Sends "lead generator" links in spam email for financial scams in poneytelecom.eu subdomains.
Risks: tracking, spam, credit card fraud, identity theft.
Do not provide any financial or personal data.
Serial hacking attempts from multiple machines on the domain. The "owners" online.net simply ignore any complaints and let the criminals carry on unabated.
IP 212.83.148.20 from their AS is continuously attacking our servers with SIP attack (trying to guess login combinations), already for days even after being blocked on firewall (stupid attack).
I have just reported it to their abuse mail, will see if they reply.
I have seen repeated attempts to access my VOIP server via the sip protocol on the standard port 5060 Source IP was 163.172.211.135 It appears to be an attempt to find open insecure sip servers. I will update if any other services are probed.
Source of guest book spam, frequently used to scrape guest book submission forms for use by others!
Either block this ISP at the firewall level, or booby-trap your guest books and contact forms so that any spam attempts get rejected before the junk reaches the database!
Having a look at their home page doesn't reveal anything at all that could help deter any doubts. BEWARE!
EDIT: 195.154.0.0/16 is a netblock with a bunch of fragments belonging to poneytelecom.
IP's associated with this site also engage in repeated port scanning attempts which fortunately are blocked by most security software. 195.154.207.64 is the latest IP address from which port scanning was attempted & blocked my own security programs this morning. Definitely exercise due caution in any interaction with the site!
This domain with different IPs hacks SIP servers to make calls and extract money of their clients. WE installed Bail2Ban but they over rule it and have made calls.
poneytelecom.eu is a domain name for reverse DNS of the french access provider Online.net.
Maybe some malvolent web site are hosted by Online, but, please, don't rate badly all the IPs.
Use https://console.online.net/en/account/abuses/search for abuse
hosting German spammer T. Richert at IPs 195.154.71.158, 62.210.74.52, 212.129.57.124, so they are moving spammers around from IP block to IP block to avoid detection.
Absolutely no response to abuse complaints
(whatever).poneytelecom.eu is the generic reverse domain of hosting provider online.net. Although the provider is at no fault, the same can't be said about all and every one of their clients.
WHERE to start explaining these sleazy scam sites and the criminals you would be dealing with . . .
Spamming FAKE/SCAM pharmacies to rip you off!
(Fake pharmacies with fake addresses/certificates waiting to SCAM YOU!)
These scammers spam all these garbage brands and MANY more!
http://spamtrackers.eu/wiki/index.php/Canadian_Family_Pharmacy
http://spamtrackers.eu/wiki/index.php/Canadian_Health%26Care_Mall
http://spamtrackers.eu/wiki/index.php/Canadian_Drug_Store
http://spamtrackers.eu/wiki/index.php/Toronto_Drug_Store
http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy
http://spamtrackers.eu/wiki/index.php/ED_Pill_Store
http://spamtrackers.eu/wiki/index.php/Indian_Pharmacy
http://spamtrackers.eu/wiki/index.php/Online_Pharmacy
http://spamtrackers.eu/wiki/index.php/Trusted_Tablets
http://spamtrackers.eu/wiki/index.php/US_Drugs
http://www.symantec.com/connect/blogs/pharmacy-spam-pharmaceutical-websites-fall-two-distinct-operations
https://www.mywot.com/en/forum/13382-ed-online-store-shop-online
https://www.mywot.com/forum/7508--canadian-pharmacy-domains?new=13363
Look up the spam brand here:
http://spamtrackers.eu/wiki/index.php/Category:Pharma_spam
Even More Info:
http://spamtrackers.eu/wiki/index.php/Bulker.biz - EvaPharmacy
(The worst of the worst criminal spam/scam groups)
http://www.cipa.com/fraudulent-sites/
(how to tell if the certification is real)
http://www.legitscript.com/
(check for rogue/fake pharmacies)
FINAL ANALYSIS: A horrible scam, spammed for years on many 1000's of domains.
(sometimes spammers change content/look, but its still a criminal scam site)