[Abuse #VPZXSCLQMW] Abusive use of your service ns383420.ip-5-196-72.eu

Hello,

An abusive behaviour (Spam) originating from your dedicated server ns383420.ip-5-196-72.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —
Hello ovh.net Abuse Desk,

This is an automated message from the Spamhaus Block List (SBL) database
to advise you that the IP below has been added to sbl.spamhaus.org:

IP/cidr: 5.196.72.21

Problem: Malware DNS server @5.196.72.21

SBL Ref: SBL431091

The reason for listing the IP address(es) is explained at the url:
https://www.spamhaus.org/sbl/query/SBL431091
— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVH Abuse team.

SpamHaus данные:

The host at this IP address is running a DNS server for the OpenNIC project and is currently being (ab)used by miscreants to provide DNS resolution to botnet controller domain names, used to control infected computers (bots).

Example, AZORult botnet controller located at s63.bit on port 80 (using HTTP POST):
hXXp://s63.bit/index.php

DNS resolution provided by 5.196.72.21:

$ dig +short s63.bit @5.196.72.21
163.172.91.242

163.172.91.242 is listed on Spamhaus SBL and BCL for hosting a AZORult botnet controller:
https://www.spamhaus.org/sbl/query/SBL430660