[Abuse #MRKXFGCVZW] OVH: SBL notification

Hello,

Your service ip-51.91.193.176/29 has been reported as a high threat for OVH’s Network by Spamhaus.

The Spamhaus Project is an international nonprofit organization that monitors spam and related cyber threats such as phishing, malware and botnets.

Technical details showing the aforementioned problem below.

You should investigate and fix this issue as fast as possible, as it constitutes a violation of our terms of service.

In order to fix this issue, we recommend you to follow the following steps :

1. Reinstall a previous safe backup of the reported service, otherwise, delete every suspicious files to avoid being infected afterward.
2. Change your password (FTP, CMS, Database, …).
3. Update / Upgrade your CMS and / or Operating System to install the new vulnerability patches.
4. Be sure that every single threat has been removed before any reply.

If you need assistance, you can reach our support or contact an IT professional.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Until then, we might have to suspend your service to protect our network.

Cordially,

The OVH Abuse team.


— start of the technical details —

————————————————————————
SBL540928 — The Spamhaus Project — SBL International Anti-Spam System
————————————————————————

Hello ovh.net Abuse Desk,

This is an automated message from the Spamhaus Block List (SBL) database
to advise that the IP below has been added to sbl.spamhaus.org:

IP/cidr: 51.91.193.177

Problem: *** BOTNET CONTROLLER LISTING ***

DCRat botnet controller @51.91.193.177

SBL Ref: SBL540928

The reason for listing the IP address(es) is explained at the url:
https://www.spamhaus.org/sbl/query/SBL540928

— end of the technical details —


The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

DCRat botnet controller located at 51.91.193.177 on port 80 (using HTTP GET):
http://51.91.193.177/uploads/requestApidblinuxCdn.php

$ nslookup 51.91.193.177
2-i7-6700k-w-2-hosted-by.hshp.ovh

Referencing malware binaries (MD5 hash):
58cfa3457f3b836c80deee4ca88e49c0 — AV detection: 39 / 65 (60.00)
939ee300c70baf644fb57b5d956d02d6 — AV detection: 21 / 68 (30.88)
9884f13df8b19b9f16ad9eab7c4d411b — AV detection: 24 / 68 (35.29)
9c7adc45cf73dd66cbd6f9cee81f0bb9 — AV detection: 26 / 69 (37.68)
a6cfb10c2d19aedfd94c7ebe64af00d7 — AV detection: 20 / 63 (31.75)
b1f117279a9bfb4feda8f952e4da8b64 — AV detection: 33 / 68 (48.53)

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *