[Abuse #JRWGZCBHTK] Abusive use of your service ip-213.32.93.216/29

Hello,

An abusive behaviour (Spam) originating from your IP ip-213.32.93.216/29 has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —
Hello ovh.net Abuse Desk,

This is an automated message from the Spamhaus Block List (SBL) database
to advise you that the IP below has been added to sbl.spamhaus.org:

IP/cidr: 213.32.93.218

Problem: *** BOTNET CONTROLLER LISTING ***

IcedID botnet controller @213.32.93.218

SBL Ref: SBL428802

The reason for listing the IP address(es) is explained at the url:
https://www.spamhaus.org/sbl/query/SBL428802
— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVH Abuse team.

SpamHAUS:

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 213.32.93.218 on port 443 TCP:
$ telnet 213.32.93.218 443
Trying 213.32.93.218…
Connected to 213.32.93.218.
Escape character is ‘^]’

$ nslookup 213.32.93.218
45.gra1.ovh.abcd.network

Other malicious domain names hosted on this IP address:
iamther.org 213.32.93.218
ipswine.pw 213.32.93.218
listmyfloor.com 213.32.93.218