Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Steve

  1. https://www.spamcop.net/sc?id=z6519956282z3287af6539a13394828b32aaa4e4b1a7z Tracking message source: Routing details for[refresh/show] Cached whois for : iptech@readyspace.com.sginfo@readyspace.com.hk bounces (31 sent : 16 bounces)Using best contacts No reporting addresses found for, using devnull for tracking. Message is X hours old103.1.12.91 not listed in cbl.abuseat.org103.1.12.91 not listed in dnsbl.sorbs.net103.1.12.91 not listed in accredit.habeas.com103.1.12.91 not listed in plus.bondedsender.org103.1.12.91 not listed in iadb.isipp.com I have tried refreshing the page with no change in result. I went ahead and manually reported the spam to the ISP.
  2. Reporting the IP address results in this address coming up: abuse@wowrack.com I have tried reporting this IP address several times last year and a few times an employee said they will "Null-route" the IP address. But it still shows up in spam.
  3. https://www.spamcop.net/sc?id=z6519982075zb6dffaaf6c4dde062e506799464432dez Tracking message source: Routing details for[refresh/show] Cached whois for : pioklo@serveradmin.plUsing last resort contacts pioklo@serveradmin.pl Why when SC parses the IP Address, does it come up with a result for a Polish IP (pioklo@serveradmin.pl) as a last resort address? But when I query it through whois.ripe.net does it come up registered to: Responsible organisation: Hetzner Online GmbH Abuse contact info: abuse@hetzner.de inetnum: - netname: HETZNER-fsn1-dc13 descr: Hetzner Online GmbH descr: Datacenter fsn1-dc13 country: DE admin-c: HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA remarks: INFRA-AW mnt-by: HOS-GUN mnt-lower: HOS-GUN mnt-routes: HOS-GUN created: 2010-08-13T08:35:37Z last-modified: 2018-03-15T14:01:30Z source: RIPE role: Hetzner Online GmbH - Contact Role address: Hetzner Online GmbH address: Industriestrasse 25 address: D-91710 Gunzenhausen address: Germany phone: +49 9831 505-0 fax-no: +49 9831 505-3 e-mail: ripe@hetzner.de abuse-mailbox: abuse@hetzner.de remarks: ************************************************* remarks: * For spam/abuse/security issues please contact * remarks: * abuse@hetzner.de, not this address. * remarks: * The contents of your abuse email will be * remarks: * forwarded directly on to our client for * remarks: * handling. * remarks: ************************************************* remarks: remarks: ************************************************* remarks: * Any questions on Peering please send to * remarks: * peering@hetzner.de * remarks: ************************************************* org: ORG-HOA1-RIPE admin-c: MH375-RIPE tech-c: GM834-RIPE tech-c: SK2374-RIPE
  4. Works great now! No more removing this: Received: by 2002:a0c:ad25:0:0:0:0:0 with SMTP id u34csp810943qvc; Sat, 12 Jan 2019 05:34:56 -0800 (PST)
  5. Is this a result of the outage? Feel free to move to the appropriate board if necessary Forbidden You don't have permission to access /sc on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
  6. Now I'm getting THESE BS emails. It seems the private Google Groups emails have stopped for now. Emails originate from the ikoula network. I've already received 3 of these emails today. Here's the tracking url for the latest one: https://www.spamcop.net/sc?id=z6505558234z3da0d3fc609eb83151c7d82976a38ba7z The emails are always formatted the same way each time: I still report the emails to abuse (at) ikoula.com even though SC dev/nulls them and says "abuse reports disabled for abuse (at) ikoula.com".
  7. Tried submitting this email multiple times, but I still get the same message. Tracking URL is below: https://www.spamcop.net/sc?id=z6505543951z6e9f673d70b3c103c95f5fc0c9a8967fz Steve Feel free to move this post to the correct board as you see fit.
