[Abuse #VMFKPWNXLJ] You are hosting a phishing webpage on ns386422.ip-176-31-241.eu!

Пример как злоупотребляют самим абузами.


Hello,

ATTENTION: another phishing webpage has been detected on your service (see below), please fix this problem as soon as possible !

It has been brought to our attention that you’re hosting a phishing webpage on your service ns386422.ip-176-31-241.eu.

A malicious person has probably taken control of all or part of your website, and injected this page without your knowledge.
This kind of webpage is made to steal personal information from victims by impersonating well-known legitimage websites (such as banks, e-commerce websites or others).

If you’re using a content manager system (aka «CMS») on your shared hosting offer or on your server, such as WordPress, Joomla or Drupal, check that it’s being maintained up to date at all times. This kind of software is widely used on Internet which is why it’s often targeted when hackers are trying to take control of a website such as yours. Please also verify that any plugins that you may have installed are also up to date, and avoid any unofficial plugin, as those have a higher chance of being malicious or not seriously maintained.

Below is the list of URLs pointing to the phishing webpage you’re hosting :

* https://176.31.241.223/
* http://176.31.241.223/
* http://176.31.241.223/
* https://yandexcloud.net.ru/

It is possible that some of those URLs are not accessible right now, because our anti-phishing system might have been activated, protecting victims of this type of fraud, while you’re working to fix the problem.

Please delete these phishing webpages and secure your service (CMS update, system update, password change) to ensure it cannot be hacked again.

When you have fixed the problem, please answer to this e-mail address.

Cordially,

The OVHcloud Abuse team.


Домена нет на сервере:

root@:~# curl -v -H «Host: yandexcloud.net.ru» 176.31.241.223/
* Hostname was NOT found in DNS cache
*   Trying 176.31.241.223…
* Connected to 176.31.241.223 (176.31.241.223) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Accept: */*
> Host: yandexcloud.net.ru
>
< HTTP/1.1 403 Forbidden
* Server nginx/1.16.1 is not blacklisted
< Server: nginx/1.16.1
< Date: Sun, 28 Mar 2021 04:57:43 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
* Connection #0 to host 176.31.241.223 left intact

Добавить комментарий

Ваш адрес email не будет опубликован.