Events with this classification type identify a system that was likely involved in exchanging copyright protected material. These are usually movies, music, games, books, etc. The definition, legal basis and enforcement for distributing copyright protected material might differ. Unless otherwise specified, it is illegal to distribute copyright protected material under Swiss law.

The system identified by source most likely downloaded or distributed copyright protected material.


  • Please handle the incident according to your policies and guidelines.

Events with this classification type identify a website that was likely involved in a phishing attack. Falsified login pages of well known internet services like social media, web shops, e-banking, etc. are used by criminals to trick the users into filling their access credentials, allowing them to steal the victims identity. Phishing websites often look very much like the original they impersonate that it is easy to be fooled.

Stealing credentials often gives the criminals not only access to one service, but since most services use the email address as login and most users use the same or similar passwords it is often possible to access other services as well, or with access to the email account simply reset the passwords.

Such access allows the attacker to impersonate the victim, which can be used in many different ways. Performing fraudulent transactions at the victim's expense, e.g. bank transfer or oderdering goods. It might also be used to access other resources, e.g. company documents. It is also possible to launch a phishing attack to the direct contacts of the victim, which are likely to trust the sent information.

The system identified by source is most likely abused for hosting a website impersonating a well known internet service. Most commonly this is done by adding the content on the web server or including it, meaning the attackers are likely to have access to the system or service. The system or service should be regarded or service as compromised, until further investigation has proven otherwise.


  • Get professional assistance from your hosting provider or webmaster to remove or block the abusive content.
  • Restrict access to the website immediately to prevent more users falling victim.
  • Change the access credentials of potentially affected users.
  • Check for unusual activity in the logs.
  • Change the access credentials
  • Experienced IT users can search for the folders or scripts containing or adding the phishing content to their website. This is best done by accessing the content through the FTP address, rather than the web browser.