  8. How are private Google Groups allowed to send these unsolicited emails and then include a bunch of shady email addresses that no one should think twice of sending emails to to get their email addy removed from said list that they were never on in the first place?!?!?!?!?
  9. https://www.spamcop.net/sc?id=z6500582411zb083caf96b377be2b7e96647e40d66d3z According to a RIPE whois query, admin@it.ua is the abuse contact for this IP address https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=
  10. https://www.spamcop.net/sc?id=z6499662004z6a4c2335c60773ff37fb0f7668385d6dz Parsing header: host 2001:12f0:601:a902:0:0:0:150 = turquesa.dcc.ufmg.br (cached)turquesa.dcc.ufmg.br is 2001:12f0:601:a902:0:0:0:150 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. [2001:12f0:601:a902::150]) by mx.google.com with ESMTP id a44si116985qvh.91.2018.; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: turquesa.dcc.ufmg.brGmail/Postini received mail from sending system 2001:12f0:601:a902:0:0:0:150 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br [2001:12f0:601:a902::150]) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Tracking message source: 2001:12f0:601:a902:0:0:0:150: Display data:"whois 2001:12f0:601:a902:0:0:0:150@whois.lacnic.net" (Getting contact from whois.lacnic.net)Backup contact owner-c = rco217Using NS name gerencia.rede.ufmg.br to find domain and contact Display data: "whois rede.ufmg.br@whois.nic.br" (Getting contact from whois.nic.br) Backup contact owner-c = ura ura = r-admin@rede.ufmg.br urt = r-tecnic@rede.ufmg.br whois.nic.br rede.ufmg.br = r-admin@rede.ufmg.br, r-tecnic@rede.ufmg.br, mail-abuse@cert.brsic128 = cais@cais.rnp.brwhois.lacnic.net found abuse contacts for 2001:12f0:601:a902:0:0:0:150 = cais@cais.rnp.br Cannot find ip range in whois output No reporting addresses found for 2001:12f0:601:a902:0:0:0:150, using devnull for tracking. Yum, this spam is fresh! Message is 2 hours old2001:12f0:601:a902:0:0:0:150 not listed in cbl.abuseat.org2001:12f0:601:a902:0:0:0:150 not listed in dnsbl.sorbs.net2001:12f0:601:a902:0:0:0:150 not listed in accredit.habeas.com2001:12f0:601:a902:0:0:0:150 not listed in plus.bondedsender.org2001:12f0:601:a902:0:0:0:150 not listed in iadb.isipp.com Finding links in message body Parsing text partno links found Reports regarding this spam have already been sent: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) Reportid: 6876124444 To: nomaster@devnull.spamcop.net If reported today, reports would be sent to: Re: 2001:12f0:601:a902:0:0:0:150 (Administrator of network where email originates) nomaster@devnull.spamcop.net 2nd report using 3rd Rcvd line in header: https://www.spamcop.net/sc?id=z6499662490z5bdb0567e14f44de3e07c2fbad0f6158z Parsing header: 0: Received: from smtp.dcc.ufmg.br (turquesa.dcc.ufmg.br. []) by mx.google.com with ESMTP id a44si116985qvh.91.2018.; Sun, 11 Nov 2018 09:04:49 -0800 (PST) Hostname verified: xisto.dcc.ufmg.brGmail/Postini received mail from sending system 1: Received: from webmail.dcc.ufmg.br (xisto.dcc.ufmg.br []) by smtp.dcc.ufmg.br (Postfix) with ESMTPS id E90409F094; Sun, 11 Nov 2018 15:04:46 -0200 (-02) Hostname verified: xisto.dcc.ufmg.br Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Cached whois for : search-apnic-not-arin@apnic.netI refuse to bother search-apnic-not-arin@apnic.net. Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking. Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net
  11. Short of writing Google a letter to get them to stop these emails being sent from IP address, what can I do to get them to take appropriate action against this and blacklist it so it can't be used for spam anymore? I have reported 13 emails to Google's abuse address about this in the last 2 days and 39 in total (I get 3-4 a day). They came from several different email addresses, usually the 1st one: Unsubscribe-me132 <unsubscribe-me132@mitindrhm.cf>, "Please Confirm <strapgr_213@hapt01cn.ml>" or variants/variations of it, such as this one: ("Please Confirm <strapgr_142@michellelafosse.ml>" or this one: "congratulations <strapgr_241@moriyama.ml>"), "Unsubscribe-me132 <unsubscribe-me132@denamarke.tk>" Attempting to access any of the Group URLs (such as the one below and its variants/variations) in the emails results in the url redirecting to this 2nd link as well displaying this when clicking on the 2nd link: https://groups.google.com/a/mitindrhm.cf/group/unsubscribe-me132 Google Groups Authorization Failed This group is on a private domain. Please sign in with an authorized account to view this content. ---------------------------------------------------------------------------------------------------------------- Here's tracking URL for one of the emails https://www.spamcop.net/sc?id=z6497296422zc7cd4be6fe49cdb5a13994e922e19258z
