OVH: SBL notification
Your service ip-184.108.40.206/30 has been reported as a high threat for OVH’s Network by Spamhaus.
The Spamhaus Project is an international nonprofit organization that monitors spam and related cyber threats such as phishing, malware and botnets.
Technical details showing the aforementioned problem below.
You should investigate and fix this issue as fast as possible, as it constitutes a violation of our terms of service.
In order to fix this issue, we recommend you to follow the following steps :
1. Reinstall a previous safe backup of the reported service, otherwise, delete every suspicious files to avoid being infected afterward.
2. Change your password (FTP, CMS, Database, …).
3. Update / Upgrade your CMS and / or Operating System to install the new vulnerability patches.
4. Be sure that every single threat has been removed before any reply.
If you need assistance, you can reach our support or contact an IT professional.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Until then, we might have to suspend your service to protect our network.
The OVH Abuse team.
— start of the technical details —
SBL538295 — The Spamhaus Project — SBL International Anti-Spam System
Hello ovh.net Abuse Desk,
This is an automated message from the Spamhaus Block List (SBL) database
to advise that the IP below has been added to sbl.spamhaus.org:
Problem: *** BOTNET CONTROLLER LISTING ***
RedLineStealer botnet controller @220.127.116.11
SBL Ref: SBL538295
The reason for listing the IP address(es) is explained at the url:
— end of the technical details —
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 18.104.22.168 on port 27763 TCP:
$ telnet 22.214.171.124 27763
Connected to 126.96.36.199.
Escape character is ‘^]’
Referencing malware samples (MD5 hash):
267a7993a596998743aba38299531ff0 — AV detection: 43 / 68 (63.24%)
51059f0b8dea23a1d153ae103abd2e50 — AV detection: 28 / 66 (42.42%)
a69fd26cb9d1bc4955ed27b20107e29f — AV detection: 30 / 68 (44.12%)