Poneytelecom.eu / Online SAS: Hosting Botnets, Scrappers, Spammers and Hacking Scripts

For the last two years we had almost daily attacks from specific IPs. All kind of attacks like targeting WordPress sites and WP plugin vulnerabilities. More than 3-4 per day. The IPs belong to Poneytelecom.eu but their webpage redirects to Online SAS in France. They “claim” to be a hosting company, offering also dedicated servers. ROFL.

Online SAS – BP 438 – 75366 Paris CEDEX 08 – RCS Paris B 433 115 904

There is plenty of information about the above if you google “PoneyTelecom.eu”. A lot of people are reporting server abuse and hacking attempts from Online SAS / Iliad-Entreprises IPs.

poneytelecomSo we decided to use their abuse ticketing and see what happens. We did that for a hundred times and the result was the same, a reply that the “issue has be resolved”. And after a few days we got a new attack for some-kind.

This must be one of the worst hosting companies i have ever seen. And it is rather strange because they are located in France and not in Ukraine. France is a European country, am i right ? They do have laws in France, don’t they ?

online_sasI think Online SAS / PoneyTelecom.eu / Iliad-Entreprises (or whatever other funny names they have) are just a hosting company that tolerate spamming, hacking tools hosting and botnets. So they have built a reputation for that and they attract all kind of illegal internet activities.

So i will dedicate a few pages and comments for that crappy ONLINE SAS French company. With details, IPs and their reply. If i was in France i would sue them also, since we have huge log file just for them.

Here is a small sample from their attacks. At some point we will (try to) block all their IPs since all those daily attacks pose heavy load to our server and sites.


You can also discuss this topic in our Forums.

24 thoughts on “Poneytelecom.eu / Online SAS: Hosting Botnets, Scrappers, Spammers and Hacking Scripts”

  1. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.243.5.

    We have record it with reference A-147850.

    +++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147850 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

