HelioHost Posted January 17, 2020 Posted January 17, 2020 Username: N/A, Server: N/A, Main Domain: N/A Dear Sir or Madam, We have discovered a phishing attack located on your network: hxxps://ykebede.heliohost[.]org/oq/another.php?email=3D [65.19.141.67]hxxps://ykebede.heliohost[.]org/oq/redirect.php [65.19.141.67] We believe that this attack is being restricted so it is only visible from =certain countries. Before deciding that the attack has been resolved please= confirm it cannot be viewed from the following countries:South Africa This attack targets our customer, Microsoft, website URL https://www.micros=oft.com/. Would it be possible to have the fraudulent content, and any other associat=ed fraudulent content, taken down as soon as you are able to? Additionally, please keep the fraudulent content safe so that our customer =and law enforcement agencies can investigate this incident further once the= site is offline. For more information please see https://incident.netcraft.com/a11a843a81dd/ Many thanks, Netcraft Phone: +44(0)1225 447500Fax: +44(0)1225 448600Netcraft Issue Number: 7985264 To contact us about updates regarding this attack, please respond to this e=mail. Please note: replies to this address will be logged, but aren't alway=s read. If you believe you have received this email in error, or you requir=e further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for mo=re information about x-arf.
HelioHost Posted February 11, 2020 Author Posted February 11, 2020 Dear Sir or Madam, We have discovered a phishing attack located on your network: hxxps://ykebede.heliohost[.]org/oq/index.php?email=3DZXJqLmNoaWVmLWVkaXRvcn=NAZXJzbmV0Lm9yZw=3D=3D [65.19.141.67]hxxps://ykebede.heliohost[.]org/oq/another.php?email=3D [65.19.141.67]hxxp://dropit.heliohost[.]org/py/cpsess/Support/ [65.19.141.67]hxxp://dropit.heliohost[.]org/py/cpsess/Support/login.php [65.19.141.67] Although we have previously contacted you about this attack, we are contact=ing you again because it has recently reappeared. We believe that this attack is being restricted so it is only visible from =certain countries. Before deciding that the attack has been resolved please= confirm it cannot be viewed from the following countries:South AfricaWe previously contacted you about this issue on 2020-01-17 15:01:31 (UTC).Since our last notification, the following additional URL(s) have been dete=cted: hxxp://dropit.heliohost[.]org/py/cpsess/Support/login.phphxxp://dropit.heliohost[.]org/py/cpsess/Support/ This attack targets our customer, Microsoft, website URL https://www.micros=oft.com/. Would it be possible to have the fraudulent content, and any other associat=ed fraudulent content, taken down as soon as you are able to? Additionally, please keep the fraudulent content safe so that our customer =and law enforcement agencies can investigate this incident further once the= site is offline. For more information please see https://incident.netcraft.com/a11a843a81dd/ Many thanks, Netcraft Phone: +44(0)1225 447500Fax: +44(0)1225 448600Netcraft Issue Number: 7985264 To contact us about updates regarding this attack, please respond to this e=mail. Please note: replies to this address will be logged, but aren't alway=s read. If you believe you have received this email in error, or you requir=e further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for mo=re information about x-arf.
wolstech Posted February 11, 2020 Posted February 11, 2020 Removed. Unfortunately, being a free web host, it is not uncommon for attackers to evade their bans and create a new account. If new URLs are detected in the future, please report them and they will be removed.
Recommended Posts