Hello,
An abusive behaviour (Phishing) originating from your dedicated server ns3035079.ip-149-202-95.eu has been reported to or noticed by our Abuse Team.
Technical details showing the aforementioned problem follow :
— start of the technical details —
TLP AMBER
Hello,
As a result of proactive measures undertaken by the National Cyber Security
Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 [
hostname: ns3035079.ip-149-202-95.eu ] is involved in an email-based phishing
cybersecurity incident, belonging to the submission server used by the
attacker to submit a fraudulent email impersonating the company OLX [ official
domain: olx.ro ], directing users to a fraudulent page requesting card
details, including the CVV/CVC, under the false pretense that this information
is required to receive a payment for a product listed for sale by them on the
OLX website.
We request that you take the necessary steps to resolve this incident as soon
as possible and inform us of the outcome of your activities.
——————— DETAILS ————————-
Submission server IP: 149.202.95.232
Hostname: ns3035079.ip-149-202-95.eu
Please find attached the reported email, headers included.
Please note that you are receiving this e-mail because you are a contact
person for the IP in question (WHOIS records).
Regards,
Directorate General Technical Operations
The Romanian National Cyber Security Directorate
[TLP AMBER].This is confidential information. Recipients may share this
information only with members of their own organization who need to know, and
only as much as necessary to act on the information (More on classification:
https://www.first.org/tlp/).
TLP AMBER
Hello,
As a result of proactive measures undertaken by the National Cyber Security Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 [ hostname: ns3035079.ip-149-202-95.eu ] is involved in an email-based phishing cybersecurity incident, belonging to the submission server used by the attacker to submit a fraudulent email impersonating the company OLX [ official domain: olx.ro ], directing users to a fraudulent page requesting card details, including the CVV/CVC, under the false pretense that this information is required to receive a payment for a product listed for sale by them on the OLX website.
We request that you take the necessary steps to resolve this incident as soon as possible and inform us of the outcome of your activities.
——————— DETAILS ————————-
Submission server IP: 149.202.95.232
Hostname: ns3035079.ip-149-202-95.eu
——————————————————
Please find attached the reported email, headers included.
Please note that you are receiving this e-mail because you are a contact person for the IP in question (WHOIS records).
Regards,
Directorate General Technical Operations
———————————————-
The Romanian National Cyber Security Directorate
[TLP AMBER].This is confidential information. Recipients may share this information only with members of their own organization who need to know, and only as much as necessary to act on the information (More on classification: https://www.first.org/tlp/).
— end of the technical details —
Your should investigate and fix this problem, as it constitutes a violation to our terms of service.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Cordially,
The OVHcloud Trust & Safety team.
