paulgj Posted May 4, 2016 Posted May 4, 2016 Lately I don't get a huge amount of spam but it seems like almost all the spam I do get ends up being reported to abuse[at]ocn.ad.jp. There seems to be no letup in the quantity though, so am wondering if ocn.ad.jp is actually a known spammer friendly provider of some kind?
Lking Posted May 4, 2016 Posted May 4, 2016 I don't know about ocn.ad.jp but it would seem so. If you would go back to one of the spam you have reported and looking at the reports sent you will find their IP address (SpamCop tracks IP addresses not domains) you could then go to https://www.spamcop.net/w3m?action=map and find the reputation of their IP address.
paulgj Posted May 11, 2016 Author Posted May 11, 2016 apparently this provider is a major spam gateway, seems like sending spam reports to them is an exercise in futility
petzl Posted May 12, 2016 Posted May 12, 2016 6 hours ago, paulgj said: apparently this provider is a major spam gateway, seems like sending spam reports to them is an exercise in futility 6 hours ago, paulgj said: apparently this provider is a major spam gateway, seems like sending spam reports to them is an exercise in futility Would help if you gave a trking url? even a IP address. In the mean time have no idea what you are on about?
lepa71 Posted February 21, 2017 Posted February 21, 2017 I get too many spams latelly from ocn.ad.jp Can we do anything to this provider? Just block all of their clients. That should make them think once their normal clients start complaining for non delivered emails. Also it is kind of funny. Gmail delivers email from this forum into spam box. Just FYI
Lking Posted February 21, 2017 Posted February 21, 2017 As you can tell from this year long thread, some spammers don't change. Reporting all spam from ocn.ad.jp and their clients that use IP addresses controlled by them, will help keep their IPs on the SpamCop block list. 1 hour ago, lepa71 said: Also it is kind of funny. Gmail delivers email from this forum into spam box. Just FYI Yes, many ISP's use rather dumb filters, based on domain names - not IP addresses, to filter incoming email. Why someone would think a spammer would include the word 'spam' in their domain name and use that to filter email, I do not know. I believe you should be able to add SpamCop.net to your white list to over-ride the basic filtering.
skydealer Posted May 2, 2017 Posted May 2, 2017 I also find that a major portion of my spams are coming from their servers and I don't think abuse@ goes anywhere but into their trash. The address that I received emails from when I contacted them directly regarding spams is 'abuse_support@ocn.ad.jp' of which the address is listed as the "OCN Internet Security Team".
SteveMetz Posted May 23, 2017 Posted May 23, 2017 It's pretty clear this ISP is itself a criminal organization: I've reported an IP address of theirs for sending 419 scam message over 140 times during the past year and it still continues, 3-4 times a day.
petzl Posted June 15, 2017 Posted June 15, 2017 Try to make your spam complaints here https://www.facebook.com/OCN.TV/ Always show traking URL
SteveMetz Posted October 12, 2017 Posted October 12, 2017 As a follow up on my post above, I've now filed 300+ reports on 419 scam messages sent from the ocn.ad.jp system. The content of the messages varies but it's clearly coming from one spammer. ocn.ad.jp does nothing about it--I get 1-4 scam messages from them every day. And if you check the Spamcop statistics for the top targets of spam reports, ocn.ad.jp is almost always in the top ten. There are only two logical explanations: either it is an utterly incompetent ISP or it is actively collaborating with 419 scam criminals. I've begged ocn.ad.jp to block any outgoing mail to my Gmail account but they don't respond. I've requested that Gmail blacklist them but didn't get a response to that either. I have a Gmail filter to automatically send any incoming mail from ocn.ad.jp to the trash but the irresponsibility of this slimeball ISP still annoys me.