  2. Johannes de Sacrobosco says:

    https://www.webiron.com/abuse_feed/abuse@poneytelecom.eu

    ++++++++++++++++++++++++++++++++++++++++++++++

    Log Entry Type Log Time Attacker IP Entry E-mails Log Message Deliverable Days Unresolved Incidents Reported
    Abuse Report 2016-12-14 18:42:43.786349-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-14 12:17:58.665828-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-14 10:56:40.608547-07 195.154.199.66 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 7 2
    Abuse Report 2016-12-14 01:21:52.126621-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 6 1
    Abuse Report 2016-12-13 23:10:12.024626-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-13 19:38:42.014329-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-13 18:38:17.764191-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-13 16:30:50.296793-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 8
    Abuse Report 2016-12-13 15:30:19.559916-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 4
    Abuse Report 2016-12-13 05:50:15.918965-07 62.210.181.123 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 18 4
    Abuse Report 2016-12-13 05:21:41.571184-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-13 04:10:12.88143-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 8
    Abuse Report 2016-12-12 21:01:18.727503-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-12 19:27:49.68767-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-12 11:18:05.548131-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-12 09:34:32.646145-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-12 08:34:18.466089-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-12 08:15:29.851967-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net WordPress Login Brute Force Yes 6 1
    Abuse Report 2016-12-12 02:17:08.518169-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
    Abuse Report 2016-12-12 01:38:25.555638-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-11 22:58:04.456671-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 1
    Abuse Report 2016-12-11 18:10:00.269185-07 [ Exit Nickname: Unnamed Request Port: 443 Direct Port: 80 Node Flags: Exit(E), Fast(F), Guard(G), Running(R), Stable(S), 2Dir(D), Valid(V) Node Version: Tor 0.2.8.10 Node Uptime: 0 days 0 hours 0 minutes and 0 seconds Node Contact: ] 62.210.105.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Fake Referrer Log SPAM Bot Yes 24 1
    Abuse Report 2016-12-11 10:10:55.091429-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 100 8
    Abuse Report 2016-12-11 09:08:52.383624-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 1
    Abuse Report 2016-12-11 07:48:00.563678-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 4
    Abuse Report 2016-12-11 03:59:01.362883-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Host banned for sending known botnet or exploit commands,
    Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 6 8
    Abuse Report 2016-12-11 02:58:31.413922-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Client software detected as known botware.,
    Host banned for sending known botnet or exploit commands,
    Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 6 139
    Abuse Report 2016-12-11 01:57:58.939877-07 62.210.188.38 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Client software detected as known botware. Yes 6 4
    Abuse Report 2016-12-10 02:12:01.046057-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
    Abuse Report 2016-12-10 00:56:22.323547-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-09 23:00:34.114174-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
    Abuse Report 2016-12-09 20:57:44.148808-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
    Abuse Report 2016-12-09 19:57:29.02198-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 100 6
    Abuse Report 2016-12-09 09:05:12.576721-07 195.154.191.64 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes <3 2
    Abuse Report 2016-12-09 07:54:07.438495-07 62.210.162.219 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 100 3
    Abuse Report 2016-12-09 02:39:52.632817-07 195.154.194.116 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 207 2
    Abuse Report 2016-12-08 20:31:02.095917-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 4
    Abuse Report 2016-12-08 17:24:53.999326-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-08 16:57:18.207292-07 195.154.191.64 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes <3 2
    Abuse Report 2016-12-08 15:34:34.67386-07 195.154.251.212 (lookup) abuse@poneytelecom.eu, abuse@proxad.net WordPress Orphan Malware Scanner,
    Host banned for attempting to execute malware uploaded via WordPress upload vulnerabilities. Yes 4 10
    Abuse Report 2016-12-08 11:16:50.319823-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 6 1
    Abuse Report 2016-12-08 11:03:41.454518-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
    Abuse Report 2016-12-08 10:30:06.223136-07 195.154.253.233 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-08 09:24:16.962794-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 8 2
    Abuse Report 2016-12-08 09:22:56.395635-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 6 2
    Abuse Report 2016-12-08 07:55:40.902728-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
    Abuse Report 2016-12-08 07:11:50.183156-07 195.154.194.192 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes 6 2
    Abuse Report 2016-12-08 06:41:34.801258-07 195.154.199.154 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Orphan Malware Scanner (/f??? /f???/trackback hello-world) Yes 8 1
    Abuse Report 2016-12-08 05:20:24.144573-07 195.154.251.212 (lookup) abuse@poneytelecom.eu, abuse@proxad.net Host banned for sending known botnet or exploit commands Yes 4 1
    Abuse Report 2016-12-08 05:05:03.22881-07 195.154.199.66 (lookup) abuse@poneytelecom.eu, abuse@proxad.net URL Redirection Link Spam Bot Yes

  3. Ulind says:

    For months now I have received regular spam from what is fairly obviously criminal Russian spammers (.ru domains, register anonymously in Russia and so on).

    The spam comes from a serial spammer in Turkey, Turk Telecom (who ignore reports), but the domains are hosted by poneytelecom.eu which in turn is a client of Proxad.net, and Tiscali.fr (a fake domain). Proxad is a free.fr/online.net front and while there is an abuse address for proxad they never acknowledge complaints nor do they act on reports about the criminals they host, even after a hundred or more reports to them, on the same spammer, although with similar domains like

    rxjun.ru

    pillmedsuse.ru

    which sent me 10 junk emails with these two domains just today, and about the same every day. There are many more similar domains, all .ru and all hosted by Proxad/online. Incidentally also, a registered contact for online.net is hebergement@online.net, which is a nonexistent email.

    I did once receive a response from a jerk at free.fr, which essentially called my issue a non issue as follows:

    Francois Petillon said:

    “I am working for free.fr (ISP) and part of my job is to take care of

    free.fr mail servers. If you had issues with any other part of Iliad
    business (“proxad.net” is just the name of the network), I just can’t help.”

    That’s it. Francois works for Proxad (which is just a name, he says), but doesn’t have a clue (or the initiative, or care) to forward the problem to anyone.

    So, the question is; is Proxad/Online/Free/Iliad/Poneytelcom a spammer organization, or not?

  4. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.243.5.

    We have record it with reference A-147763.

    +++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147763 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

  5. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.181.162.

    We have record it with reference A-147660.

    ++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147660 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

Leave a Reply

Your email address will not be published. Required fields are marked *