac.heliohost.org/security.intuit.com/account-manager.html

 

First detection of malicious activity: 04-25-2018 18:31:48 UTC

Most recent observation of malicious activity: 04-25-2018 20:11:20 UTC

Associated IP Addresses:

64.62.211.131

 

=3D=3D=3D HOSTING PROVIDER =3D=3D=3D

If you agree that this is malicious, we kindly request that you take steps =

to have the content removed as soon as possible. It is highly likely that =

the intruder who set up this phishing content has also left additional frau=

dulent material on this server such as illegitimate access points.

 

=3D=3D=3D WEBSITE OWNER =3D=3D=3D

We recommend taking the following actions to secure the web site and preven=

t the attackers from returning:

- Update your web applications including CMS, blog, ecommerce, and othe=

r applications (and all add-on modules/components/plugins).

- Search all of your web directories for suspicious files as attackers =

commonly leave backdoors.

- Scan the computer from which you login to your web hosting control pa=

nel or ftp server with anti-virus software.

- Change your web hosting provider if this is an ongoing issue.

 

If your provider has disabled your account because of this incident, you mu=

st coordinate a resolution with them directly as PhishLabs has no control o=

ver this aspect.

 

If we have contacted you in error, or if there is a better way for us to re=

port this incident, please let us know so that we may continue our investig=

ation.

 

We are grateful for your assistance.

 

Kind regards,

Tamir B

PhishLabs Security Operations

12023866001

Available 24/7

 

[PL-763562]

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...