Хостинг-абузы

[Abuse #FBPBRKQVMW] Abusive use of your service ip-46.105.76.6

Vova1234 — Mon, 29 Dec 2025 18:46:42 +0000

Hello,

An abusive behaviour (Copyright) originating from your IP ip-46.105.76.6 has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Notice ID: 660dfc69d00a0b2eee62
Notice Date: 2025-12-29T21:08:12Z

OVH SAS

Dear Sir or Madam:

I certify under penalty of perjury that I am authorized to act on behalf of the Paramount Global companies CBS Broadcasting Inc., CBS Studios Inc., Paramount Pictures Corporation, Showtime Networks Inc., Viacom International, Inc., Black Entertainment Television LLC, and other Paramount Global subsidiaries and affiliates (collectively, the “Rights Owners”), the owners of certain exclusive intellectual property rights in the copyrighted work(s) identified in this notice. I have a good faith belief that the information in this notice is accurate.

We have become aware that the below IP addresses have been using your service for distributing video files, which contain infringing video content that is exclusively owned by the Rights Owners.

We have a good faith belief that the Rights Owners’ video content that is described in the below report has not been authorized for sharing or distribution by the copyright owner, its agent, or the law. Such copying and use of this material constitutes clear infringement of the Rights Owners’ rights under the Copyright Act and its counterpart laws around the world.

We are requesting your immediate assistance in removing and disabling access to the infringing material from your network. We also ask that you ensure the user and/or IP address owner refrains from future use and sharing of the Rights Owners’ materials and property.

In complying with this notice, you should not destroy any evidence that may be relevant in a lawsuit relating to the infringement alleged; including all associated electronic documents and data relating to the presence of the infringing items on your site, which shall be preserved while disabling public access, irrespective of any document retention or corporate policy to the contrary.

Nothing in this letter shall be construed as a waiver or relinquishment of any right, remedy, or claims possessed by the Rights Owners, or any affiliated party, all of which are expressly reserved.

Should you have any questions, please contact me at the information below.

Ben Sodos
Vobile, Inc.
Address: 2880 Lakeside Drive, Suite 200
Santa Clara, CA 95054, United States
Email: [email protected]
408.217.5026

660dfc69d00a0b2eee62 Open Normal Paramount Global Vobile — Compliance 2880 Lakeside Drive, Suite 200 Santa Clara, CA 95054 +1 (408) 492 1100 [email protected] OVH SAS [email protected] 2025-12-29T21:07:46Z 46.105.76.6 24623 BitTorrent 1 2025-12-29T21:07:46Z Terminator Genisys Terminator.Genisys.2015.1080p.BluRay.DTS.x264.D-Z0N3.mkv 14973306788 ff8f6496a01831e1e48168756bfa20c60374d319

——BEGIN PGP SIGNATURE——
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJpUu28AAoJEN5LM3Etqs/WgC8H/1mVkVHqok8BV9Tp02iOCek6
Z8dlWrdTraWMiqLN8Wr9yXcNCyfjTTx4/9j+Ng8pLkFy5mVizKNTPyV1EBvxGgqQ
jHB1p9Vxz2wUuvezqrJcpa/gYH+BilcgU4sxsQoUzuJh4eLuUs1p6FDDk/kMdHaA
odNAXEIHIJ543sHA3A/QCJ+AmsCwHCOnjnWIwHs/slBDavAo4+QsQVbX0NIRxO3a
Q9iO5OE5W6s2qkVarpWUfnICITxRdpVrNo9rGcnrL3S2hCU0CA+D+Rn9JvpnJ1iQ
8M0atPcZwT6C5LnpFB0Brj3ncFn6QFWYYPFQqBgtMEcART+dEIooMHCKP3TUybw=
=jRVd
——END PGP SIGNATURE——

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #LMJMBXMKNC] Abusive use of your service ip-178.32.80.148/30

Vova1234 — Fri, 28 Nov 2025 18:52:08 +0000

Hello,

An abusive behaviour (Copyright) originating from your IP ip-178.32.80.148/30 has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a DMCA copyright infringement complaint regarding wetr.xdcd.live

Please be aware Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare is generally not a website hosting provider, and we cannot remove material from the Internet that is hosted by others.

