Unusual patterns in session IDs.

FOR YOUR INFORMATIONS and ACTIONS against these Basterds HACKERS USING your servers IP and accounts and mails boxes ! Pour votre Information et Actions contre ces hackers utilisant vos serveurs IP, LOGOS, Comptes et boites mails ! Recu Jeudi 26 Juin 2025 après 08h08 ( toujours envoyés les nuits ou les week-ends) 24 èmes mails escrocs ( fautes ) usurpant encore la BANQUE POSTALE et venant de l’adresse mail escroquée des hackers: florancemonsuie@oerideteurvuesa.com gérée par abuse@ovh.net utilisant encore les serveurs usurpés de OVH.net et venant des adresses IP 188.165.43.173 et 37.59.142.102 gérées par aabdulj@bart.gov et dso@bart.gov Received : from 6.mo561.mail-out.ovh.net (6.mo561.mail-out.ovh.net [188.165.43.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mlpnf0119.laposte.net (SMTP Server) with ESMTPS id 4bSSsw2lv9zKm5W for <@laposte.net>; Thu, 26 Jun 2025 08:08:20 +0200 (CEST) Received : from director4.ghost.mail-out.ovh.net (unknown [10.109.249.122]) by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4bSSsw1BMtz6WTP for <@laposte.net>; Thu, 26 Jun 2025 06:08:20 +0000 (UTC) Received : from ghost-submission-5b5ff79f4f-5wfkr (unknown [10.111.182.110]) by director4.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 98EB8C28D7 for <@laposte.net>; Thu, 26 Jun 2025 06:08:19 +0000 (UTC) Received : from oerideteurvuesa.com ([37.59.142.102]) by ghost-submission-5b5ff79f4f-5wfkr with ESMTPSA id PyBbDdPjXGgaihYAnPbK9w (envelope-from <florancemonsuie@oerideteurvuesa.com>) ************** Codes HTML des hackers ci-dessous ************ Return-Path : <florancemonsuie@oerideteurvuesa.com> Received : from mlpnf0119.laposte.net (mlpnf0119.sys.meshcore.net [10.94.128.98]) by mlpnb0108 with LMTPA; Thu, 26 Jun 2025 08:08:20 +0200 X-Cyrus-Session-Id : cyrus-1750918100-238822-3-9092709207168548894 X-Sieve : CMU Sieve 3.0 ARC-Seal : i=1; a=rsa-sha256; d=laposte.net; s=lpn-wlmd; t=1750918100; cv=none; b=esV2NcE9x8dKIosvZjtuRx9UsKfmn+I24b1ocsF4/Owf+pIacee4s3w09/rTMx5hYaAvjZzABAI sfg2rfBLJ90EdYMniCwwjPvbGCKk7aiQs1EvBit78/d8/kLb8RTh0NzdyK/Fxuq+XtEjxWO/ZsB7 dlTOaHzOl23pUM68add64lkWfw+nAo0g4/82QQMPrjWqE2zheq4ogLj6kkA26hB5iQaGzzjcGHXn EPZFjimyWPFxfn7EoU8jE+hrq/jBlbFhzFRUhLfdPm/njN9eAzPqLckTdA4FTnj/JFwMYIbua4yv 8ByrQNzMnLJAmo4Qoj061Ic8cx/WCpXTSLorucA== ARC-Message-Signature : i=1; a=rsa-sha256; c=relaxed/relaxed; d=laposte.net; s=lpn-wlmd; t=1750918100; h=From:Date:Subject:To:DKIM-Signature; bh=8VQgelEih U4GyqSUJwzIJ1Dy0Kt1nqYKpjj9SdysWw4=; b=hvdRebECHlnYtCY2gO4F5UMcw7HB6TUfqBfFP Pg4CQI+ZQAj7Y43R7x6VQAiqctZfCcEML5KXV1+DWdXuz2DbFdtMFxEjeG62MA8hvpJRqKn+GcQ8 lnaXB9cMXKY3gLuKkZVftr2op3njpyjWojTCbG8IOVGuOvjwRjbuCOu8D1xr6PvteTXNqDZacmXH Z2rCBgnLiumaiy+vAEDDdBpLVnCTyAWPKQaDkDJoEA9dX087kLElUsmyagfdz2eQEP4BjRhDqxa+ OiJthRLahEbmSU2+Q0SjtrgpXnUAdBbc3tFttiw8UfylLrfIdvFgcIV+nIBsz4FkWkkxd5kIZoFn w== ARC-Authentication-Results : i=1; laposte.net; spf=pass smtp.helo=6.mo561.mail-out.ovh.net smtp.mailfrom=florancemonsuie@oerideteurvuesa.com; dkim=pass reason="good signature" header.b=x0R0G5 header.d=oerideteurvuesa.com header.s=ovhmo5381758-selector1; dmarc=none reason="No policy found"; arc=none smtp.remote-ip=188.165.43.173; bimi=skipped reason="non-pass DMARC" X-mail-filterd : {"version":"1.9.1","queueID":"4bSSsw4JNczKm4G","contextId": "7ebd34b1-0bed-4168-a86f-ab48a06c0453"} X-ppbforward : {"queueID":"4bSSsw4JNczKm4G","server":"mlpnf0119"} Received : from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0119.laposte.net (SMTP Server) with ESMTP id 4bSSsw4JNczKm4G for <lpn000000000000000018870443@back01-mail02-04.lpn.svc.meshcore.net>; Thu, 26 Jun