  12. Just reported several more today. At some point Google's gonna have to take action against this IP address.
  13. Nope. The unsubscribe link is a bunch of shady email addresses that I wouldn’t think twice of sending emails to! I received several more in my spam folder today. I have yet to do anything with them. Should I do something with them?
  14. When SC parses an IP address in this range ( - the abuse contact that comes up is abuse (at) estroweb.in. Meanwhile, if I run a RIPE query, the abuse contact comes up as abuse (at) cloudstar.is. Wonder why that is?
  15. Not sure why SC "dev/null"s this email address, but when I manually report emails to the address, within a few minutes I get an auto-reply back from Ikoula Support. Is SC refusing to send the emails to that address? https://www.spamcop.net/sc?id=z6466514536zb80506f981ff3477ff6381ec10110636z
  16. Just checked here and that email addres is already there:
  17. It seems from the auto-reply emails (and whois lookups) that they're a French ISP.
  18. So then how do the spam reports that are dev/nulled get handled?
  19. Ok, so when SC "dev/null"s the reporting addresses, does the ISP still receive and process/handle the reports?
  20. Of course it's an ocn.ne/ad.jp email. I don't bother reporting to them anymore because I find it pointless. I also reported it to netabuse (at) mtn.bj, but as you all know, they're notorious for not dealing with spam very well. I tried reporting to UBA's security email that I found doing a Google search and this is the result Gmail's mailer-daemon sent back: Original email: Delivered-To: x Received: by with SMTP id m20-v6csp390695lfi; Tue, 22 May 2018 04:17:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpYbvb6tOhQ+iZm9i/WTdteOSq3c4khjtYYTyC0U88eDbOBeooA888yF+t/0UxRT/np7P7W X-Received: by 2002:a63:7c0b:: with SMTP id x11-v6mr18459486pgc.384.1526987856201; Tue, 22 May 2018 04:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526987856; cv=none; d=google.com; s=arc-20160816; b=jotNUqh782Or1fxX2A+r16K8REfifvVQHUFk5z9gyfBJuv9fVGAP0qgRPnjo4mlJlm 5YHfAR2j+kzg//ih9YB/fNpUmB729kKKSfQ5xmy85c9ocuiieMz1ecmflWftDgmq0zZt ua3SRaWu+/U51hn2R73K/de9iT02t1D57414RVDakaMz2x2Ff/mf+JjI+1+HSBH4ks0c Mt/Ch7XCfglJUNJl2qNlsBwzd2es8/8rWynsVjdv6BfyYMYTWc5Vda9xPSfUfZJZRTwM IoSDNFFFcgvewA9H8VXA04Cwoz9NY2SAysTZj9TyYRNJjI1C8zilRSMwrDytlSbZ9WoN 7bpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:subject:message-id:reply-to :from:date:arc-authentication-results; bh=LpXfDxdLzWxwHrFw1Qk9sqc0koHX4eJzLDY8tHHwhoo=; b=hOlAaQ8hWmtbEqeXcXlD0sYdvmdc30qlaSZMbFzJ+6d2giVZqBMmbmBVpMHj4KoQiO RLPsiMKUgcmBnHz8CeqGeJIjU+Zx78n91u+2hJRwIlmsVz7DXdXoWouGMvFNVwdU0LQZ 6GQehGfouDlQGGKOHI+XO4IvcWjgt94jseISgkqAPFx351PaFRYBpFlvnaOtYr8yD1Lc GYzktMwi0v9FVN1HZyX9lojZgz5fnqsJ0D/d1FjPiAdHQekp5QrcLfT1ehd161lEYL0P 7IxJLb8dgGDSG+1BNCrAJffzoPYGyTsD+l7Qyl16mqbM9hNktalB1qTiXvluMpBaSpcj 815Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of www.