| Current File : /home/mak/mail/new/1761830928.M801235P14330.cloud.berardocollection.com,S=12135,W=12297 |
Return-Path: <takedown-response+77159934@netcraft.com>
Delivered-To: mak@cloud.berardocollection.com
Received: from cloud.berardocollection.com
by cloud.berardocollection.com with LMTP
id 6M9BLhBoA2n6NwAAuY/3dA
(envelope-from <takedown-response+77159934@netcraft.com>)
for <mak@cloud.berardocollection.com>; Thu, 30 Oct 2025 13:28:48 +0000
Return-path: <takedown-response+77159934@netcraft.com>
Envelope-to: info@mak.pt
Delivery-date: Thu, 30 Oct 2025 13:28:48 +0000
Received: from mail-1c.netcraft.com ([52.31.138.216]:50729)
by cloud.berardocollection.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.98.1)
(envelope-from <takedown-response+77159934@netcraft.com>)
id 1vEShq-0000000025u-2sNu
for info@mak.pt;
Thu, 30 Oct 2025 13:28:48 +0000
Received: from barb.netcraft.com (unknown [10.9.0.151])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by mail-1c.netcraft.com (Postfix) with ESMTPS id E9CFD48AA
for <info@mak.pt>; Thu, 30 Oct 2025 13:28:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netcraft.com;
s=default202405-yu9bqteb95aqcfpg; t=1761830925;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=mzktH+LgkTxNrMDV7JDm70IH4TVsqsYKclA37v2M4LU=;
b=xJrWATVY8XvA5XTeLj+xnJnDbe1VmfaBN8RZnui5naWD+Dz4nRRqy736gwO5pUL9OV4cqF
ifo0v1auAvzcRWhHv6Qz8mEfi2BVX4NxB1kEe6cB4q6E/Bozx0sHrtE/zzoMObWpFaCV3A
fAFyLylQoeMxhmaX05gzx8QX1bKl6GFGUYVnUyj2xSM6v684iTXgnki/9uwM7SLDQqZJlF
3YIwRztTUbAcoTMDOsKvrTK1NVW32hVn9SEfISNEvynYXHVh5zU+I/qxr2z/tQZmaK6pTH
nGHZTp6HejVfycLlTeXC0bi9jRexsmhwIN5xJ3UGAIWCH9UeMfL6QV/iqNJIBA==
Received: by barb.netcraft.com (Postfix, from userid 507)
id E1B0F174; Thu, 30 Oct 2025 13:28:45 +0000 (UTC)
Content-Transfer-Encoding: 8bit
Content-Type: multipart/report; boundary="_----------=_1761830925310868639"; report-type="feedback-report"
MIME-Version: 1.0
Date: Thu, 30 Oct 2025 13:28:45 +0000
From: Netcraft Takedown Service <takedown-response+77159934@netcraft.com>
Subject: Re: Issue 77159934: Phishing attack at hxxps://mak[.]pt/.bihor/jovbe/diber.html
References: <aa079d8b8a77749c1b1e824c2dd2909f@takedown.netcraft.com>
In-Reply-To: <aa079d8b8a77749c1b1e824c2dd2909f@takedown.netcraft.com>
To: info@mak.pt
Message-Id: <3bdaab59bde9624134a7c8bb45ddcf1b@takedown.netcraft.com>
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
X-Spam-Status: No, score=-2.1
X-Spam-Score: -20
X-Spam-Bar: --
X-Ham-Report: =?ISO-8859-1?Q?Spam_detection_software=2C_running_on_the_system_=22cloud=2Eberardoc?= =?ISO-8859-1?Q?ollection=2Ecom=22=2C=0A_has_NOT_identified_this_inco?= =?ISO-8859-1?Q?ming_email_as_spam=2E__The_original=0A_message_has_be?= =?ISO-8859-1?Q?en_attached_to_this_so_you_can_view_it_or_label=0A_si?= =?ISO-8859-1?Q?milar_future_email=2E__If_you_have_any_questions=2C_s?= =?ISO-8859-1?Q?ee=0A_root=5C=40localhost_for_details=2E=0A_Content_p?= =?ISO-8859-1?Q?review=3A__Ol=C3=A1=2C_N=C3=B3s_descobrimos_um_ataque?= =?ISO-8859-1?Q?_de_phishing_localizado_na=0A____sua_rede=3A_hxxps=3A/?= =?ISO-8859-1?Q?/mak=5B=2E=5Dpt/=2Ebihor/jovbe/diber=2Ehtml_=5B109=2E7?= =?ISO-8859-1?Q?1=2E44=2E169=5D_=0A_Content_analysis_details=3A___=28-?= =?ISO-8859-1?Q?2=2E1_points=2C_5=2E0_required=29=0A__pts_rule_name__?= =?ISO-8859-1?Q?____________description=0A_----_---------------------?= =?ISO-8859-1?Q?-_--------------------------------------------------=0A_?= =?ISO-8859-1?Q?-1=2E9_BAYES=5F00_______________BODY=3A_Bayes_spam_pr?= =?ISO-8859-1?Q?obability_is_0_to_1%=0A_____________________________=5Bs?