FOR YOUR INFORMATIONS and ACTIONS against these Basterds HACKERS USING your servers IP and accounts and mails boxes ! Pour votre Information et Actions contre ces hackers utilisant vos serveurs IP, LOGOS, Comptes et boites mails ! Recu Jeudi 26 Juin 2025 après 08h08 ( toujours envoyés les nuits ou les week-ends) 24 èmes mails escrocs ( fautes ) usurpant encore la BANQUE POSTALE et venant de l’adresse mail escroquée des hackers: florancemonsuie@oerideteurvuesa.com gérée par abuse@ovh.net utilisant encore les serveurs usurpés de OVH.net et venant des adresses IP 188.165.43.173 et 37.59.142.102 gérées par aabdulj@bart.gov et dso@bart.gov Received : from 6.mo561.mail-out.ovh.net (6.mo561.mail-out.ovh.net [188.165.43.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mlpnf0119.laposte.net (SMTP Server) with ESMTPS id 4bSSsw2lv9zKm5W for <@laposte.net>; Thu, 26 Jun 2025 08:08:20 +0200 (CEST) Received : from director4.ghost.mail-out.ovh.net (unknown [10.109.249.122]) by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4bSSsw1BMtz6WTP for <@laposte.net>; Thu, 26 Jun 2025 06:08:20 +0000 (UTC) Received : from ghost-submission-5b5ff79f4f-5wfkr (unknown [10.111.182.110]) by director4.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 98EB8C28D7 for <@laposte.net>; Thu, 26 Jun 2025 06:08:19 +0000 (UTC) Received : from oerideteurvuesa.com ([37.59.142.102]) by ghost-submission-5b5ff79f4f-5wfkr with ESMTPSA id PyBbDdPjXGgaihYAnPbK9w (envelope-from <florancemonsuie@oerideteurvuesa.com>) ************** Codes HTML des hackers ci-dessous ************ Return-Path : <florancemonsuie@oerideteurvuesa.com> Received : from mlpnf0119.laposte.net (mlpnf0119.sys.meshcore.net [10.94.128.98]) by mlpnb0108 with LMTPA; Thu, 26 Jun 2025 08:08:20 +0200 X-Cyrus-Session-Id : cyrus-1750918100-238822-3-9092709207168548894 X-Sieve : CMU Sieve 3.0 ARC-Seal : i=1; a=rsa-sha256; d=laposte.net; s=lpn-wlmd; t=1750918100; cv=none; b=esV2NcE9x8dKIosvZjtuRx9UsKfmn+I24b1ocsF4/Owf+pIacee4s3w09/rTMx5hYaAvjZzABAI sfg2rfBLJ90EdYMniCwwjPvbGCKk7aiQs1EvBit78/d8/kLb8RTh0NzdyK/Fxuq+XtEjxWO/ZsB7 dlTOaHzOl23pUM68add64lkWfw+nAo0g4/82QQMPrjWqE2zheq4ogLj6kkA26hB5iQaGzzjcGHXn EPZFjimyWPFxfn7EoU8jE+hrq/jBlbFhzFRUhLfdPm/njN9eAzPqLckTdA4FTnj/JFwMYIbua4yv 8ByrQNzMnLJAmo4Qoj061Ic8cx/WCpXTSLorucA== ARC-Message-Signature : i=1; a=rsa-sha256; c=relaxed/relaxed; d=laposte.net; s=lpn-wlmd; t=1750918100; h=From:Date:Subject:To:DKIM-Signature; bh=8VQgelEih U4GyqSUJwzIJ1Dy0Kt1nqYKpjj9SdysWw4=; b=hvdRebECHlnYtCY2gO4F5UMcw7HB6TUfqBfFP Pg4CQI+ZQAj7Y43R7x6VQAiqctZfCcEML5KXV1+DWdXuz2DbFdtMFxEjeG62MA8hvpJRqKn+GcQ8 lnaXB9cMXKY3gLuKkZVftr2op3njpyjWojTCbG8IOVGuOvjwRjbuCOu8D1xr6PvteTXNqDZacmXH Z2rCBgnLiumaiy+vAEDDdBpLVnCTyAWPKQaDkDJoEA9dX087kLElUsmyagfdz2eQEP4BjRhDqxa+ OiJthRLahEbmSU2+Q0SjtrgpXnUAdBbc3tFttiw8UfylLrfIdvFgcIV+nIBsz4FkWkkxd5kIZoFn w== ARC-Authentication-Results : i=1; laposte.net; spf=pass smtp.helo=6.mo561.mail-out.ovh.net smtp.mailfrom=florancemonsuie@oerideteurvuesa.com; dkim=pass reason="good signature" header.b=x0R0G5 header.d=oerideteurvuesa.com header.s=ovhmo5381758-selector1; dmarc=none reason="No policy found"; arc=none smtp.remote-ip=188.165.43.173; bimi=skipped reason="non-pass DMARC" X-mail-filterd : {"version":"1.9.1","queueID":"4bSSsw4JNczKm4G","contextId": "7ebd34b1-0bed-4168-a86f-ab48a06c0453"} X-ppbforward : {"queueID":"4bSSsw4JNczKm4G","server":"mlpnf0119"} Received : from outgoing-mail.laposte.net (localhost.localdomain [127.0.0.1]) by mlpnf0119.laposte.net (SMTP Server) with ESMTP id 4bSSsw4JNczKm4G for <lpn000000000000000018870443@back01-mail02-04.lpn.svc.meshcore.net>; Thu, 26 Jun

