Regarding AS48666 MAROSNET Telecommunication Company LLC,

Phishing URL: http://barrierfenceco[.]xyz/upd/

IP: 178.159.36.182 

Phishing URL: https://abbahaircareproducts[.]xyz/gsodjif/index.php 

IP: 91.234.99.117 

route: 91.234.99.0/24
descr: Client's network
descr: Russia, Moscow
origin: AS48666
mnt-by: MNT-MAROSNET
created: 2020-01-12T18:42:46Z
last-modified: 2020-01-12T18:42:46Z
source: RIPE

route: 178.159.36.0/24

descr: Client's network

origin: AS48666
mnt-by: MAROSNET-MNT
created: 2016-10-26T15:40:48Z
last-modified: 2016-10-26T15:40:48Z
source: RIPE

This provider has no publicly accessible website and is unreachable. The email address listed on RIPE as info at marosnet2.ru bounces.

It is the provider of autonomous ranges, including that including IP 178.159.36.182 and 91.234.99.117 which is being used to host a plethora of phishing websites.

https://ipinfo.io/AS48666 reveals AS48666 sub-lets to "Private Internet Hosting LTD" who has sub-let to the phisher themself.

--