= =?ISO-8859-1?Q?core=3A_0=2E0000=5D=0A__0=2E0_URIBL=5FBLOCKED________?= =?ISO-8859-1?Q?__ADMINISTRATOR_NOTICE=3A_The_query_to_URIBL_was=0A__?= =?ISO-8859-1?Q?___________________________blocked=2E__See=0A________?= =?ISO-8859-1?Q?_____________________http=3A//wiki=2Eapache=2Eorg/spa?= =?ISO-8859-1?Q?massassin/DnsBlocklists#dnsbl-block=0A_______________?= =?ISO-8859-1?Q?_______________for_more_information=2E=0A____________?= =?ISO-8859-1?Q?_________________=5BURIs=3A_netcraft=2Ecom=5D=0A__0=2E0?= =?ISO-8859-1?Q?_URIBL=5FDBL=5FBLOCKED______ADMINISTRATOR_NOTICE=3A_T?= =?ISO-8859-1?Q?he_query_to=0A_____________________________dbl=2Espam?= =?ISO-8859-1?Q?haus=2Eorg_was_blocked=2E_See=0A_____________________?= =?ISO-8859-1?Q?________https=3A//www=2Espamhaus=2Eorg/returnc/vol/=0A_?= =?ISO-8859-1?Q?____________________________=5BURIs=3A_xarf=2Eorg=5D=0A?= =?ISO-8859-1?Q?__0=2E0_RCVD=5FIN=5FVALIDITY=5FCERTIFIED=5FBLOCKED_RB?= =?ISO-8859-1?Q?L=3A_ADMINISTRATOR_NOTICE=3A=0A______________________?= =?ISO-8859-1?Q?_______The_query_to_Validity_was_blocked=2E__See=0A__?= =?ISO-8859-1?Q?___________________________https=3A//knowledge=2Evali?= =?ISO-8859-1?Q?dity=2Ecom/hc/en-us/articles/20961730681243=0A_______?= =?ISO-8859-1?Q?_______________________for_more_information=2E=0A____?= =?ISO-8859-1?Q?______________________=5B52=2E31=2E138=2E216_listed_i?= =?ISO-8859-1?Q?n_sa-trusted=2Ebondedsender=2Eorg=5D=0A__0=2E0_RCVD=5FI?= =?ISO-8859-1?Q?N=5FVALIDITY=5FRPBL=5FBLOCKED_RBL=3A_ADMINISTRATOR_NO?= =?ISO-8859-1?Q?TICE=3A_The=0A_____________________________query_to_V?= =?ISO-8859-1?Q?alidity_was_blocked=2E__See=0A_______________________?= =?ISO-8859-1?Q?______https=3A//knowledge=2Evalidity=2Ecom/hc/en-us/a?= =?ISO-8859-1?Q?rticles/20961730681243=0A____________________________?= =?ISO-8859-1?Q?__for_more_information=2E=0A_________________________?= =?ISO-8859-1?Q?____=5B52=2E31=2E138=2E216_listed_in_bl=2Escore=2Esen?= =?ISO-8859-1?Q?derscore=2Ecom=5D=0A_-0=2E0_SPF=5FPASS_______________?= =?ISO-8859-1?Q?SPF=3A_sender_matches_SPF_record=0A_-0=2E1_DKIM=5FVAL?= =?ISO-8859-1?Q?ID=5FAU__________Message_has_a_valid_DKIM_or_DK_signa?= =?ISO-8859-1?Q?ture_from=0A_____________________________author's_dom?= =?ISO-8859-1?Q?ain=0A__0=2E1_DKIM=5FSIGNED____________Message_has_a_?= =?ISO-8859-1?Q?DKIM_or_DK_signature=2C_not_necessarily=0A___________?= =?ISO-8859-1?Q?__________________valid=0A_-0=2E1_DKIM=5FVALID=5FEF__?= =?ISO-8859-1?Q?________Message_has_a_valid_DKIM_or_DK_signature_from?= =?ISO-8859-1?Q?=0A_____________________________envelope-from_domain=0A_?= =?ISO-8859-1?Q?-0=2E1_DKIM=5FVALID_____________Message_has_at_least_?= =?ISO-8859-1?Q?one_valid_DKIM_or_DK_signature?=
X-Spam-Flag: NO
This is a multi-part message in MIME format.
--_----------=_1761830925310868639
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Olá,
Nós descobrimos um ataque de phishing localizado na sua rede:
hxxps://mak[.]pt/.bihor/jovbe/diber.html [109.71.44.169]
É possível que este ataque esteja sendo restrito para que seja visível apenas em alguns países. Antes de decidir que o ataque foi resolvido, confirme se ele não pode ser visualizado nos seguintes países:
França
Entendemos que este site é simplesmente um redirecionamento, no entanto, este site está diretamente envolvido no ataque, pois redireciona para conteúdo fraudulento. Além disso, o redirecionamento é controlado por um fraudador para que possa ser reutilizado para ataques futuros, tornando sua remoção ainda mais importante.
