[Solved] Suspended micoexel

[micoexel]

micoexel

 

Johnny server

 

micoexel.heliohost.org

 

[wolstech]

That account is suspended for Phishing.

HelioHost does not tolerate phishing activity of any kind, and for security reasons will not unsuspend, back up, or delete an account that was involved in phishing. Because this was intentional phishing, you are no longer welcome to utilize our services and we ask that you find another web host. We apologize for any inconvenience and would like to thank you for interest in HelioHost.

[micoexel]

Why would you say such to me , what do you mean by phishing ?????  there is nothing like that .

[wolstech]

Um...that's Chase bank phishing, Office 365 phishing, and something else in that zip file that I didn't bother to inspect.

root@johnny [~]# cd /home/micoexel/www
root@johnny [/home/micoexel/www]# ls -R
.:
Best Scama Bank Chase Full Info.zip  chase          microsoftexcelverification
cgi-bin                              ducuhakwe.zip

./cgi-bin:

./chase:
home  index.php  rezlt.txt  uploads

./chase/home:
antibots.php  css        index.php               verification-finished.php
blocker.php   css2       res                     verification-id.php
bt.php        email.php  robots.txt              verification-info.php
chase.png     error_log  verification-email.php  verification.php

./chase/home/css:
112.png                          favicon.ico
alert.png                        jquery-3.1.0.min.js
background.desktop.night.4.jpeg  jquery.fileuploader-theme-thumbnails.css
background.desktop.night.7.jpeg  jquery.maskedinput.js
background_image.png             js
background.mobile.night.4.jpeg   logon.css
background.mobile.night.7.jpeg   main.css
background.tablet.night.7.jpeg   new-bg.png
blue-ui.css                      next-bg.png
builderstyle.css                 opensans-regular.eot
Capture.PNG                      opensans-regular.woff
chasefavicon.ico                 opensans-semibold.woff
chase-touch-icon-120x120.png     php
chase-touch-icon-152x152.png     sample-photo-id-card.svg
chase-touch-icon-76x76.png       sample-selfie-card.svg
chase-touch-icon.png             src
css                              warning.png
css.css

./chase/home/css/css:
background.desktop.night.7.jpeg  jquery.fileuploader-theme-thumbnails.css
css.css

./chase/home/css/js:
custom.js  jquery-3.1.1.min.js

./chase/home/css/php:
form_upload.php  upload_file.php  upload_remove.php

./chase/home/css/src:
class.fileuploader.php   jquery.fileuploader.js
jquery.fileuploader.css  jquery.fileuploader.min.js

./chase/home/css2:
background.mobile.night.4.jpeg  jquery.maskedinput.js
background.mobile.night.7.jpeg  opensans-regular.eot
blue-ui.css                     opensans-regular.woff
chasefavicon.ico                opensans-semibold.ttf
chase-touch-icon-120x120.png    videoplayer.eot
chase-touch-icon-152x152.png    videoplayer.ttf
chase-touch-icon-76x76.png      videoplayer.woff
chase-touch-icon.png

./chase/home/res:
post1.php  post3.php  post4.php  post5.php  system.php  view-success.php

./chase/uploads:
1 gsTafzc-lQ261udNR81msA.jpeg

./microsoftexcelverification:
images  index.php  login.php  New Folder  phone.php  post.php  verification.php

./microsoftexcelverification/images:
favicon.ico  m1.png  m2.png  m3.png  m4.png  m5.png  m6.png

./microsoftexcelverification/New Folder:
root@johnny [/home/micoexel/www]#

[micoexel]

AM  not the one who did this ..... please check the IP .... i gave a friend my login info and told him to help me host my website .... I now see why i could not log in on my cpanel ... I have no idea about this phishing

[micoexel]

I didn't know he was gonna do something like this shit !!!

[wolstech]

Your IP address of registration as well the one your posting from are both showing as belonging to M247 Ltd, a Los Angeles-based company known to supply VPNs/proxies so I can't tell where you are. The forum and hosting registration IPs don't match but are both from the same Proxy/VPN service.

 

Also, I do find it odd that:

A. You registered using a VPN or proxy, which in most cases only happens when phishing is planned in advance. We do have a few legitimate accounts like this, but they're hosting legitimate blogs and such.

B. The phishing is oddly related to the account's username.

C. You used the same excuse that nearly every phisher we've dealt with has used ("friend did it").

D. The last login IP in cPanel is from the same proxy/VPN service, suggesting that no "friend" ever signed in.

E. Your email address is from a known abuse domain that also contains no meaningful content.

 

The odds that they'd use the exact same VPN used to create the account to sign into a friend's hosting account and upload oddly-specific phishing just doesn't happen. Can you explain?

 

I'll let Krydos make the final call on this, but I suspect he'll stand behind me when we say you intentionally phished.

[micoexel]

This was NEVER my intention... I DIDN'T do this !!!!

[wolstech]

I'm going to let one of our other root admins Krydos decide on this. Your best case scenario would be a new account with a new domain (we don't unsuspend phishing or let you reuse domains that hosted phishing content).

 

In the meantime, can you explain the above 5 points A - E from my last post? He'll want to see your answers so he can decide.

[micoexel]

A - when i registered i did used a Vpn , and i do always sometimes use a VPN when am online , coz it prevent me from been hacked when am online

 

B I don't understand what you mean by the phishing is related to my acct username , ...  Like i said i didn't do this .

 

C This is not an excuse .. IT IS A FACT !!! . I DON'T KNOW ANYTHING ABOUT THIS PHISHING SHIT.

 

D - I  sent my login info to this person coz he is good at hosting . An honestly i did called asking him if he has hosted my website and he said he is still working on it .   I later tried to login and discovered that my acct has been suspended . If i knew about this phishing thing i won't be trying to explain myself , and am very grateful  by you for revealing such a thing as this to me, I won't have know why or what i did wrong for my acct to be suspended

 

E- if you say the email address i use if from an abusive domain , which i don't know about that .  Are saying that MAIL.COM is an abusive domain ?? should i be concerned or deactivate this email account or what ???

[wolstech]

Your email domain was execs.com, which is a known abuse domain (we've had numerous phishing sites with addresses from that and similar domains like consultant.com, and the domain itself has no actual content on it, which is the norm for abuse domains). Yes I would recommend a different email account, or even just an address @mail.com would be fine.

 

As for your username, one of the phishing sites on the account was "microsoftexcelverification", which your username hints at (Microsoft excel -> micro excel -> micoexel). This sort of shortening is *extremely* common with intentional phishing accounts.

 

Basically, whoever you sent your info to checked just about every box in the book when it comes to both automated and manual phishing detection.

 

If you post a new email address, I'll send you an invite for a replacement Johnny account.

[micoexel]

Here is a new email address . please kindly send me an invite for a replacement Johnny account .       parisyork1@aol.com

 

Thanks

[wolstech]

Sent.