You navigated to login.hkosec.fun, but your traffic landed on a different IK customer's pod.
Root cause: POST /proxy/1/hostings/{H}/vhost_route/{F}/aliases on manager.infomaniak.com accepts arbitrary FQDNs (including other customers' domains and arbitrary third-party hostnames) without DNS ownership challenge. Envoy Gateway routes any matching Host header to the attacker's pod.
Authorized YesWeHack security research. This pod operated by hko-ywh-c70c8a9c02d08079@yeswehack.ninja intercepts only Host headers explicitly claimed as aliases on this hosting. Real customer FQDNs not in this hosting's aliases table receive TLS handshake reset (Envoy default). Aliases are removed immediately after evidence capture.