[Abuse #VLQXRWTKCF] Abusive use of your service ns303036.ip-188-165-247.eu


The hosting of an abusive content (Phishing) on your dedicated server ns303036.ip-188-165-247.eu has been reported to or noticed by our Abuse Team.

Technical details (such as URLs) showing the aforementioned problem follow :

— start of the technical details —
\— about — 247.rbx.abcvg.ovh \— description follows — IP Serveur OVH :

Cette IP a t repre effectuant des attaques de phishing labors via google docs dans le corps de leur mails.
Les domaines utiliss pointant vers cette ip sont les suivantes :


Les domaines sont redirigs avec dnsmadeeasy.com

Merci d.effectuer le blocage de cet utilisateur malveillant. \— logs follow — Return-Path: <email-removed@provider.com>
Received: from lmtpproxyd (imesp334 [])
by backend8 (Cyrus v2.3.16) with LMTPA;
Tue, 10 Nov 2020 07:40:50 +0100
X-Sieve: CMU Sieve 2.3
Received: from imesp334.bercy.cp (localhost [])
by imesp334 (Cyrus v2.3.16-Debian-2.3.16-1dgfip2) with LMTPA;
Tue, 10 Nov 2020 07:40:50 +0100
Received: from localhost (localhost [])
by imesp334.bercy.cp (Postfix) with ESMTP id 1E5E612817C
for <email-removed@provider.com>; Tue, 10 Nov 2020 07:40:50 +0100 (CET)
X-Virus-Scanned: amavisd-new at dgfip.finances.gouv.fr
Received: from imesp334.bercy.cp ([])
by localhost (imesp334.bercy.cp []) (amavisd-new, port 10024)
with ESMTP id 7yi-r+Lajdef for <email-removed@provider.com>;
Tue, 10 Nov 2020 07:40:49 +0100 (CET)
Received: from [] (unknown [])
by imesp334.bercy.cp (Postfix) with ESMTP id B8F53128177
for <email-removed@provider.com.>; Tue, 10 Nov 2020 07:40:49 +0100 (CET)
Subject: Fwd: Sopra Steria Notification
References: <email-removed@provider.com>
To: email-removed@provider.com
From: «GAVEN Samuel (DGFiP — DG — Bureau CF-1C)»
X-Forwarded-Message-Id: <email-removed@provider.com>
Message-ID: <email-removed@provider.com>
Date: Tue, 10 Nov 2020 07:40:49 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
MIME-Version: 1.0
In-Reply-To: <email-removed@provider.com>
Content-Type: multipart/alternative;

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit


8me message suspect

\——— Message transfr ———
*Sujet :* Sopra Steria Notification
*De :* Keavy Bryant <email-removed@provider.com>
*Pour :* Gaven Samuel (75) <email-removed@provider.com>

*Date :* Lundi 09 Novembre 2020, 23:24

Good morning GAVEN Samuel!
There will be no payments at the end of the month due to a complaint
from our client. The application was registered by our chief accountant,
we will deduct it from you.

A copy of the document:
(copy and paste to the browser)

Sopra Steria Notification

Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit


<meta http-equiv=»content-type» content=»text/html; charset=utf-8″>
<body smarttemplateinserted=»true»>
<div id=»smartTemplate4-template»>Bonjour,<br>
8me message suspect en provenance de notre prestataire SOPRA qui
je le rappelle a fait l.objet d.une attaque suite la
compromission de ses serveurs de messagerie. </div>
<div id=»smartTemplate4-quoteHeader»><br>
\——— Message transfr ———<br>
<b>Sujet :</b> Sopra Steria Notification<br>
<b>De :</b> Keavy Bryant
<a class=»moz-txt-link-rfc2396E» href=»mailto:email-removed@provider.com»><email-removed@provider.com></a><br>
<b>Pour :</b> Gaven Samuel (75)
<a class=»moz-txt-link-rfc2396E» href=»mailto:email-removed@provider.com»><email-removed@provider.com></a><br>
<b>Date :</b> Lundi 09 Novembre 2020, 23:24<br>
<div class=»moz-forward-container»>
<meta http-equiv=»Content-Type» content=»text/html; charset=utf-8″>
<div align=»left»><font face=»Arial» size=»2″><font
<p><font size=»3″>Good morning GAVEN Samuel!<br>
There will be no payments at the end of themonth due to
a complaint from our client. The application was
registered by our chief accountant, we will deduct it
from you.</font></p>
<p><font size=»3″>A copy of the document: <a
(copy and paste to the browser)<br>
<p><font size=»3″>Sopra Steria Notification</font></p>


Category: phishing \— Forwarded email(s) —

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.


The OVHcloud Abuse team.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *