Please Note:
First off, not all takedown requests are a scam, most are very valid BUT you must determine when they are not.
Second, If the take down request has a link, don’t click it, attachment, same thing DON’T OPEN IT!
What to do:
This domain has nothing hosted, nothing at all, this being my first clue the email is a fake. But, to be wise, I opened up the folder in cpanel and checked for files and folders, NOTHING! No folders, not even the one they say /sy2h/ is there, doesn’t exist, none.
So since this domain is not being hosted, but is used for email, I setup a 301 redirect for all traffic eliminating the problem that didn’t exist.
Their email: =================================
Hello,
You are currently hosting a site which is associated with an ongoing malware attack. The malware is either spread via an email with a malicious attachment, which when run, appears to communicate with the following links; or it is spread directly using the following malicious links:
hxxp://www.mikeyriley[.]com/sy2h/?3f=ceIzSlQPfGJUNV3tr4/2GATznhC1uh78KM6KLhbwBbKnyW9ycvLbzXkwe4zOHAvsmPc=&RJ=tZXpThbh [38.29.212.34]
More information about the detected issue is provided at https://incident.netcraft.com/ed7/ed7a2611dad6
/////Notice, The link above I did not click!!!!!\\\\
Would it be possible to have this URL taken down as soon as possible?
Many thanks,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 30712353
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren’t always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
Recent Comments