OVH Community

Welcome to your community space. Ask questions, search for information, post content, and interact with other OVH Community members.

Phishing page takedown assistance


#1

Hi,

I’ve been trying to get OVH to remove a phishing page for well over a month now. I’ve submitted multiple abuse forms, emailed the abuse team, called OVH, spoken to their social media team, and still it’s up.

If someone could explain to me how I get them to act or why it’s still active after all of this time, I’d very much appreciate it.

URL: hxxps://voicemailsecure.razzamatazz[.]ca/voicemailsecurity%253DOutlookmicrosoftoffice365secureteamsrc%253D33565%2526utm_source%253Dproductnews%2526utm_voicemailserverssystemmedium%253Dprotectemail%2526utm_campaign-outlook365verify%253Dus-bluebeam%2526utm_content%25jan

IP: 66.70.179.19 (OVH SAS)

Many thanks!


#2

Wrong category over here. The DNS of razzamatazz.ca has been registered with GoDaddy, not with OVH.

Also, razzamatazz.ca itself seems to host a dance club on yet-another-wordpress, the club has a few mentions in Canadian press so it seems to exist in some small location in MB, so either this is a cleverly crafted web-site contrary to what I’d call a rather unmotivated cheap-shot at a Microsoft login fake page. I’d guess some unexperienced let’s-do-a-website guy got hacked, did you try to inform Razzamatazz themselves? Did you inform the DNS guys?
Also, that IP is not wildly popular in abusal databases as it seems, and this simple webpage display is the minor damage as opposed to whatever is telling the naïve users out there to click that link, most probably mailing, was the mailing server reported?

Just saying. Asking the wrong DNS provider to take down a domain in this case seems like firing the flak at a penguin (a bird that cannot fly), maybe try to take the right path in you reports (to OVH as well as they are the hoster of the machine(s) behind) and then perhaps actions and responses are being taken more quickly :slight_smile:

Finally, this part of the OVH forums appear quite deserted to me nowadays. So yeah, taking the right steps on the direct reporting path to me now seems to be the most fertile approach.

I’m not an OVH employee, I’m just a small customer.


#3

Thanks Lirion,

Where are you getting GoDaddy from? Every service that I’ve put that domain through has pointed towards OVH. I will submit it to GoDaddy just in case, it certainly can’t hurt.

It’s a legitimate website but it’s clearly been compromised to host a phishing page. It’s a huge problem, in fact most of the phishing pages I deal with these days are compromised WordPress accounts. I have attempted to contact the website owner multiple times to report the phish.

All the best.


#4

$ whois razzamatazz.ca|grep -A2 Registrar
Registrar:
Name: Go Daddy Domains Canada, Inc
Number: 2316042

Also: yeah, if the domain owner is rather quiet about this I also deem a takedown request the best approach, since a server that has already been compromised is basically a what-comes-next instance if nobody cares. Being entirely unreachable sometimes resolves phases of inactivity, then :smirk: