-
Posts
-
This is Nicolás Moret from Hispasec Sistemas, an international IT security company.
I’m contacting you because we have detected a phishing hosted on your servers.
IP address: 151.139.128.10
URLs:
* hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc
* hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/loading.php?id=1
* hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/phone.php
* hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/sms.php
* hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/se/ac/The fraudulent page is trying to simulate an official banking website in order to steal passwords of online banking users.
Proof of fraudulent activities:
* https://www.virustotal.com/gui/url/7131a972bdace3ac8e8f68f8154316645b8916ed328f6732d483ec2bd24a49a4The official site(s) is(are):
* caixabank.esPlease, remove the fraudulent content as soon as possible.
Thank you in advance.
Hi Hispasec Sistemas,
Thank for reaching out to report this Cloud WordPress concern. We have an Abuse Hotline that you can report this issue to directly and we will have it addressed immediately.
We appreciate you for notifying us of this suspicious activity.
- The topic ‘[URGENT] Phishing hosted on your servers ( 151.139.128.10 – demo3.cloudwp.dev )’ is closed to new replies.