The actual host for wetr.xdcd.live are the following IP addresses. 178.32.80.148. Using the following command, you can confirm the site in question is hosted at that IP address: curl -v -H «Host: wetr.xdcd.live» 178.32.80.148/

Below is the information we received:

Reporter’s Name: Anonymous
Reporter’s Email Address: [email protected]
Reporter’s Address: Anonymous, Anonymous, Anonymous, BD

Reported URLs:
https://wetr.xdcd.live

Original Work:

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #DRGLBXBBKJ] abusive use of ns380244.ip-188-165-244.eu

Vova1234 — Fri, 21 Nov 2025 18:44:13 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns380244.ip-188-165-244.eu has been reported to or noticed by our Abuse Team.

As explained in a previous message, this problem requires immediate action.
Should the abusive behavior continue, we would be forced to suspend your service, as per our Terms.
Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a Phishing report regarding privattc.fit

The actual host for privattc.fit are the following IP addresses. 188.165.244.48. Using the following command, you can confirm the site in question is hosted at that IP address: curl -v -H «Host: privattc.fit» 188.165.244.48/

Below is the information we received:

Reporter’s Name: CERT Polska
Reporter’s Email Address: [email protected]

Reported URLs:
https://privattc.fit/l/DbwLBzXF/?b=4417&pixel=1533164031372437&campaign_id=%7B%7Bcampaign.id%7D%7D&adset_id=%7B%7Badset.id%7D%7D&ad_id=%7B%7Bad.id%7D%7D&campaign_name=%7B%7Bcampaign.name%7D%7D&adset_name=%7B%7Badset.name%7D%7D&ad_name=%7B%7Bad.name%7D%7D&placement=%7B%7Bplacement%7D%7D&site_source_name=%7B%7Bsite_source_name%7D%7D&fbclid=IwY2xjawOHscZleHRuA2FlbQIxMABicmlkETF1UlI0UDh3dGFITmM1OFVyc3J0YwZhcHBfaWQPNTQxNjM5NDkzODg5MDI1CGNhbGxzaXRlATIAAR4Wr5v36ifkEqkSpM8_6DqNmMF0DNQAznvm25S5sSFMnZjFA-E_vM3-ajewKQ_aem_CGuxIkMIF99TZpcoE9hR0Q

Logs or Evidence of Abuse: Phishing website targeting the users of Telegram

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

Hello,

Cloudflare received a Phishing report regarding ptc.it.com

The actual host for ptc.it.com are the following IP addresses. 188.165.244.48. Using the following command, you can confirm the site in question is hosted at that IP address: curl -v -H «Host: ptc.it.com» 188.165.244.48/

Below is the information we received:

Reporter’s Name: CERT Polska
Reporter’s Email Address: [email protected]

Reported URLs:
https://ptc.it.com/l/aJQSnGOr/?b=6520&pixel=1521603675848712&campaign_id=%7B%7Bcampaign.id%7D%7D&adset_id=%7B%7Badset.id%7D%7D&ad_id=%7B%7Bad.id%7D%7D&campaign_name=%7B%7Bcampaign.name%7D%7D&adset_name=%7B%7Badset.name%7D%7D&ad_name=%7B%7Bad.name%7D%7D&placement=%7B%7Bplacement%7D%7D&site_source_name=%7B%7Bsite_source_name%7D%7D

Logs or Evidence of Abuse: Phishing website targeting the users of Telegram

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #QQGWFZZWPP] abusive use of ns3035079.ip-149-202-95.eu

Vova1234 — Thu, 20 Nov 2025 18:43:39 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns3035079.ip-149-202-95.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

TLP AMBER

Hello,

As a result of proactive measures undertaken by the National Cyber Security
Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 is
involved in a phishing cybersecurity incident, as the originating IP for
emails impersonating the company OLX [ official domain: olx.ro ] and
directing users to an attacker-controlled fraudulent website asking them for
their bank card details, including CVV/CVC, under the false pretense that this
information is required to received a payment for a product listed for sale by
the victims on OLX. . We are receiving multiple phishing emails originating
from this IP.

We request that you take the necessary steps to resolve this incident as soon
as possible and inform us of the outcome of your activities.

——————— DETAILS ————————-

Originating IP: 149.202.95.232
Sender email address: [email protected]
Outgoing mail server: 159.135.228.30

Please find attached the reported email, headers included, in a .zip archive.

Please note that you are receiving this e-mail because you are a contact
person for the IP in question (WHOIS records).

Regards,

Directorate General Technical Operations

The Romanian National Cyber Security Directorate

[TLP AMBER].This is confidential information. Recipients may share this
information only with members of their own organization who need to know, and
only as much as necessary to act on the information (More on classification:
https://www.first.org/tlp/).

