Jump to content

[HH#420946] [PL-898322] Phishing attack(s) hosted on: apple-verificationaccount2018.arturalb.heliohost.org

HelioHost

By HelioHost
in Email Support

 Share

Recommended Posts

HelioHost Grand Master

HelioHost

Posted
Posted

Username: N/A, Server: N/A, Main Domain: N/A

 

During an investigation of fraud, we discovered a compromised website (appl=

e-verificationaccount2018.arturalb.heliohost.org) that is being used to att=

ack our client and their customers.

 

In addition to the website owner, we have addressed this report to the resp=

onsible authoritative providers who have the ability to disable the malicio=

us content in question. Based on your relationship to the content in questi=

on, please see our specific request below.

 

This threat has been active for at least 0.0 hours.

 

hXXp://apple-verificationaccount2018.arturalb.heliohost.org/home/?id=3Dlogi=

n&key=3D29b58f42b21a26a8c20ee00e157432aa&login=3D&path=3D%2Fsignin%2F%3Fref=

errer

 

First detection of malicious activity: 09-10-2018 10:21:54 UTC

Most recent observation of malicious activity: 09-10-2018 10:24:25 UTC

Associated IP Addresses:

65.19.143.6

 

=3D=3D=3D HOSTING PROVIDER =3D=3D=3D

If you agree that this is malicious, we kindly request that you take steps =

to have the content removed as soon as possible. It is highly likely that =

the intruder who set up this phishing content has also left additional frau=

dulent material on this server such as illegitimate access points.

 

=3D=3D=3D WEBSITE OWNER =3D=3D=3D

We recommend taking the following actions to secure the web site and preven=

t the attackers from returning:

- Update your web applications including CMS, blog, ecommerce, and othe=

r applications (and all add-on modules/components/plugins).

- Search all of your web directories for suspicious files as attackers =

commonly leave backdoors.

- Scan the computer from which you login to your web hosting control pa=

nel or ftp server with anti-virus software.

- Change your web hosting provider if this is an ongoing issue.

 

If your provider has disabled your account because of this incident, you mu=

st coordinate a resolution with them directly as PhishLabs has no control o=

ver this aspect.

 

If we have contacted you in error, or if there is a better way for us to re=

port this incident, please let us know so that we may continue our investig=

ation.

 

We are grateful for your assistance.

 

Kind regards,

Shashank Gupta

PhishLabs Security Operations

12023866001

Available 24/7

 

[PL-898322]

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...