It attempted to perform a side channel attack on the SSH server.

The IP address attempted to login to the SSH server with an invalid username.

Unusually high number of requests to the login page.

It was involved in a Distributed Denial of Service (DDoS) attack.

The IP tried to initiate DNS tunneling for smuggling data through SSH.

This IP belongs to Hostgator.

POST /user/password?name[0,%20bypass]=dav&name[0]=loup&pass-reset-token-1=D&form_id=user_pass: Drupalgeddon2 exploit which allows remote code execution.

This malicious IP was reported for attempting a Zero-day exploit, exploiting a software vulnerability before it's known or fixed by the vendor.

The IP attempted to use the FTP server to distribute anonymizing tools.

The IP attempted to login to the SASL server with an invalid username.

This IP was linked to an attempt at distributing malicious software within our system.

This malicious IP was reported for attempting a Sniffing attack, capturing and analyzing FTP traffic to glean sensitive information.

It attempted to perform Heap Overflow attacks on the Apache server.

Because of numerous attacks using malicious mobile code, this IP has been blacklisted.

Print Requests Repeatedly: Logs illustrate HTTP requests with "?print" parameter multiple times, indicating someone trying to expose sensitive information.

It attempted to carry out a 'Ping of Death' operation, hoping to crash the server.

The IP attempted to perform HTTP Request Smuggling attacks on the Apache server.

Multiple requests with the same X-Att-Deviceid header.

The IP made multiple unsuccessful login attempts in a short period of time.

Malformed Host Headers: HTTP requests with host headers that do not match the site's actual hostname.

Unknown IP Address: An unfamiliar IP address making frequent requests could imply a compromised machine.

It attempted to perform Web Service attacks on the Apache server.