Hello,
We received a copyright infringement complaint regarding an abuse content hosted on your service.
— start of the technical details —
Cloudflare received an abuse report regarding:
rec-voice.by
Please be aware Cloudflare is a network provider offering a reverse proxy, pass-through security service. We are not a hosting provider. Cloudflare does not control the content of our customers.
The actual host for rec-voice.by are the following IP addresses. 91.121.173.85. Using the following command, you can confirm the site in question is hosted at that IP address: curl -v -H «Host: rec-voice.by» 91.121.173.85/
Below is the report we received:
Reporter: Anonymous
Reported URLs:
http://rec-voice.by/fma/
Logs or Evidence of Abuse: Hello,
We have found a website hosted on your network that is currently being used to host Android malware, called FluBot:
http://rec-voice.by/fma/ [172.67.165.98]
The file detected on this URL acts as a proxy, retrieving HTML content from the attacker’s command and control server, and serving that in turn to the visitor. The HTML content shows the intended victim a page where they can download the malware. These URLs include single-use tokens, issued by the attacker, to control access; if you try to visit this URL you will likely be redirected to a legitimate site or error page. This also prevents us taking a screenshot of the malicious page, although we are still able to detect the presence of this file using several distinctive characteristics.
Examples of the scam content served to victims are available at https://news.netcraft.com/archives/2021/08/24/flubot-targets-uk-banks.html.More information about FluBot is provided on our website, at https://news.netcraft.com/tags/flubot .
Please could you urgently remove any malicious files from the server, including the FluBot .php file, and ensure that its operating system and applications are up to date.
More information about the detected issue is provided at https://incident.netcraft.com/f02e278663ff/
Many thanks,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 31054314
Please address this issue with your customer.
Regards,
Cloudflare Trust & Safety \— Forwarded email(s) —
— end of the technical details —
Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Cordially,
The OVHcloud Abuse team.
