[URGENT] Phishing hosted on your servers ( 151.139.128.10 – demo3.cloudwp.dev )

Posted on by

Tagged: ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 30, 2023 at 2:28 pm #77559
    Hispasec Sistemas
    Guest

    This is Nicolás Moret from Hispasec Sistemas, an international IT security company.

    I’m contacting you because we have detected a phishing hosted on your servers.

    IP address: 151.139.128.10

    URLs:
    * hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc
    * hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/loading.php?id=1
    * hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/phone.php
    * hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/salc/sms.php
    * hxxps://demo3[.]cloudwp[.]dev/trial-t37t3wx0/wp-content/plugins/se/ac/

    The fraudulent page is trying to simulate an official banking website in order to steal passwords of online banking users.

    Proof of fraudulent activities:
    * https://www.virustotal.com/gui/url/7131a972bdace3ac8e8f68f8154316645b8916ed328f6732d483ec2bd24a49a4

    The official site(s) is(are):
    * caixabank.es

    Please, remove the fraudulent content as soon as possible.

    Thank you in advance.

    January 30, 2023 at 2:28 pm #77719
    Brandon C
    Keymaster

    Hi Hispasec Sistemas,

    Thank for reaching out to report this Cloud WordPress concern. We have an Abuse Hotline that you can report this issue to directly and we will have it addressed immediately.

    We appreciate you for notifying us of this suspicious activity.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • The topic ‘[URGENT] Phishing hosted on your servers ( 151.139.128.10 – demo3.cloudwp.dev )’ is closed to new replies.

Looking For Something Else?

white icon monitor tablet phone displayBoldGrid Help for
Designers and Developers
white icon of screwdriver wrench rulerBoldGrid for eCommerce
white icon server stackBoldGrid for Hosts