Anteriormente, entramos em contato com você sobre esse problema em 2025-10-29 07:19:17 (UTC).
Você pode não ter tido conhecimento deste ataque, porém, você ainda é responsável pela sua remoção
Este ataque é contra o nosso cliente, Cetelem, site URL http://www.cetelem.fr/.
Por favor remova este conteúdo fraudulento, e qualquer outro conteúdo fraudulento associado, o mais cedo possível.
Adicionalmente, por favor mantenha o conteúdo fraudulento seguro para que o nosso cliente e agências de aplicação da lei podem investigar este incidente mais quando o site está offline.
Mais informações sobre o problema detectado são fornecidas em https://incident.netcraft.com/reports/wiurusswdc5hp6k77pfa2d
Consulte https://incident.netcraft.com/about para obter mais detalhes, incluindo suporte API.
Atenciosamente,
Netcraft
Telefone: +44(0)1225 447500
Fax: +44(0)1225 448600
Número do problema Netcraft: 77159934
Para contactar-nos sobre actualizações neste ataque, por favor responda a este e-mail. Por favor nota: respostas a este endereço são registrado, mas não são lidos sempre. Se você acredita que recebeu esta mensagem por engano, ou se precisa de mais apoio, por favor contacte: support@netcraft.com.
Este mail pode ser analisado com ferramentas x-arf. Visita http://www.xarf.org/ para mais informações sobre x-arf.
-------------------
Hello,
We have discovered a phishing attack on your network.
hxxps://mak[.]pt/.bihor/jovbe/diber.html [109.71.44.169]
It is possible that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
France
We understand that this site is simply a redirect, however this site is directly involved in the attack as it redirects to fraudulent content. Plus, the redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.
We previously contacted you about this issue on 2025-10-29 07:19:17 (UTC).
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Cetelem, website URL http://www.cetelem.fr/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please keep the fraudulent content safe so that our customer and law enforcement agencies can investigate this incident further once the site is offline.
More information about the detected issue is provided at https://incident.netcraft.com/reports/wiurusswdc5hp6k77pfa2d
See https://incident.netcraft.com/about for more details including API support.
Kind regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 77159934
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: support@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
--_----------=_1761830925310868639
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Thu, 30 Oct 2025 13:28:45 +0000
Feedback-Type: xarf
User-Agent: Netcraft
Version: 1
--_----------=_1761830925310868639
Content-Disposition: attachment; filename="xarf.json"
Content-Transfer-Encoding: base64
Content-Type: application/json; charset=utf-8; name="xarf.json"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)
Date: Thu, 30 Oct 2025 13:28:45 +0000
eyJSZXBvcnQiOnsiRGF0ZSI6IjIwMjUtMTAtMzBUMTM6MjI6MTlaIiwiUmVwb3J0VHlwZSI6IlBo
aXNoaW5nIiwiRmlyc3RTZWVuIjoiMjAyNS0xMC0yOVQwNzowMDozNloiLCJTb3VyY2VVcmwiOiJo
dHRwczovL21hay5wdC8uYmlob3Ivam92YmUvZGliZXIuaHRtbCIsIlNvdXJjZUlwIjoiMTA5Ljcx
LjQ0LjE2OSIsIlJlcG9ydENsYXNzIjoiQ29udGVudCIsIlJlcG9ydGVyQ2FzZUlEIjoiNzcxNTk5
MzQiLCJSZXBvcnRlck5vdGVzIjoiU2VlIGh0dHBzOi8vaW5jaWRlbnQubmV0Y3JhZnQuY29tL3Jl
cG9ydHMvd2l1cnVzc3dkYzVocDZrNzdwZmEyZCBmb3IgbW9yZSBpbmZvcm1hdGlvbiJ9LCJWZXJz
aW9uIjoiMSIsIlJlcG9ydGVySW5mbyI6eyJSZXBvcnRlck9yZyI6Ik5ldGNyYWZ0IiwiUmVwb3J0
ZXJPcmdEb21haW4iOiJuZXRjcmFmdC5jb20iLCJSZXBvcnRlck9yZ0VtYWlsIjoidGFrZWRvd24t
cmVzcG9uc2UrNzcxNTk5MzRAbmV0Y3JhZnQuY29tIn0sIkRpc2Nsb3N1cmUiOnRydWUsIk9uQmVo
YWxmT2YiOnsiQ29tcGxhaW5hbnRPcmdEb21haW4iOiJ3d3cuY2V0ZWxlbS5mciIsIkNvbXBsYWlu
YW50T3JnRW1haWwiOiJ0YWtlZG93bi1yZXNwb25zZSs3NzE1OTkzNEBuZXRjcmFmdC5jb20iLCJD
b21wbGFpbmFudE9yZyI6IkNldGVsZW0ifX0=
--_----------=_1761830925310868639--