TLP AMBER

Hello,

As a result of proactive measures undertaken by the National Cyber Security Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 is involved in a phishing cybersecurity incident, as the originating IP for emails impersonating the company OLX [ official domain: olx.ro ] and directing users to an attacker-controlled fraudulent website asking them for their bank card details, including CVV/CVC, under the false pretense that this information is required to received a payment for a product listed for sale by the victims on OLX. . We are receiving multiple phishing emails originating from this IP.

We request that you take the necessary steps to resolve this incident as soon as possible and inform us of the outcome of your activities.

——————— DETAILS ————————-

Originating IP: 149.202.95.232
Sender email address: [email protected]
Outgoing mail server: 159.135.228.30

——————————————————

Please find attached the reported email, headers included, in a .zip archive.

Please note that you are receiving this e-mail because you are a contact person for the IP in question (WHOIS records).

Regards,
Directorate General Technical Operations
———————————————-
The Romanian National Cyber Security Directorate

[TLP AMBER].This is confidential information. Recipients may share this information only with members of their own organization who need to know, and only as much as necessary to act on the information (More on classification: https://www.first.org/tlp/).

— end of the technical details —

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #DRGLBXBBKJ] abusive use of ns380244.ip-188-165-244.eu

Vova1234 — Wed, 19 Nov 2025 18:43:02 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns380244.ip-188-165-244.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a Phishing report regarding privattc.fit

Below is the information we received:

Reporter’s Name: CERT Polska
Reporter’s Email Address: [email protected]

Logs or Evidence of Abuse: Phishing website targeting the users of Telegram

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

Hello,

Cloudflare received a Phishing report regarding ptc.it.com

Below is the information we received:

Reporter’s Name: CERT Polska
Reporter’s Email Address: [email protected]

Logs or Evidence of Abuse: Phishing website targeting the users of Telegram

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #DRGLBXBBKJ] Abusive use of your service ns380244.ip-188-165-244.eu

Vova1234 — Mon, 17 Nov 2025 18:42:06 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns380244.ip-188-165-244.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a Phishing report regarding privattc.fit

Below is the information we received:

Reporter’s Name: CERT Polska
Reporter’s Email Address: [email protected]

Logs or Evidence of Abuse: Phishing website targeting the users of Telegram

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #FCQXSBNCKN] Abusive use of your service ns3035079.ip-149-202-95.eu

Vova1234 — Sun, 16 Nov 2025 18:41:26 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns3035079.ip-149-202-95.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Following our report regarding phishing email originating from the submission
server at IP address 149.202.95.232, please find attached the reported email,
headers included.

Regards,

Directorate General Technical Operations

The Romanian National Cyber Security Directorate

Hello,

Following our report regarding phishing email originating from the submission server at IP address 149.202.95.232, please find attached the reported email, headers included.

Regards,
Directorate General Technical Operations
———————————————-
The Romanian National Cyber Security Directorate

