HelioHost Posted January 8, 2020 Posted January 8, 2020 Username: N/A, Server: N/A, Main Domain: N/A Dear Sir or Madam, We have discovered a phishing attack located on your network: hxxp://loucasodeveloper[.]xyz/lokamail [65.19.143.6] This attack targets our customer, Microsoft, website URL https://www.micros=oft.com/. Would it be possible to have the fraudulent content, and any other associat=ed fraudulent content, taken down as soon as you are able to? Additionally, please keep the fraudulent content safe so that our customer =and law enforcement agencies can investigate this incident further once the= site is offline. For more information please see https://incident.netcraft.com/2356bcca2f1a/ Many thanks, Netcraft Phone: +44(0)1225 447500Fax: +44(0)1225 448600Netcraft Issue Number: 8135680 To contact us about updates regarding this attack, please respond to this e=mail. Please note: replies to this address will be logged, but aren't alway=s read. If you believe you have received this email in error, or you requir=e further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for mo=re information about x-arf.
loucaso Posted January 8, 2020 Posted January 8, 2020 but this is an email panel that has to be installed via softwares
loucaso Posted January 8, 2020 Posted January 8, 2020 I installed it via softaculous to be a friendlier email panel, if it has any personal problems that you check on your server what you have for clients to install
loucaso Posted January 8, 2020 Posted January 8, 2020 https://www.softaculous.com/apps/mail/WebMail_Lite
wolstech Posted January 8, 2020 Posted January 8, 2020 We auto-suspend all phishing reports because the false positive rate on them is so low (I'd say 1 in 200 are false). Upon looking at your account's contents though, it looks like you're the lucky winner...this one is indeed a false positive. I have no idea why Netcraft thought AfterLogic Webmail was a Microsoft phishing site, but it's not. Unsuspended.
loucaso Posted January 8, 2020 Posted January 8, 2020 I installed it via softaculous but I didn't configure it
wolstech Posted January 8, 2020 Posted January 8, 2020 No problem. We manually review the contents of accounts mentioned in a third party phishing report if someone requests an unsuspension (the large majority of actual phishers never do because they know that what they were doing is against the rules) and reverse the ban if appropriate. It's rare that this happens, but unfortunately no system is perfect. Please let us know if you need anything else. 1
wolstech Posted January 8, 2020 Posted January 8, 2020 Someone else probably saw the abuse report as well and re-suspended you. I spent 20 minutes looking through this account and don't see anything on there (files or databases) to suggest phishing, so I have no idea why they flagged this. The folder linked in the email is an unmodified copy of AfterLogic Webmail Lite... Interestingly enough, this isn't the first time I've had someone get suspended for this exact software program. I think Netcraft has an issue with that particular product for some reason. Since this is the second time I've seen AfterLogic get someone a phishing ban, I've removed it from Softaculous as well. I've sent an invite for a replacement account instead this time around. Please create a new account and just don't use that mail program.
Recommended Posts