| Current File : /home/mak/mail/new/1761722360.M424822P4876.cloud.berardocollection.com,S=11185,W=11340 |
Return-Path: <takedown-response+77159934@netcraft.com>
Delivered-To: mak@cloud.berardocollection.com
Received: from cloud.berardocollection.com
by cloud.berardocollection.com with LMTP
id UMAmGfi/AWkMEwAAuY/3dA
(envelope-from <takedown-response+77159934@netcraft.com>)
for <mak@cloud.berardocollection.com>; Wed, 29 Oct 2025 07:19:20 +0000
Return-path: <takedown-response+77159934@netcraft.com>
Envelope-to: info@mak.pt
Delivery-date: Wed, 29 Oct 2025 07:19:20 +0000
Received: from mail-1c.netcraft.com ([52.31.138.216]:49691)
by cloud.berardocollection.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98.1)
(envelope-from <takedown-response+77159934@netcraft.com>)
id 1vE0Sk-000000001Fb-1jKw
for info@mak.pt;
Wed, 29 Oct 2025 07:19:20 +0000
Received: from walleye.netcraft.com (unknown [10.9.0.81])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mail-1c.netcraft.com (Postfix) with ESMTPS id E0D842E83
for <info@mak.pt>; Wed, 29 Oct 2025 07:19:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default202405-yu9bqteb95aqcfpg; t=1761722357;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=Cvw/FP/fbzD7hedmohhFqmZBSt9V9Ws8BOod0wSPo1c=;
b=PYr/WlPhyjTcaf1Xei3Gcsn8l2xmTMPsT98VqRvH/cpahF9i01IGiEJo3+RzsBevj5SRnj
ganGpi8rkkm+EEAUeN2eoUGyjAEkI4WkHVIozhIobW2D9sE50e0XU1qYRN2wIa3aBdXA8M
AEYzDXZYdtmwmqEagKxvK83Jj2TTj5kMatUt+0nxkl5mnkS6McYcru0b/XMVeU6FWQ4tVl
kNGKUfsJon7f1jwJlO7kKaE/3FedQqhn7Go8r+N8scoqDzJvcA8Otaz067vmUkPPYGKjQ7
uaP9KafFc/VJTB6I+Y//+1rB2muKwOau8Q94idRzlZ7+5ohfkmVrXmXC/kz3hQ==
Received: by walleye.netcraft.com (Postfix, from userid 507)
id DADA41BB6; Wed, 29 Oct 2025 07:19:17 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_17617223571728141946"; report-type="feedback-report"
MIME-Version: 1.0
Date: Wed, 29 Oct 2025 07:19:17 +0000
From: Netcraft Takedown Service <takedown-response+77159934@netcraft.com>
Subject: Issue 77159934: Phishing attack at hxxps://mak[.]pt/.bihor/jovbe/diber.html
To: info@mak.pt
Message-Id: <aa079d8b8a77749c1b1e824c2dd2909f@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: No, score=-2.1
X-Spam-Score: -20
X-Spam-Bar: --
X-Ham-Report: =?ISO-8859-1?Q?Spam_detection_software=2C_running_on_the_system_=22cloud=2Eberardoc?= =?ISO-8859-1?Q?ollection=2Ecom=22=2C=0A_has_NOT_identified_this_inco?= =?ISO-8859-1?Q?ming_email_as_spam=2E__The_original=0A_message_has_be?= =?ISO-8859-1?Q?en_attached_to_this_so_you_can_view_it_or_label=0A_si?= =?ISO-8859-1?Q?milar_future_email=2E__If_you_have_any_questions=2C_s?= =?ISO-8859-1?Q?ee=0A_root=5C=40localhost_for_details=2E=0A_Content_p?= =?ISO-8859-1?Q?review=3A__Ol=C3=A1=2C_N=C3=B3s_descobrimos_um_ataque?= =?ISO-8859-1?Q?_de_phishing_localizado_na=0A____sua_rede=3A_hxxps=3A/?= =?ISO-8859-1?Q?/mak=5B=2E=5Dpt/=2Ebihor/jovbe/diber=2Ehtml_=5B109=2E7?= =?ISO-8859-1?Q?1=2E44=2E169=5D_=0A_Content_analysis_details=3A___=28-?= =?ISO-8859-1?Q?2=2E1_points=2C_5=2E0_required=29=0A__pts_rule_name__?= =?ISO-8859-1?Q?