| Current File : /home/mak/mail/new/1750549646.M909885P10778.cloud.berardocollection.com,S=10276,W=10478 |
Return-Path: <takedown-response+71507258@netcraft.com>
Delivered-To: mak@cloud.berardocollection.com
Received: from cloud.berardocollection.com
by cloud.berardocollection.com with LMTP
id cNEUNo5EV2gaKgAAuY/3dA
(envelope-from <takedown-response+71507258@netcraft.com>)
for <mak@cloud.berardocollection.com>; Sun, 22 Jun 2025 00:47:26 +0100
Return-path: <takedown-response+71507258@netcraft.com>
Envelope-to: support@mak.pt
Delivery-date: Sun, 22 Jun 2025 00:47:26 +0100
Received: from mail-1c.netcraft.com ([52.31.138.216]:52245)
by cloud.berardocollection.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98.1)
(envelope-from <takedown-response+71507258@netcraft.com>)
id 1uT7vh-0000000033J-2sV0
for support@mak.pt;
Sun, 22 Jun 2025 00:47:26 +0100
Received: from walleye.netcraft.com (unknown [10.9.0.81])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mail-1c.netcraft.com (Postfix) with ESMTPS id 403E06E4
for <support@mak.pt>; Sat, 21 Jun 2025 23:47:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default202405-yu9bqteb95aqcfpg; t=1750549644;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=CtppytOML9xjHk2CGp9Il8JY72ArAKK9sxl3BEgBadU=;
b=U+pAky5xW5B68DC9DGSH1MP7jHnZ0W9nQs0GFSoUp/X0MN/249/iU+dfIwUWih5PYEG1+m
mYlg9ZVRMiyrIaz09QeH/YrecWj2jBbNRV+c+BygEecxBzymZYJu3CVQAh3GDZOvLpwN2i
IxpT5+NYTrdlYWZAlAjRi7LX6AvCZk5rwH4kr8qanuGMlDeFAyWVZmvs5m+5ms2JPW5qRX
dj2D+N35/XsBznTU+Aa8+Gvbj/VU2NwmZL3UBE6oJuVNssRJqAsaaY0MD/i3tMLZfzzXPV
1T+R/RaAlUNQJIVwqk/LFk2zLV3oLjq8rl6qeMIHvMyrGMAPbToycv/EceT9gA==
Received: by walleye.netcraft.com (Postfix, from userid 507)
id 38973136C; Sat, 21 Jun 2025 23:47:24 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_1750549644811281873"; report-type="feedback-report"
MIME-Version: 1.0
Date: Sat, 21 Jun 2025 23:47:24 +0000
From: Netcraft Takedown Service <takedown-response+71507258@netcraft.com>
Subject: Issue 71507258: Phishing attack at hxxps://mak[.]pt/index/
To: support@mak.pt
Message-Id: <bede2861942d1e529d66fcc1faf2d1c1@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: No, score=-2.1
X-Spam-Score: -20
X-Spam-Bar: --
X-Ham-Report: Spam detection software, running on the system "cloud.berardocollection.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Olá, Nós descobrimos um ataque de phishing localizado na
sua rede: hxxps://mak[.]pt/index/ [109.71.44.169]
Content analysis details: (-2.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_DBL_BLOCKED ADMINISTRATOR NOTICE: The query to
dbl.spamhaus.org was blocked. See
https://www.spamhaus.org/returnc/vol/
[URIs: xarf.org]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: xarf.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[52.31.138.216 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[52.31.138.216 listed in sa-accredit.habeas.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
X-Spam-Flag: NO
This is a multi-part message in MIME format.
--_----------=_1750549644811281873
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Olá,
Nós descobrimos um ataque de phishing localizado na sua rede:
hxxps://mak[.]pt/index/ [109.71.44.169]
É possível que este ataque esteja sendo restrito para que seja visível apenas em alguns países. Antes de decidir que o ataque foi resolvido, confirme se ele não pode ser visualizado nos seguintes países:
Bélgica
Alemanha
França
Holanda
Você pode não ter tido conhecimento deste ataque, porém, você ainda é responsável pela sua remoção
Este ataque é contra o nosso cliente, itsme, site URL https://www.itsme.be/.