Delivered-To: [email protected]
Received: by 2002:a05:7108:5b85:b0:4e6:cf32:3e8f with SMTP id en5csp367053gdb;
Wed, 5 Nov 2025 07:03:39 -0800 (PST)
X-Google-Smtp-Source: AGHT+IE8Azhj88aBTfeDHEJvcH6h1QVMzdHQbEqDi8H1+5Gr2dtIfpkDOsOsCoc0O1siSxclmFFR
X-Received: by 2002:a05:6214:626:b0:880:38ba:a4d9 with SMTP id 6a1803df08f44-880711df737mr41911766d6.67.1762355019215;
Wed, 05 Nov 2025 07:03:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1762355019; cv=none;
d=google.com; s=arc-20240605;
b=ZmWSrZVZSKjWzmZOa0IUBj+hXtSDtTPhLlP5HyX9IdpPjZpSNvX1Qd8nnrQ92kevwW
YSlSIIdyApCwpLBMRgLnN+UJnUcTzUvRGo3CIruWPwiIbpDLefHRNQRKydvEAdsPNLA+
P4i8mubcYXyKd1BpMJp86iNuMs2PSkadqVDrHGMtMqFWEY/h0f58gGD01vRU411BNQdD
f7VCpL97YFLXoIqKz5PXOF3nU/XQ/EG803vgIadpFqkQacmBZ5dRcGtdO1YXpUXAh8Ck
6WcypGoy+sGjmudW+8VOe1VQnpSmSPYqYXs+xQiJ/WBUvgTrYt4sFBsSIKgvjxZrh7e6
XB2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:from:subject:mime-version:date:message-id:sender:dkim-signature
:dkim-signature;
bh=3oR/2e1uS5ziEGr8eEUI7xKQ3RyL3R7ib7EfGAK7vcs=;
fh=kbVccavDVzFbkgyd1Ar6IrP5cqAYzfEK8O8pmdf8bUY=;
b=RM+eqxXMpCnSM1bGkc/a7cb9HuycJpA1AQDWFfcLtguT1VZJeQsExIqxokSuR8AB5W
2Uh0n+qXNY35fuptvp/Pt8mgMb8LknNGjauyHz6xLWeONjkRHZJJynyyEyh5Leriyrf3
JgOUis3ipFsDJBPhlmAvFwXF8neiNl5fGOHjPdzbfkr0kp58llrt+mghwoM68/Ca0TS6
Bz3vgjyI2RnxcDb9oRmLShn2oEtR3S2UKVpRMhpOIDtFbWlrSqUbA1T+lTrJLt7MSFVW
Eq1wK6692U14mcb851KoHfO0wCX30sK404veJlxLLu9pbrRkNwu027nh+HM0RinNUK8M
NZ0Q==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=smtp header.b=L316xTzZ;
dkim=pass [email protected] header.s=mg header.b=XIb5add7;
spf=pass (google.com: domain of [email protected] designates 159.135.228.18 as permitted sender) smtp.mailfrom=»[email protected]»
Return-Path:
Received: from m228-18.mailgun.net (m228-18.mailgun.net. [159.135.228.18])
by mx.google.com with UTF8SMTPS id 6a1803df08f44-8804ce320f5si35822366d6.105.2025.11.05.07.03.38
for [email protected]
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 05 Nov 2025 07:03:39 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 159.135.228.18 as permitted sender) client-ip=159.135.228.18;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=smtp header.b=L316xTzZ;
dkim=pass [email protected] header.s=mg header.b=XIb5add7;
spf=pass (google.com: domain of [email protected] designates 159.135.228.18 as permitted sender) smtp.mailfrom=»[email protected]»
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=angebots2210.info; q=dns/txt; s=smtp; t=1762355018; x=1762362218;
h=To: To: From: From: Subject: Subject: MIME-Version: Content-Type: Date: Message-Id: Sender: Sender: X-Feedback-Id;
bh=3oR/2e1uS5ziEGr8eEUI7xKQ3RyL3R7ib7EfGAK7vcs=;
b=L316xTzZyowSIaMbKkqjlp8uP2gQ5V7el6qvTcSF87e1N/63TW5slxKudnY8HnzpoCYLrBwIOPI3mkTHW06rM/uSjNucB8I3XHTNEqJwKyc7zLpYh1DL/Vx+peCXmuEbYCNDKPxJjCsgr1VOLq3kRUN1CQWn3sixvDyYqWW0Kz4=
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mailgun.org; q=dns/txt; s=mg; t=1762355018; x=1762362218;
h=To: To: From: From: Subject: Subject: MIME-Version: Content-Type: Date: Message-Id: Sender: Sender: X-Feedback-Id;
bh=3oR/2e1uS5ziEGr8eEUI7xKQ3RyL3R7ib7EfGAK7vcs=;
b=XIb5add7dfVCgzg1AUonNJ9fgq03/7gxw2g3w9/LylShVqjAb7xd8nO/LcWdnYFxmfAk/LvWWlw/OxZef7FlFvQOQY32Gxy8FY9JPqLNvnr1+HDElRQwlg8LLvxMBoq8dSjD3dm9t+/TuL8xZu3MHjZkFEwvV5HEgyOCVGp24Q4=
X-Mailgun-Sid: WyIxODhhOCIsImNvcmluYS5icm9zQGdtYWlsLmNvbSIsIjk4NjEyZSJd
X-Feedback-Id: [email protected]::6908543552dfaf7aa486f1c8:mailgun
Received: from ns3035079.ip-149-202-95.eu (ns3035079.ip-149-202-95.eu [149.202.95.232])
by 378c87bdeda07fad5289ade19b1fa275bae442200cb0186dba02bbfa4f013858 with SMTP
id 690b674ae15f237726886985 (version=TLS1.3, cipher=TLS_AES_128_GCM_SHA256);
Wed, 05 Nov 2025 15:03:38 GMT
X-Mailgun-Sending-Ip: 159.135.228.18
Sender: [email protected]
Message-Id: [email protected]
Date: Wed, 05 Nov 2025 15:03:38 +0000
Content-Type: multipart/related;
boundary=»===============4117664940783575696==»
Subject: =?utf-8?q?Confirm=C4=83_v=C3=A2nzarea_pe_OLX_pentru_a_primi_plata_=C3=AEn_si?=
=?utf-8?q?guran=C8=9B=C4=83?=
From: =?utf-8?q?OLX_Informa=C8=9Bii?= [email protected]
To: [email protected]
MIME-Version: 1.0

