HelioHost Posted June 25, 2021 Posted June 25, 2021 Username: N/A, Server: N/A, Main Domain: N/AHello, We have discovered a phishing attack located on your network: hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu/signin/signin_drop.php [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/gb-en/signin/signin_drop.php [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/ [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu/settings/settings.php?action=paymentAction&locale=en-GB&7db8c833ed306183c59584933aff4cfb&dispatch=3ec3109a3c6260b15d9b1900263d1ae77d529514 [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/ [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/gb-en/settings/settings.php?action=paymentAction&locale=en-FR&44e2918df8911f9aea806363f475917d&dispatch=8a8afbba3e9ef357eae012324af8ea51ee0aece2 [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu/signin/signin.php?cmd=_update-information&account_update=8bdc955b798f824e0c853bd06d045428&lim_session=3d35dce2562a238dab2ba35507bfbf1d15caf129 [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/gb-en [65.19.141.67] hxxp://oluxcc.heliohost[.]us/netflix/login/gb-en/signin/signin.php?cmd=_update-information&account_update=6655a4c832fd17b0597dbca4cb056411&lim_session=dee6ea5a7c9e7bb2256de3bbfab04f71eccc186e [65.19.141.67] We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important. We previously contacted you about this issue on 2021-06-23 01:39:37 (UTC). Since our last notification, the following additional URL(s) have been detected: hxxp://oluxcc.heliohost[.]us/netflix/ hxxp://oluxcc.heliohost[.]us/netflix/login/ hxxp://oluxcc.heliohost[.]us/netflix/login/gb-en/signin/signin_drop.php hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu/settings/settings.php?action=paymentAction&locale=en-GB&7db8c833ed306183c59584933aff4cfb&dispatch=3ec3109a3c6260b15d9b1900263d1ae77d529514 hxxp://oluxcc.heliohost[.]us/netflix/login/za-zu/signin/signin_drop.php This attack targets our customer, Netflix, website URL https://www.netflix.com/. Would it be possible to have the fraudulent content, and any other associated fraudulent content, taken down as soon as you are able to? Additionally, please send any files associated with the fraudulent content to records@netflix.com so that our customer and law enforcement agencies can investigate the incident further. More information about the detected issue is provided at https://incident.netcraft.com/97b4b8826ea7/ Many thanks, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 19287977 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.--- Attachment: none Category: fraud Date: 2021-06-23T01:59:57+00:00 Domain: heliohost.us Port: 80 Report-ID: takedown-response+19287977@netcraft.com Report-Type: phishing Reported-From: takedown@netcraft.com Schema-URL: http://www.xarf.org/schema/fraud_0.1.4.json Service: http Source: http://oluxcc.heliohost.us/netflix/login/gb-en/signin/signin.php?cmd=_update-information&account_update=6655a4c832fd17b0597dbca4cb056411&lim_session=dee6ea5a7c9e7bb2256de3bbfab04f71eccc186e Source-Type: uri User-Agent: Netcraft Takedown
Recommended Posts