____________description=0A_----_---------------------?= =?ISO-8859-1?Q?-_--------------------------------------------------=0A_?= =?ISO-8859-1?Q?_0=2E0_URIBL=5FBLOCKED__________ADMINISTRATOR_NOTICE=3A_?= =?ISO-8859-1?Q?The_query_to_URIBL_was=0A____________________________?= =?ISO-8859-1?Q?_blocked=2E__See=0A_____________________________http=3A/?= =?ISO-8859-1?Q?/wiki=2Eapache=2Eorg/spamassassin/DnsBlocklists#dnsbl?= =?ISO-8859-1?Q?-block=0A______________________________for_more_infor?= =?ISO-8859-1?Q?mation=2E=0A_____________________________=5BURIs=3A_n?= =?ISO-8859-1?Q?etcraft=2Ecom=5D=0A__0=2E0_URIBL=5FDBL=5FBLOCKED_____?= =?ISO-8859-1?Q?_ADMINISTRATOR_NOTICE=3A_The_query_to=0A_____________?= =?ISO-8859-1?Q?________________dbl=2Espamhaus=2Eorg_was_blocked=2E_S?= =?ISO-8859-1?Q?ee=0A_____________________________https=3A//www=2Espa?= =?ISO-8859-1?Q?mhaus=2Eorg/returnc/vol/=0A__________________________?= =?ISO-8859-1?Q?___=5BURIs=3A_netcraft=2Ecom=5D=0A__0=2E0_RCVD=5FIN=5FV?= =?ISO-8859-1?Q?ALIDITY=5FRPBL=5FBLOCKED_RBL=3A_ADMINISTRATOR_NOTICE=3A_?= =?ISO-8859-1?Q?The=0A_____________________________query_to_Validity_?= =?ISO-8859-1?Q?was_blocked=2E__See=0A_____________________________ht?= =?ISO-8859-1?Q?tps=3A//knowledge=2Evalidity=2Ecom/hc/en-us/articles/?= =?ISO-8859-1?Q?20961730681243=0A______________________________for_mo?= =?ISO-8859-1?Q?re_information=2E=0A_____________________________=5B5?= =?ISO-8859-1?Q?2=2E31=2E138=2E216_listed_in_bl=2Escore=2Esenderscore?= =?ISO-8859-1?Q?=2Ecom=5D=0A__0=2E0_RCVD=5FIN=5FVALIDITY=5FCERTIFIED=5FB?= =?ISO-8859-1?Q?LOCKED_RBL=3A_ADMINISTRATOR_NOTICE=3A=0A_____________?= =?ISO-8859-1?Q?________________The_query_to_Validity_was_blocked=2E_?= =?ISO-8859-1?Q?_See=0A_____________________________https=3A//knowled?= =?ISO-8859-1?Q?ge=2Evalidity=2Ecom/hc/en-us/articles/20961730681243=0A_?= =?ISO-8859-1?Q?_____________________________for_more_information=2E=0A?= =?ISO-8859-1?Q?_____________________________=5B52=2E31=2E138=2E216_l?= =?ISO-8859-1?Q?isted_in_sa-accredit=2Ehabeas=2Ecom=5D=0A_-1=2E9_BAYE?= =?ISO-8859-1?Q?S=5F00_______________BODY=3A_Bayes_spam_probability_i?= =?ISO-8859-1?Q?s_0_to_1%=0A_____________________________=5Bscore=3A_?= =?ISO-8859-1?Q?0=2E0000=5D=0A_-0=2E0_SPF=5FPASS_______________SPF=3A_?= =?ISO-8859-1?Q?sender_matches_SPF_record=0A_-0=2E1_DKIM=5FVALID=5FAU?= =?ISO-8859-1?Q?__________Message_has_a_valid_DKIM_or_DK_signature_fr?= =?ISO-8859-1?Q?om=0A_____________________________author's_domain=0A_?= =?ISO-8859-1?Q?-0=2E1_DKIM=5FVALID=5FEF__________Message_has_a_valid?= =?ISO-8859-1?Q?_DKIM_or_DK_signature_from=0A________________________?= =?ISO-8859-1?Q?_____envelope-from_domain=0A_-0=2E1_DKIM=5FVALID_____?= =?ISO-8859-1?Q?________Message_has_at_least_one_valid_DKIM_or_DK_sig?= =?ISO-8859-1?Q?nature=0A__0=2E1_DKIM=5FSIGNED____________Message_has?= =?ISO-8859-1?Q?_a_DKIM_or_DK_signature=2C_not_necessarily=0A________?= =?ISO-8859-1?Q?_____________________valid?=
X-Spam-Flag: NO
This is a multi-part message in MIME format.