—===============4117664940783575696==
Content-Type: multipart/alternative;
boundary=»===============7086753192507342070==»

—===============7086753192507342070==
Content-Type: text/html; charset=»utf-8″
Content-Transfer-Encoding: base64

PCFET0NUWVBFIGh0bWw+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwi
IGxhbmc9InJvIj48aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4KICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29u
dGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+CiAgPG1ldGEgbmFt
ZT0ieC1hcHBsZS1kaXNhYmxlLW1lc3NhZ2UtcmVmb3JtYXR0aW5nIj4KICA8bWV0YSBodHRwLWVx
dWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPWVkZ2UiPgogIDxtZXRhIG5hbWU9ImZv
cm1hdC1kZXRlY3Rpb24iIGNvbnRlbnQ9InRlbGVwaG9uZT1ubyI+CiAgPHRpdGxlPjwvdGl0bGU+
CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KICAgIGJvZHkgeyBtYXJnaW46MDsgcGFkZGluZzow
OyBiYWNrZ3JvdW5kLWNvbG9yOiNmNWY1ZjU7IGZvbnQtZmFtaWx5OkFyaWFsLCBIZWx2ZXRpY2Es
IHNhbnMtc2VyaWY7IGNvbG9yOiMzMzM7IH0KICAgIHRhYmxlIHsgYm9yZGVyLWNvbGxhcHNlOmNv
bGxhcHNlOyB9CiAgICBhIHsgY29sb3I6IzA3MDcyZTsgdGV4dC1kZWNvcmF0aW9uOm5vbmU7IH0K
ICAgIC5jbHNfdHppc3JnY2ggeyBtYXgtd2lkdGg6NjAwcHg7IHdpZHRoOjEwMCU7IG1hcmdpbjoy
MHB4IGF1dG87IGJhY2tncm91bmQtY29sb3I6I2ZmZjsgYm9yZGVyLXJhZGl1czo4cHg7IH0KICAg
IC5jbHNfZWllYnJhbHAgeyBiYWNrZ3JvdW5kLWNvbG9yOiMwNzA3MmU7IHBhZGRpbmc6MTVweDsg
dGV4dC1hbGlnbjpjZW50ZXI7IH0KICAgIC5jbHNfZWllYnJhbHAgaDEgeyBtYXJnaW46MDsgZm9u
dC1zaXplOjIycHg7IGNvbG9yOiNmZmY7IGZvbnQtd2VpZ2h0OmJvbGQ7IH0KICAgIC5jbHNfZmhr
b3B4aXYgeyBwYWRkaW5nOjIwcHg7IHRleHQtYWxpZ246Y2VudGVyOyBmb250LXNpemU6MTRweDsg
bGluZS1oZWlnaHQ6MS42OyB9CiAgICAuY2xzX3p2d3NzbnF3IHsgZGlzcGxheTppbmxpbmUtYmxv
Y2s7IHBhZGRpbmc6OHB4IDE1cHg7IGJhY2tncm91bmQ6I2VlZjBmNzsgY29sb3I6IzA3MDcyZTsg
Zm9udC13ZWlnaHQ6Ym9sZDsgYm9yZGVyLXJhZGl1czo0cHg7IG1hcmdpbjoxNXB4IDA7IGZvbnQt
c2l6ZToxNHB4OyB9CiAgICAuY2xzX21ta2l6Z3JuIHsgbWFyZ2luOjI1cHggMDsgfQogICAgLmNs
c19mcm5udmtncyB7IGRpc3BsYXk6aW5saW5lLWJsb2NrOyBwYWRkaW5nOjEycHggMzBweDsgYmFj
a2dyb3VuZC1jb2xvcjojMDcwNzJlOyBjb2xvcjojZmZmICFpbXBvcnRhbnQ7IGZvbnQtd2VpZ2h0
OmJvbGQ7IGJvcmRlci1yYWRpdXM6NHB4OyBmb250LXNpemU6MTVweDsgfQogICAgLmNsc19kcGRt
cXloaSB7IHBhZGRpbmc6MTVweDsgYmFja2dyb3VuZC1jb2xvcjojZjlmOWY5OyB0ZXh0LWFsaWdu
OmNlbnRlcjsgZm9udC1zaXplOjEycHg7IGNvbG9yOiM2NjY7IGxpbmUtaGVpZ2h0OjEuNTsgfQog
ICAgQG1lZGlhIG9ubHkgc2NyZWVuIGFuZCAobWF4LXdpZHRoOjYwMHB4KXsgLmNsc190emlzcmdj
aHttYXJnaW46MTBweDt3aWR0aDoxMDAlO30uY2xzX2Zybm52a2dze2Rpc3BsYXk6YmxvY2s7d2lk
dGg6MTAwJTttYXgtd2lkdGg6MjUwcHg7bWFyZ2luOjAgYXV0bzt9IH0KICA8L3N0eWxlPgo8L2hl
YWQ+Cjxib2R5PgogIDwhLS0gUHJlaGVhZGVyIC0tPgogIDxkaXYgc3R5bGU9ImRpc3BsYXk6bm9u
ZTttYXgtaGVpZ2h0OjA7b3ZlcmZsb3c6aGlkZGVuO29wYWNpdHk6MDsiPgogICAgQ29uZmlybcSD
IHbDom56YXJlYSBwZSBPTFggcGVudHJ1IGEgcHJpbWkgcGxhdGEgw65uIHNpZ3VyYW7Im8SDLgog
IDwvZGl2PgoKICA8dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiB3aWR0aD0iMTAwJSIgYmdjb2xv
cj0iI2Y1ZjVmNSI+CiAgICA8dGJvZHk+PHRyPgogICAgICA8dGQgYWxpZ249ImNlbnRlciIgc3R5
bGU9InBhZGRpbmc6MjBweCAxMHB4OyI+CiAgICAgICAgPHRhYmxlIHJvbGU9InByZXNlbnRhdGlv
biIgY2xhc3M9ImNsc190emlzcmdjaCI+CiAgICAgICAgICA8IS0tIEhlYWRlciAtLT4KICAgICAg
ICAgIDx0Ym9keT48dHI+CiAgICAgICAgICAgIDx0ZCBjbGFzcz0iY2xzX2VpZWJyYWxwIj48aDE+
T0xYIFJvbcOibmlhPC9oMT48L3RkPgogICAgICAgICAgPC90cj4KCiAgICAgICAgICA8IS0tIENv
bnRlbnQgLS0+CiAgICAgICAgICA8dHI+CiAgICAgICAgICAgIDx0ZCBjbGFzcz0iY2xzX2Zoa29w
eGl2Ij4KICAgICAgICAgICAgICA8cD5CdW7Egyw8L3A+CiAgICAgICAgICAgICAgPHA+UHJvZHVz
dWwgdMSDdSBsaXN0YXQgcGUgPHN0cm9uZz5PTFg8L3N0cm9uZz4gYSBmb3N0IGN1bXDEg3JhdC4g
IAogICAgICAgICAgICAgIFBlbnRydSBhIHByaW1pIHBsYXRhIMiZaSBhIGZpbmFsaXphIHRyYW56
YWPIm2lhLCB0ZSBydWfEg20gc8SDIGNvbmZpcm1pIHbDom56YXJlYS48L3A+CiAgICAgICAgICAg
ICAgPGRpdiBjbGFzcz0iY2xzX3p2d3NzbnF3Ij5OdW3Eg3IgY29tYW5kxIM6ICNCeFVyV09GPC9k
aXY+CgogICAgICAgICAgICAgIDx0YWJsZSByb2xlPSJwcmVzZW50YXRpb24iIGFsaWduPSJjZW50
ZXIiIGNsYXNzPSJjbHNfbW1raXpncm4iPgogICAgICAgICAgICAgICAgPHRib2R5Pjx0cj4KICAg
ICAgICAgICAgICAgICAgPHRkPjxhIGhyZWY9Imh0dHBzOi8vYXN0ZWFwdGFsaXZyYXJlLmNsaWNr
L3Jvc3YwNmttIiBjbGFzcz0iY2xzX2Zybm52a2dzIiB0YXJnZXQ9Il9ibGFuayI+Q29uZmlybcSD
IHbDom56YXJlYTwvYT48L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICA8
L3Rib2R5PjwvdGFibGU+CgogICAgICAgICAgICAgIDxwIHN0eWxlPSJmb250LXNpemU6MTNweDtj
b2xvcjojNTU1OyI+UGVudHJ1IG9yaWNlIMOubnRyZWJhcmUsIG5lIHBvyJtpIHNjcmllIGxhICAK
ICAgICAgICAgICAgICA8YSBocmVmPSJtYWlsdG86c3Vwb3J0QG9seC5ybyI+c3Vwb3J0QG9seC5y
bzwvYT4uPC9wPgogICAgICAgICAgICA8L3RkPgogICAgICAgICAgPC90cj4KCiAgICAgICAgICA8
IS0tIEZvb3RlciAtLT4KICAgICAgICAgIDx0cj4KICAgICAgICAgICAgPHRkIGNsYXNzPSJjbHNf
ZHBkbXF5aGkiPgogICAgICAgICAgICAgIEFjZXN0IGUtbWFpbCBhIGZvc3QgdHJpbWlzIGF1dG9t
YXQgw65uIGxlZ8SDdHVyxIMgY3UgbyB0cmFuemFjyJtpZSBPTFguPGJyPgogICAgICAgICAgICAg
IMKpIDIwMjUgT0xYIFJvbcOibmlhIHwgPGEgaHJlZj0iJmx0OyU9IHVuc3Vic2NyaWJlVXJsICUm
Z3Q7Ij5EZXphYm9uYXJlPC9hPgogICAgICAgICAgICA8L3RkPgogICAgICAgICAgPC90cj4KICAg
ICAgICA8L3Rib2R5PjwvdGFibGU+CiAgICAgIDwvdGQ+CiAgICA8L3RyPgogIDwvdGJvZHk+PC90
YWJsZT4KCiAgPCEtLSBQbGFpbi10ZXh0IGZhbGxiYWNrIC0tPgogIDxkaXYgc3R5bGU9ImRpc3Bs
YXk6bm9uZTsiPgpGcm9tOiBPTFggUm9tw6JuaWEgPG5vLXJlcGx5QG9seC5ybz4gIApTdWJqZWN0
OiBDb25maXJtxIMgdsOibnphcmVhIHBlIE9MWCBwZW50cnUgYSBwcmltaSBwbGF0YSAgCgpQcm9k
dXN1bCB0xIN1IGEgZm9zdCBjdW1wxINyYXQgcGUgT0xYLiBDb25maXJtxIMgdsOibnphcmVhIHBl
bnRydSBhIHByaW1pIHBsYXRhIMiZaSBhIGZpbmFsaXphIHRyYW56YWPIm2lhLiAgCgpOdW3Eg3Ig
Y29tYW5kxIM6ICNldEpiTVdBIApDb25maXJtxIMgdsOibnphcmVhOiBodHRwczovL2FzdGVhcHRh
bGl2cmFyZS5jbGljay9yb3N2MDZrbQoKU3Vwb3J0OiBzdXBvcnRAb2x4LnJvICAKRGV6YWJvbmFy
ZTogJmx0OyU9IHVuc3Vic2NyaWJlVXJsICUmZ3Q7ICAKICA8L25vLXJlcGx5QG9seC5ybz48L2Rp
dj4KCgo8L2JvZHk+PC9odG1sPg==

