Hello,
An abusive behaviour (Phishing) originating from your dedicated server ns3035079.ip-149-202-95.eu has been reported to or noticed by our Abuse Team.
As explained in a previous message, this problem requires immediate action.
Should the abusive behavior continue, we would be forced to suspend your service, as per our Terms.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.
Technical details showing the aforementioned problem follow :
— start of the technical details —
TLP AMBER
Hello,
As a result of proactive measures undertaken by the National Cyber Security
Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 is
involved in a phishing cybersecurity incident, as the originating IP for
emails impersonating the company OLX [ official domain: olx.ro ] and
directing users to an attacker-controlled fraudulent website asking them for
their bank card details, including CVV/CVC, under the false pretense that this
information is required to received a payment for a product listed for sale by
the victims on OLX. . We are receiving multiple phishing emails originating
from this IP.
We request that you take the necessary steps to resolve this incident as soon
as possible and inform us of the outcome of your activities.
——————— DETAILS ————————-
Originating IP: 149.202.95.232
Sender email address: informatii@verkaufen19293.info
Outgoing mail server: 159.135.228.30
Please find attached the reported email, headers included, in a .zip archive.
Please note that you are receiving this e-mail because you are a contact
person for the IP in question (WHOIS records).
Regards,
Directorate General Technical Operations
The Romanian National Cyber Security Directorate
[TLP AMBER].This is confidential information. Recipients may share this
information only with members of their own organization who need to know, and
only as much as necessary to act on the information (More on classification:
https://www.first.org/tlp/).
TLP AMBER
Hello,
As a result of proactive measures undertaken by the National Cyber Security Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 is involved in a phishing cybersecurity incident, as the originating IP for emails impersonating the company OLX [ official domain: olx.ro ] and directing users to an attacker-controlled fraudulent website asking them for their bank card details, including CVV/CVC, under the false pretense that this information is required to received a payment for a product listed for sale by the victims on OLX. . We are receiving multiple phishing emails originating from this IP.
We request that you take the necessary steps to resolve this incident as soon as possible and inform us of the outcome of your activities.
——————— DETAILS ————————-
Originating IP: 149.202.95.232
Sender email address: informatii@verkaufen19293.info
Outgoing mail server: 159.135.228.30
——————————————————
Please find attached the reported email, headers included, in a .zip archive.
Please note that you are receiving this e-mail because you are a contact person for the IP in question (WHOIS records).
Regards,
Directorate General Technical Operations
———————————————-
The Romanian National Cyber Security Directorate
[TLP AMBER].This is confidential information. Recipients may share this information only with members of their own organization who need to know, and only as much as necessary to act on the information (More on classification: https://www.first.org/tlp/).
— end of the technical details —
Cordially,
The OVHcloud Trust & Safety team.