--_----------=_17617223571728141946
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Olá,
Nós descobrimos um ataque de phishing localizado na sua rede:
hxxps://mak[.]pt/.bihor/jovbe/diber.html [109.71.44.169]
É possível que este ataque esteja sendo restrito para que seja visível apenas em alguns países. Antes de decidir que o ataque foi resolvido, confirme se ele não pode ser visualizado nos seguintes países:
França
Você pode não ter tido conhecimento deste ataque, porém, você ainda é responsável pela sua remoção
Este ataque é contra o nosso cliente, Cetelem, site URL http://www.cetelem.fr/.
Por favor remova este conteúdo fraudulento, e qualquer outro conteúdo fraudulento associado, o mais cedo possível.
Adicionalmente, por favor mantenha o conteúdo fraudulento seguro para que o nosso cliente e agências de aplicação da lei podem investigar este incidente mais quando o site está offline.
Mais informações sobre o problema detectado são fornecidas em https://incident.netcraft.com/reports/wiurusswdc5hp6k77pfa2d
Consulte https://incident.netcraft.com/about para obter mais detalhes, incluindo suporte API.
Atenciosamente,
Netcraft
Telefone: +44(0)1225 447500
Fax: +44(0)1225 448600
Número do problema Netcraft: 77159934
Para contactar-nos sobre actualizações neste ataque, por favor responda a este e-mail. Por favor nota: respostas a este endereço são registrado, mas não são lidos sempre. Se você acredita que recebeu esta mensagem por engano, ou se precisa de mais apoio, por favor contacte: support@netcraft.com.
Este mail pode ser analisado com ferramentas x-arf. Visita http://www.xarf.org/ para mais informações sobre x-arf.
-------------------
Hello,
We have discovered a phishing attack on your network.
hxxps://mak[.]pt/.bihor/jovbe/diber.html [109.71.44.169]
It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
France
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Cetelem, website URL http://www.cetelem.fr/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.
More information about the detected issue is provided at https://incident.netcraft.com/reports/wiurusswdc5hp6k77pfa2d
See https://incident.netcraft.com/about for more details including API support.
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 77159934
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_17617223571728141946
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Wed, 29 Oct 2025 07:19:17 +0000
Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_17617223571728141946
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Wed, 29 Oct 2025 07:19:17 +0000
eyJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmdEb21haW4iOiJuZXRjcmFmdC5jb20iLCJSZXBv
cnRlck9yZyI6Ik5ldGNyYWZ0IiwiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNl
Kzc3MTU5OTM0QG5ldGNyYWZ0LmNvbSJ9LCJPbkJlaGFsZk9mIjp7IkNvbXBsYWluYW50T3JnIjoi
Q2V0ZWxlbSIsIkNvbXBsYWluYW50T3JnRG9tYWluIjoid3d3LmNldGVsZW0uZnIiLCJDb21wbGFp
bmFudE9yZ0VtYWlsIjoidGFrZWRvd24tcmVzcG9uc2UrNzcxNTk5MzRAbmV0Y3JhZnQuY29tIn0s
IlZlcnNpb24iOiIxIiwiUmVwb3J0Ijp7IlJlcG9ydGVyTm90ZXMiOiJTZWUgaHR0cHM6Ly9pbmNp
ZGVudC5uZXRjcmFmdC5jb20vcmVwb3J0cy93aXVydXNzd2RjNWhwNms3N3BmYTJkIGZvciBtb3Jl
IGluZm9ybWF0aW9uIiwiRGF0ZSI6IjIwMjUtMTAtMjlUMDc6MDY6MDJaIiwiUmVwb3J0VHlwZSI6
IlBoaXNoaW5nIiwiU291cmNlVXJsIjoiaHR0cHM6Ly9tYWsucHQvLmJpaG9yL2pvdmJlL2RpYmVy
Lmh0bWwiLCJGaXJzdFNlZW4iOiIyMDI1LTEwLTI5VDA3OjAwOjM2WiIsIlJlcG9ydENsYXNzIjoi
Q29udGVudCIsIlJlcG9ydGVyQ2FzZUlEIjoiNzcxNTk5MzQiLCJTb3VyY2VJcCI6IjEwOS43MS40
NC4xNjkifSwiRGlzY2xvc3VyZSI6dHJ1ZX0=
--_----------=_17617223571728141946--