From: PhishLabs Security Operations [mailto:[email protected]] Sent: Wednesday, June 14, 2017 9:43 PM To: [email protected]; [email protected]; [email protected] Subject: [PL-556211] Phishing attack hosted on otdyh-samara.ru Hello, My name is Justin C. and I work for PhishLabs. We investigate computer crime incidents on behalf of other organizations. During an investigation of fraud, we have identified a phishing site which is hosted on your network and attempting to defraud the customers of Apple. The following URLs are some components of this phishing attack: http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/ http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/bill.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/card.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/index.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/3c4204e9732f0d9ed92e9ae2e11b1832/ http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/done.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/process.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/process1.php http://otdyh-samara.ru/components/confrom-apple/Loading/SignIn/52aaba088a256b22060eb173ca508aa3/process2.php First detection of malicious activity: 06-14-2017 19:26:26 UTC Most recent observation of malicious activity: 06-14-2017 19:38:46 UTC Associated IP Address: 141.101.128.120 Hostname of Server: otdyh-samara.ru If you agree that this is malicious, we kindly request that you take steps to have the content removed as soon as possible. It is likely that the intruder who set up this phishing site has also left additional fraudulent material on this server. If we have contacted you in error, or if there is a better way for us to report this incident, please let us know so that we may continue our investigation. We are extremely grateful for your assistance. Kind Regards, Justin C. PhishLabs Security Operations [email protected] +1.202.386.6001 http://www.phishlabs.com |