Por favor remova este conteúdo fraudulento, e qualquer outro conteúdo fraudulento associado, o mais cedo possível.
Adicionalmente, por favor mantenha o conteúdo fraudulento seguro para que o nosso cliente e agências de aplicação da lei podem investigar este incidente mais quando o site está offline.
Mais informações sobre o problema detectado são fornecidas em https://incident.netcraft.com/3fde44e76b9d/
NOVO: Uma versão beta dos nossos relatórios de incidentes de próxima geração está disponível em https://beta.incident.netcraft.com/reports/gwz2ft3o4iheejrh3koszx
Consulte https://beta.incident.netcraft.com/about para obter mais detalhes, incluindo suporte API. Entre em contato com incident-feedback@netcraft.com com qualquer comentário ou para obter mais informações.
Atenciosamente,
Netcraft
Telefone: +44(0)1225 447500
Fax: +44(0)1225 448600
Número do problema Netcraft: 71507258
Para contactar-nos sobre actualizações neste ataque, por favor responda a este e-mail. Por favor nota: respostas a este endereço são registrado, mas não são lidos sempre. Se você acredita que recebeu esta mensagem por engano, ou se precisa de mais apoio, por favor contacte: support@netcraft.com.
Este mail pode ser analisado com ferramentas x-arf. Visita http://www.xarf.org/ para mais informações sobre x-arf.
-------------------
Hello,
We have discovered a phishing attack on your network.
hxxps://mak[.]pt/index/ [109.71.44.169]
It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
Belgium
Germany
France
Netherlands
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, itsme, website URL https://www.itsme.be/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.
More information about the detected issue is provided at https://incident.netcraft.com/3fde44e76b9d/
NEW: A beta version of our next generation incident reports is available at https://beta.incident.netcraft.com/reports/gwz2ft3o4iheejrh3koszx
See https://beta.incident.netcraft.com/about for more details including API support. Please contact incident-feedback@netcraft.com with any feedback or for more information.
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 71507258
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_1750549644811281873
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Sat, 21 Jun 2025 23:47:24 +0000
Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_1750549644811281873
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Sat, 21 Jun 2025 23:47:24 +0000
eyJWZXJzaW9uIjoiMSIsIk9uQmVoYWxmT2YiOnsiQ29tcGxhaW5hbnRPcmdFbWFpbCI6InRha2Vk
b3duLXJlc3BvbnNlKzcxNTA3MjU4QG5ldGNyYWZ0LmNvbSIsIkNvbXBsYWluYW50T3JnRG9tYWlu
Ijoid3d3Lml0c21lLmJlIiwiQ29tcGxhaW5hbnRPcmciOiJpdHNtZSJ9LCJSZXBvcnQiOnsiRGF0
ZSI6IjIwMjUtMDYtMjFUMjM6NDQ6MTdaIiwiUmVwb3J0Q2xhc3MiOiJDb250ZW50IiwiUmVwb3J0
ZXJDYXNlSUQiOiI3MTUwNzI1OCIsIlNvdXJjZUlwIjoiMTA5LjcxLjQ0LjE2OSIsIlJlcG9ydGVy
Tm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNpZGVudC5uZXRjcmFmdC5jb20vM2ZkZTQ0ZTc2YjlkLyBm
b3IgbW9yZSBpbmZvcm1hdGlvbiIsIlNvdXJjZVVybCI6Imh0dHBzOi8vbWFrLnB0L2luZGV4LyIs
IlJlcG9ydFR5cGUiOiJQaGlzaGluZyJ9LCJEaXNjbG9zdXJlIjp0cnVlLCJSZXBvcnRlckluZm8i
OnsiUmVwb3J0ZXJPcmciOiJOZXRjcmFmdCIsIlJlcG9ydGVyT3JnRW1haWwiOiJ0YWtlZG93bi1y
ZXNwb25zZSs3MTUwNzI1OEBuZXRjcmFmdC5jb20iLCJSZXBvcnRlck9yZ0RvbWFpbiI6Im5ldGNy
YWZ0LmNvbSJ9fQ==
--_----------=_1750549644811281873--