Poneytelecom.eu / Online SAS: Hosting Botnets, Scrappers, Spammers and Hacking Scripts

For the last two years we had almost daily attacks from specific IPs. All kind of attacks like targeting WordPress sites and WP plugin vulnerabilities. More than 3-4 per day. The IPs belong to Poneytelecom.eu but their webpage redirects to Online SAS in France. They “claim” to be a hosting company, offering also dedicated servers. ROFL.

Online SAS – BP 438 – 75366 Paris CEDEX 08 – RCS Paris B 433 115 904

There is plenty of information about the above if you google “PoneyTelecom.eu”. A lot of people are reporting server abuse and hacking attempts from Online SAS / Iliad-Entreprises IPs.

poneytelecomSo we decided to use their abuse ticketing and see what happens. We did that for a hundred times and the result was the same, a reply that the “issue has be resolved”. And after a few days we got a new attack for some-kind.

This must be one of the worst hosting companies i have ever seen. And it is rather strange because they are located in France and not in Ukraine. France is a European country, am i right ? They do have laws in France, don’t they ?

online_sasI think Online SAS / PoneyTelecom.eu / Iliad-Entreprises (or whatever other funny names they have) are just a hosting company that tolerate spamming, hacking tools hosting and botnets. So they have built a reputation for that and they attract all kind of illegal internet activities.

So i will dedicate a few pages and comments for that crappy ONLINE SAS French company. With details, IPs and their reply. If i was in France i would sue them also, since we have huge log file just for them.

Here is a small sample from their attacks. At some point we will (try to) block all their IPs since all those daily attacks pose heavy load to our server and sites.


You can also discuss this topic in our Forums.

24 thoughts on “Poneytelecom.eu / Online SAS: Hosting Botnets, Scrappers, Spammers and Hacking Scripts”

  1. Johannes de Sacrobosco says:

    #: 73352 @: Tue, 20 Dec 2016 12:42:34 -0500

    Host: 195-154-182-171.rev.poneytelecom.eu

    IP: 195.154.182.171

    Score: 5

    Violation count: 1 INSTA-BANNED

    Why blocked: ONLINE S.A.S.; Access denied (ASN-12876-ONLINESAS-3). Bot Detection, INSTA-BAN (IB-004). Phishing WordPress config file. INSTA-BAN (IB-0078). Directory traversal attackHeavy hit. INSTA-BAN.

    Query: files=../../../../wp-config.php

    Referer:

    User Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko

    Reconstructed URL: http:// www . website . com /wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php

    1. Johannes de Sacrobosco says:

      ONLINE SAS
      Technical assistance
      BP 438 – 75366 Paris CEDEX 08
      France

      Tel: 01 84 13 00 00

      Subject : Abuse request

      Dear Sir or Madam,

      Thank you for your abuse request on server ip address 195.154.182.171.

      We have record it with reference A-148173.

      ONLINE SAS
      Technical assistance
      BP 438 – 75366 Paris CEDEX 08
      France

      Tel: 01 84 13 00 00

      Subject : Abuse notification resolved

      Dear Sir or Madam,

      Your abuse number 148173 is now closed.

      Here is a comment left by our customer:
      —————————————————————-

      It has been resolved.

      —————————————————————-

  2. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.181.15.

    We have record it with reference A-148013.

    +++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 148013 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

  3. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.243.5.

    We have record it with reference A-147988.

    ++++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147988 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

  4. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.181.162.

    We have record it with reference A-147987.

    +++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147987 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

  5. Johannes de Sacrobosco says:

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse request

    Dear Sir or Madam,

    Thank you for your abuse request on server ip address 195.154.243.5.

    We have record it with reference A-147913.

    ++++++++++++++++++++++++++++++++++

    ONLINE SAS
    Technical assistance
    BP 438 – 75366 Paris CEDEX 08
    France

    Tel: 01 84 13 00 00

    Subject : Abuse notification resolved

    Dear Sir or Madam,

    Your abuse number 147913 is now closed.

    Here is a comment left by our customer:
    —————————————————————-

    It has been resolved.

    —————————————————————-

Comments are closed.