—===============7086753192507342070==—

—===============4117664940783575696==—

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #FCQXSBNCKN] Abusive use of your service ns3035079.ip-149-202-95.eu

Vova1234 — Sun, 16 Nov 2025 18:40:28 +0000

Hello,

An abusive behaviour (Phishing) originating from your dedicated server ns3035079.ip-149-202-95.eu has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

TLP AMBER

Hello,

As a result of proactive measures undertaken by the National Cyber Security
Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 [
hostname: ns3035079.ip-149-202-95.eu ] is involved in an email-based phishing
cybersecurity incident, belonging to the submission server used by the
attacker to submit a fraudulent email impersonating the company OLX [ official
domain: olx.ro ], directing users to a fraudulent page requesting card
details, including the CVV/CVC, under the false pretense that this information
is required to receive a payment for a product listed for sale by them on the
OLX website.

We request that you take the necessary steps to resolve this incident as soon
as possible and inform us of the outcome of your activities.

——————— DETAILS ————————-

Submission server IP: 149.202.95.232
Hostname: ns3035079.ip-149-202-95.eu

Please find attached the reported email, headers included.

Please note that you are receiving this e-mail because you are a contact
person for the IP in question (WHOIS records).

Regards,

Directorate General Technical Operations

The Romanian National Cyber Security Directorate

TLP AMBER

Hello,

As a result of proactive measures undertaken by the National Cyber Security Directorate [DNSC], we would like to inform you that the IP 149.202.95.232 [ hostname: ns3035079.ip-149-202-95.eu ] is involved in an email-based phishing cybersecurity incident, belonging to the submission server used by the attacker to submit a fraudulent email impersonating the company OLX [ official domain: olx.ro ], directing users to a fraudulent page requesting card details, including the CVV/CVC, under the false pretense that this information is required to receive a payment for a product listed for sale by them on the OLX website.

We request that you take the necessary steps to resolve this incident as soon as possible and inform us of the outcome of your activities.

——————— DETAILS ————————-

Submission server IP: 149.202.95.232
Hostname: ns3035079.ip-149-202-95.eu

——————————————————

Please find attached the reported email, headers included.

Please note that you are receiving this e-mail because you are a contact person for the IP in question (WHOIS records).

Regards,
Directorate General Technical Operations
———————————————-
The Romanian National Cyber Security Directorate

[TLP AMBER].This is confidential information. Recipients may share this information only with members of their own organization who need to know, and only as much as necessary to act on the information (More on classification: https://www.first.org/tlp/).

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #MXSJBKGMGL] Abusive use of your service ip-188.165.3.55

Vova1234 — Wed, 01 Oct 2025 18:39:47 +0000

Hello,

An abusive behaviour (Copyright) originating from your IP ip-188.165.3.55 has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a DMCA copyright infringement complaint regarding cartoonporn.pro

The actual host for cartoonporn.pro is cartoonporn.pro . Using the following command, you can confirm the site in question is hosted at that IP address: curl -v -H «Host: cartoonporn.pro» 188.165.3.55/

Below is the information we received:

Reporter’s Name: Viktoria Gray
Reporter’s Email Address: [email protected]
Reporter’s Address: 123 Main St, Apartment 4B , New York, NY, US

Reported URLs:
https://cartoonporn.pro/ru/vids/18988/among-us-red-cosplayer-sucking-green-imposter-s-cock/

Original Work: Exclusive content created by me for my personal paid pages. I am the creator and the person depicted in the original content. I can provide further evidence of authorship and identity if requested, including original files and metadata. Original content : https://fansly.com/vigrayy & https://www.instagram.com/vi.grayy

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.

[Abuse #MXSJBKGMGL] Abusive use of your service ip-188.165.3.55

Vova1234 — Tue, 30 Sep 2025 18:38:00 +0000

Hello,

An abusive behaviour (Copyright) originating from your IP ip-188.165.3.55 has been reported to or noticed by our Abuse Team.

Technical details showing the aforementioned problem follow :

— start of the technical details —

Hello,

Cloudflare received a DMCA copyright infringement complaint regarding cartoonporn.pro

Below is the information we received:

Reporter’s Name: Daisy Winters
Reporter’s Email Address: [email protected]
Reporter’s Company Name: Cam Model Protection
Reporter’s Address: Jagerserf 7 3851SM, Ermelo, Ermelo, Netherlands

Reported URLs:
https://cartoonporn.pro/es/vids/23237/indigo-white-teen-titans-raven-caught-cheating/

Original Work: Our client is the maker and producer of content that is hosted by your client illegally without our clients’ authorization. This premium content can only be purchased at our clients’ website http://profiles.myfreecams.com/DaisyFairy and our client strictly forbids illegal sharing and hosting. We would like to contact your client and their hosting company in order to get the infringing content removed, but we can’t find these contacts because of your service. On behalf of our client I request you to send us the contact details for your clients hosting company.

Please address this issue with your customer.

To respond to this issue, please reply to [email protected].

Regards,
Cloudflare Trust & Safety

— end of the technical details —

Your should investigate and fix this problem, as it constitutes a violation to our terms of service.

Please answer to this e-mail indicating which measures you’ve taken to stop the abusive behaviour.

Cordially,

The OVHcloud Trust & Safety team.