@miracle.ocn.ne.jp designates as permitted sender) smtp.mailfrom=www.@miracle.ocn.ne.jp Return-Path: <www.@miracle.ocn.ne.jp> Received: from mbkd0214.ocn.ad.jp (mbkd0214.ocn.ad.jp. []) by mx.google.com with ESMTP id z18-v6si16038914pfd.357.2018.; Tue, 22 May 2018 04:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of www.@miracle.ocn.ne.jp designates as permitted sender) client-ip=; Authentication-Results: mx.google.com; spf=pass (google.com: domain of www.@miracle.ocn.ne.jp designates as permitted sender) smtp.mailfrom=www.@miracle.ocn.ne.jp Received: from mf-smf-ucb035c3 (mf-smf-ucb035c3.ocn.ad.jp []) by mbkd0214.ocn.ad.jp (Postfix) with ESMTP id 0E1A418D8F6; Tue, 22 May 2018 20:17:23 +0900 (JST) Received: from ntt.pod01.mv-mta-ucb022 ([]) by mf-smf-ucb035c3 with ESMTP id L5IAfKI3F3vLcL5IAf4CBa; Tue, 22 May 2018 20:17:23 +0900 Received: from vcwebmail.ocn.ad.jp ([]) by ntt.pod01.mv-mta-ucb022 with id pPHN1x00F3dLKTM01PHNBl; Tue, 22 May 2018 11:17:22 +0000 Received: from mzcstore202.ocn.ad.jp (mz-cb202p.ocn.ad.jp []) by vcwebmail.ocn.ad.jp (Postfix) with ESMTP; Tue, 22 May 2018 20:17:22 +0900 (JST) Date: Tue, 22 May 2018 20:17:22 +0900 (JST) From: "Mr.Emanuela Guidobaldi" <www.@miracle.ocn.ne.jp> Reply-To: "Mr.Emanuela Guidobaldi" <ubabnk0012@live.fr> Message-ID: <114857748.28834412.1526987842427.JavaMail.root@miracle.ocn.ne.jp> Subject: Attention:My dear MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit X-Originating-IP: [] Attention:My dear I waited for your message as you told me with none received. Remember, i supposed to have traveled last night but the weather is too bad. I will be leaving to Paraguay tomorrow. Meanwhile, contact the Bank manager with below address, i have kept the cheque with them at amount of USD4.5Million. They will either mail it to you or remit it for transfer depending on how you want it; Mr.Emanuela Guidobaldi united bank for Africa -(UBA) E-EMAIL US:ubabnk0012@live.fr
  21. Are emails with this string of IP addresses originating from Benin and OCN is just used to send the emails?
  22. Why is it only blacklisted at abuseat and nowhere else? Is there a reason for that?
  23. ? Here's the Tracking URL. Feel free to remove what you need from the URL after examining the report: https://www.spamcop.net/sc?id=z6466108812zeb3430e28af1b6f93be3ffdc98bf48c7z
  24. Steve

    Why does abuse@amazonaws.com get /dev/null?

    Unfortunately, you can no longer use KnujOn to submit spam: