Poneytelecom.eu / Online SAS: Hosting Botnets, Scrapers, Spammers and Hacking Scripts
UPDATE: Now Online SAS or Online.net is Scaleway. Congrats guys, nice acquisition or merger or just a rename.
For the last two years we had almost daily attacks from specific IPs. All kind of attacks like targeting WordPress sites and WP plugin vulnerabilities. More than 3-4 per day. The IPs belong to Poneytelecom.eu but their webpage redirects to Online SAS in France. They claim to be a hosting company, offering also dedicated servers. I have no idea.
Online SAS – BP 438 – 75366 Paris CEDEX 08 – RCS Paris B 433 115 904
Poneytelecom.eu is an internet server company run from France. It has been at the center of multiple allegations of organized international criminal activity. Some users have reported that this domain has been used to distribute phishing emails and other unwanted content. There have also been reports of this domain being involved in hacking SIP servers to make calls and extract money from their clients. If you’re a system administrator, it might be a good idea to block this domain and its IP ranges. Please be cautious when dealing with this domain.
There is plenty of information about the above if you Google “PoneyTelecom.eu”. A lot of people are reporting server abuse and hacking attempts from Online SAS / Iliad-Entreprises IPs.
So we decided to use their abuse ticketing and see what happens. We did that for a hundred times and the result was the same, a reply that the “issue has be resolved”. And after a few days we got a new attack for some-kind.
This must be one of the worst hosting companies i have ever seen. And it is rather strange because they are located in France and not in Ukraine or Russia. France is a European country, am i right ? They do have laws in France, don’t they?
I think Online SAS / PoneyTelecom.eu / Iliad-Entreprises (or whatever other funny names they have) is just a hosting company that tolerate spamming, hacking tools and all kind of illegal bots. So they have built a reputation for that and they attract all kind of illegal internet activities.
So i will dedicate a few pages and comments for that crappy ONLINE SAS French company. With details, IPs and their reply. If i was in France i would sue them also, since we have huge log file just for them.
Below (in the comments) we will post a small sample from their attacks. At some point we will (try to) block all their IPs since all those daily attacks pose heavy load and high risk to our site.
If you have some security script or plugin (for WordPress) that can also block SOME of Scaleway using the “hostname“, use
“*scw.cloud”
“*poneytelecom.eu“
to protect your site.
Also read Block those damn Poneytelecom.eu attackers.
IPs you SHOULD block:
51.158.0.0/16
51.15.0.0/16
Find all(?) of them here:
Ongoing, large-scale SIP attack campaign coming from Online SAS (AS12876)
A month ago, I wrote a brief, half-humorous post about stopping a SIP attack. However, the unfunny truth is I have collected enough evidence documenting an ongoing, large-scale SIP attack campaign coming from ONLINE SAS (AS12876) more commonly known as “online.net.” They are also known as “Poney Telecom” and “Scaleway” in other references.
https://www.valueweb.gr/wp-content/uploads/2021/09/Screenshot.png
Read more here:
https://badpackets.net/ongoing-large-scale-sip-attack-campaign-coming-from-online-sas-as12876/
You may have found this page because your getting hacked from a rev.poneytelecom.eu address or your receiving spam from this address range, you may even have found it due to it hosting malicious content.
More details below:
http://www.systemtek.co.uk/2017/08/blocking-poneytelecom-eu/#sthash.1nksfLQd.dpbs
“Iliad et OVH encore parmi les plus complaisants envers le spam”
http://www.journaldunet.com/solutions/securite/classement-spam-phishing-et-virus-informatiques-septembre-2011/hebergeur-et-trojan.shtml
https://www.valueweb.gr/wp-content/uploads/2017/11/Iliad-et-OVH-encore-parmi-les-plus-complaisants-envers-le-spam.png
They are still at it… I’m based in Tokyo – my “lab” is based in my home..
Oct 13 07:47:50 gw01 sshd[3125]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 60897:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:47:52 gw01 sshd[3127]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 56461:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:47:54 gw01 sshd[3134]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 63235:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:47:56 gw01 sshd[3136]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 52934:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:47:57 gw01 sshd[3138]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 57853:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:47:59 gw01 sshd[3140]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 64222:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:48:01 gw01 sshd[3148]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 51781:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:48:03 gw01 sshd[3150]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 58323:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:48:06 gw01 sshd[3152]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 49863:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Oct 13 07:48:08 gw01 sshd[3154]: [ID 800047 auth.error] error: Received disconnect from 195.154.51.223 port 55177:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
and more….
I think we all got the picture of what Online.net / Poneytelecon.eu actually is. We have put a total block to all their IPs since they seem to ignore their tickets and just reply “resolved” without doing anything.
I will try to post all here their IPs so anyone can block them.
163.172.0.0 – 163.172.255.255 // 163-172-14-235.rev.poneytelecom.eu
62.210.128.0 – 62.210.255.255 // 62-210-245-123.rev.poneytelecom.eu
Also those IPs seem to belong to them also:
195.154.0.0/16
http://archives.theinternational.org.uk/2015/12/22/spam-and-scam-report/
H.Habib@theinternational.org.uk
Spam and Scam Report with Haifa Habib brings you crowd sourced reports of the latest scams attempting to take advantage of the public.
An internet server company Poney Telecom run from France has been at the centre of multiple allegations of organised international criminal activity for over 12 months with all warnings, court summons and legal demands to be closed ignored.
The French service provider facilitates large quantities of spam to a variety of European companies from computers which can be traced back to Russia. These malicious emails should not be opened or responded to as it is common practice to embed viruses within such emails.
Contacting Poney Telecom is far from easy, however when The International‘s legal team finally did make contact they were informed by a member of staff from Poney Telecom that any criminal activity that occurs by using it’s services are “not my problem“. The staff member claiming to be able to speak on behalf of the company went on to state that they had a policy of non-compliance with authorities in or outside of the EU.
As such we advice anyone who receives emails or contact from anybody using a Poney Telecom server IPA to keep a detailed record of all contact that is made via the company. Should sufficient suspicious activity arise contact your local non-emergency police.
How to find out if Phony Telecom, sorry I mean Poney Telecom is behind a correspondence:
You will be able to find the IPA of origin fairly easily, each service provider will have a different approach as to how you may do this.
Once you have the IPA you may enter the detail into any IP address tracer such as iptrackeronline.com (many alternatives do exist) this service should be free of charge.
The name you are looking for is: rev.poneytelecom.eu
Whilst not all correspondence you receive via Poney Telecom is likely to be spam or criminal, The International has received enough complaints over the last 12 months to make it a clear red flag on anybody’s radar.
#: 73353 @: Tue, 20 Dec 2016 12:42:33 -0500
Host: 195-154-182-171.rev.poneytelecom.eu
IP: 195.154.182.171
Score: 3
Violation count: 2 INSTA-BANNED
Why blocked: Scrapers (HN-0228). ONLINE S.A.S.; Access denied (ASN-12876-ONLINESAS-3). Phishing WordPress config file. INSTA-BAN (IB-0078).
Query: action=revslider_show_image&img=../wp-config.php
Referer:
User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Reconstructed URL: http:// www . website . com /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.182.171.
We have record it with reference A-148174.
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 148174 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
#: 73352 @: Tue, 20 Dec 2016 12:42:34 -0500
Host: 195-154-182-171.rev.poneytelecom.eu
IP: 195.154.182.171
Score: 5
Violation count: 1 INSTA-BANNED
Why blocked: ONLINE S.A.S.; Access denied (ASN-12876-ONLINESAS-3). Bot Detection, INSTA-BAN (IB-004). Phishing WordPress config file. INSTA-BAN (IB-0078). Directory traversal attackHeavy hit. INSTA-BAN.
Query: files=../../../../wp-config.php
Referer:
User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Reconstructed URL: http:// www . website . com /wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.182.171.
We have record it with reference A-148173.
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 148173 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.181.15.
We have record it with reference A-148013.
+++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 148013 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.243.5.
We have record it with reference A-147988.
++++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147988 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.181.162.
We have record it with reference A-147987.
+++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147987 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.243.5.
We have record it with reference A-147913.
++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147913 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.243.5.
We have record it with reference A-147850.
+++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147850 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
https://www.webiron.com/abuse_feed/abuse@poneytelecom.eu
++++++++++++++++++++++++++++++++++++++++++++++
Log Entry Type Log Time Attacker IP Entry E-mails Log Message Deliverable Days Unresolved Incidents Reported
Abuse Report 2016-12-14 18:42:43.786349-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-14 12:17:58.665828-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-14 10:56:40.608547-07 195.154.199.66 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 7 2
Abuse Report 2016-12-14 01:21:52.126621-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 6 1
Abuse Report 2016-12-13 23:10:12.024626-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-13 19:38:42.014329-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-13 18:38:17.764191-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-13 16:30:50.296793-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 8
Abuse Report 2016-12-13 15:30:19.559916-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 4
Abuse Report 2016-12-13 05:50:15.918965-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 4
Abuse Report 2016-12-13 05:21:41.571184-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-13 04:10:12.88143-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 8
Abuse Report 2016-12-12 21:01:18.727503-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-12 19:27:49.68767-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-12 11:18:05.548131-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-12 09:34:32.646145-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-12 08:34:18.466089-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-12 08:15:29.851967-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net WordPress Login Brute Force Yes 6 1
Abuse Report 2016-12-12 02:17:08.518169-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
Abuse Report 2016-12-12 01:38:25.555638-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-11 22:58:04.456671-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 1
Abuse Report 2016-12-11 18:10:00.269185-07 [ Exit Nickname: Unnamed Request Port: 443 Direct Port: 80 Node Flags: Exit(E), Fast(F), Guard(G), Running(R), Stable(S), 2Dir(D), Valid(V) Node Version: Tor 0.2.8.10 Node Uptime: 0 days 0 hours 0 minutes and 0 seconds Node Contact: ] 62.210.105.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Fake Referrer Log SPAM Bot Yes 24 1
Abuse Report 2016-12-11 10:10:55.091429-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 100 8
Abuse Report 2016-12-11 09:08:52.383624-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 1
Abuse Report 2016-12-11 07:48:00.563678-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 4
Abuse Report 2016-12-11 03:59:01.362883-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Host banned for sending known botnet or exploit commands,
Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 6 8
Abuse Report 2016-12-11 02:58:31.413922-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Client software detected as known botware.,
Host banned for sending known botnet or exploit commands,
Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 6 139
Abuse Report 2016-12-11 01:57:58.939877-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Client software detected as known botware. Yes 6 4
Abuse Report 2016-12-10 02:12:01.046057-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
Abuse Report 2016-12-10 00:56:22.323547-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-09 23:00:34.114174-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
Abuse Report 2016-12-09 20:57:44.148808-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
Abuse Report 2016-12-09 19:57:29.02198-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
Abuse Report 2016-12-09 09:05:12.576721-07 195.154.191.64 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes <3 2
Abuse Report 2016-12-09 07:54:07.438495-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 100 3
Abuse Report 2016-12-09 02:39:52.632817-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
Abuse Report 2016-12-08 20:31:02.095917-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 4
Abuse Report 2016-12-08 17:24:53.999326-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-08 16:57:18.207292-07 195.154.191.64 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes <3 2
Abuse Report 2016-12-08 15:34:34.67386-07 195.154.251.212 (lookup) abuse@poneytelecom.eu, abuse@proxad.net WordPress Orphan Malware Scanner,
Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 4 10
Abuse Report 2016-12-08 11:16:50.319823-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 6 1
Abuse Report 2016-12-08 11:03:41.454518-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
Abuse Report 2016-12-08 10:30:06.223136-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-08 09:24:16.962794-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
Abuse Report 2016-12-08 09:22:56.395635-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 6 2
Abuse Report 2016-12-08 07:55:40.902728-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
Abuse Report 2016-12-08 07:11:50.183156-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 6 2
Abuse Report 2016-12-08 06:41:34.801258-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
Abuse Report 2016-12-08 05:20:24.144573-07 195.154.251.212 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Host banned for sending known botnet or exploit commands Yes 4 1
Abuse Report 2016-12-08 05:05:03.22881-07 195.154.199.66 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes
For months now I have received regular spam from what is fairly obviously criminal Russian spammers (.ru domains, register anonymously in Russia and so on).
The spam comes from a serial spammer in Turkey, Turk Telecom (who ignore reports), but the domains are hosted by poneytelecom.eu which in turn is a client of Proxad.net, and Tiscali.fr (a fake domain). Proxad is a free.fr/online.net front and while there is an abuse address for proxad they never acknowledge complaints nor do they act on reports about the criminals they host, even after a hundred or more reports to them, on the same spammer, although with similar domains like
rxjun.ru
pillmedsuse.ru
which sent me 10 junk emails with these two domains just today, and about the same every day. There are many more similar domains, all .ru and all hosted by Proxad/online. Incidentally also, a registered contact for online.net is hebergement@online.net, which is a nonexistent email.
I did once receive a response from a jerk at free.fr, which essentially called my issue a non issue as follows:
Francois Petillon said:
“I am working for free.fr (ISP) and part of my job is to take care of
free.fr mail servers. If you had issues with any other part of Iliad
business (“proxad.net” is just the name of the network), I just can’t help.”
That’s it. Francois works for Proxad (which is just a name, he says), but doesn’t have a clue (or the initiative, or care) to forward the problem to anyone.
So, the question is; is Proxad/Online/Free/Iliad/Poneytelcom a spammer organization, or not?
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.243.5.
We have record it with reference A-147763.
+++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147763 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.181.162.
We have record it with reference A-147660.
++++++++++++++++++++++++++++++++++
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147660 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 163.172.51.23.
We have record it with reference A-147576.
__________________________________
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147576 is now closed.
Here is a comment left by our customer:
—————————————————————-
forwarded to client for a solution
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.181.162.
We have record it with reference A-147575.
__________________________________
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 147575 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 195.154.199.154.
We have record it with reference A-146754.
___________________________________
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 146754 is now closed.
Here is a comment left by our customer:
—————————————————————-
It has been resolved.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on server ip address 62.210.75.243.
We have record it with reference A-146513.
___________________________________________
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 146513 is now closed.
Here is a comment left by our abuse team:
—————————————————————-
Service has been locked after 48 hours.
—————————————————————-
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse request
Dear Sir or Madam,
Thank you for your abuse request on failover ip address 212.129.56.90.
We have record it with reference A-146511.
___
ONLINE SAS
Technical assistance
BP 438 – 75366 Paris CEDEX 08
France
Tel: 01 84 13 00 00
Subject : Abuse notification resolved
Dear Sir or Madam,
Your abuse number 146511 is now closed.
Here is a comment left by our customer:
—————————————————————-
The email was sent as a newsletter to registered users. It seems that due to a system failure the newsletter was sent to some unsubscribed users. The failure was fixed and the email is removed from the list. We are sorry for the inconvinience
—————————————————————-