Hello,
An abusive behaviour (Phishing) originating from your dedicated server ns369685.ip-94-23-45.eu has been reported to or noticed by our Abuse Team.
Technical details showing the aforementioned problem follow :
— start of the technical details —
During an investigation of fraud, we discovered a compromised website (0f61352.demo.dollysites.ru) that is being used to attack our client and their customers.
In addition to the website owner, we have addressed this report to the responsible authoritative providers who have the ability to disable the malicious content in question. Based on your relationship to the content in question, please see our specific request below.
This threat has been active for at least 0.1 hours.
http://0f61352.demo.dollysites.ru/
First detection of malicious activity: 12-23-2023 19:19:22 UTC
Most recent observation of malicious activity: 12-23-2023 19:28:12 UTC
Associated IP Addresses:
94.23.45.43
=== HOSTING PROVIDER ===
If you agree that this is malicious, we kindly request that you take steps to have the content removed as soon as possible. It is highly likely that the intruder who set up this phishing content has also left additional fraudulent material on this server such as illegitimate access points.
=== WEBSITE OWNER ===
We recommend taking the following actions to secure the web site and prevent the attackers from returning:
— Update your web applications including CMS, blog, ecommerce, and other applications (and all add-on modules/components/plugins).
— Search all of your web directories for suspicious files as attackers commonly leave backdoors.
— Scan the computer from which you login to your web hosting control panel or ftp server with anti-virus software.
— Change your web hosting provider if this is an ongoing issue.
If your provider has disabled your account because of this incident, you must coordinate a resolution with them directly as PhishLabs has no control over this aspect.
If we have contacted you in error, or if there is a better way for us to report this incident, please let us know so that we may continue our investigation.
We are grateful for your assistance.
Kind regards,
SOC Team
PhishLabs Security Operations
12023866001
Available 24/7
[PL-3955612]
— end of the technical details —
Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Cordially,
The OVHcloud Trust & Safety team.