Lking Posted October 12, 2017 Posted October 12, 2017 It is never a good idea or productive to ask a spammer to removed you address from their emailing list. They view any contact from you as conformation that a real person does read their email and that is success for them. See Spammer Rules, Rule #1, Finnell's Corollary. A more direct way to keep these spam out of your inbox is have your ISP block them or use your email app to direct them to a spam folder. I assume you are reporting your spam to SC. This may not help you directly, depending on how your ISP handles incoming email, but it does help others filter their email.
petzl Posted October 13, 2017 Posted October 13, 2017 On 10/12/2017 at 10:24 PM, SteveMetz said: As a follow up on my post above, I've now filed 300+ reports on 419 scam messages sent from the ocn.ad.jp system. The content of the messages varies but it's clearly coming from one spammer. ocn.ad.jp does nothing about it--I get 1-4 scam messages from them every day. And if you check the Spamcop statistics for the top targets of spam reports, ocn.ad.jp is almost always in the top ten. There are only two logical explanations: either it is an utterly incompetent ISP or it is actively collaborating with 419 scam criminals. I've begged ocn.ad.jp to block any outgoing mail to my Gmail account but they don't respond. I've requested that Gmail blacklist them but didn't get a response to that either. I have a Gmail filter to automatically send any incoming mail from ocn.ad.jp to the trash but the irresponsibility of this slimeball ISP still annoys me. send a report to your email address then use the SECRET link contained in it User-targeted report, see notes, if any. this will show you replies to your reports if any
salfordian Posted January 4, 2018 Posted January 4, 2018 This OCN network is by far the biggest spam network in the world and they ignore every abuse email received even more so with Spamcop because they send the emails to a non existent email address, the one OCN use is abuse_support@ocn.ad.jp Still wont do much good because I've reported to much to them they blocked me, still spamming me with hundreds of emails a week mind
petzl Posted January 4, 2018 Posted January 4, 2018 5 hours ago, salfordian said: This OCN network is by far the biggest spam network A tracking URL helps. I get the odd one but not many to escalate try JP Cert always in comment IP address if that IP is AN open PROXY cirt [at] cyberdefense [ dot ] jp [ Additional comments from recipient ] cncert@cert.org.cn 183.32.221.122 is an open proxy BOTNET SEE https://www.abuseat.org/lookup.cgi SEE ALSO CisCo sites REPUTATION IP LOOKUP https://www.talosintelligence.com If Microsoft Windows Defender is available to you, use it! THEN Change Password Other BOTNET hosts in this "neighborhood" with spam reports 183.32.220.123 183.32.220.134 183.32.220.135 183.32.220.137 183.32.220.168 183.32.220.190 183.32.220.208 183.32.220.213 183.32.220.219 183.32.220.235 183.32.220.241 183.32.220.243 183.32.220.245 183.32.220.247 183.32.221.1 183.32.221.5 183.32.221.74 183.32.221.124 183.32.221.136 183.32.221.145 183.32.221.160 183.32.221.162 183.32.221.179 183.32.221.182 183.32.221.186 183.32.221.204 183.32.221.207 183.32.221.246 183.32.221.248 183.32.221.255 183.32.222.0 183.32.222.24 183.32.222.29 183.32.222.31 183.32.222.35 183.32.222.37 183.32.222.44 183.32.222.57 183.32.222.75 183.32.222.76 183.32.222.92 183.32.222.93 183.32.222.107 183.32.222.115
Steve Posted January 23, 2018 Posted January 23, 2018 I've reported several hundered spam messages with no let up in messages being sent from their network. Here's a recent (January 8th) auto-reply email I got from sending a report to abuse [at] ocn.ad.jp through the reporting form: Quote Dear "Steve" <6765033934@reports.spamcop.net>; This is auto reply mail. That site is one of our customers'. I advise the administrator of the site to fix this problem as soon as possible. Thank you for your patience.Sincerely yours, --- NTT Communications(OCN) ---------- Begin Included Message ---------- Date: Mon, 08 Jan 2018 06:18:12 -0800 From: "Steve" <6765033934@reports.spamcop.net> To: abuse@ocn.ad.jp Subject: [SpamCop (153.149.230.3) id:6765033934][ SpamCop V4.8.6 ]This message is brief for your comfort. Please use links below for details.Email from 153.149.230.3 / Mon, 08 Jan 2018 06:18:12 -0800https://www.spamcop.net/w3m?i=z6765033934z388df03ed4b4e22c2ffbe7efd654f7b4z[ Offending message ]Delivered-To: xReceived: by 10.25.81.199 with SMTP id g68csp1495561lfl; Mon, 8 Jan 2018 06:18:12 -0800 (PST)X-Google-Smtp-Source: ACJfBotDlAvDdTjcx3hJ5Wwh8Lihk5TaNEwnt3d6wkxhCAymYHKu4tp7EzP1kqZt2rV8yG7MfBXNX-Received: by 10.99.116.82 with SMTP id e18mr3807706pgn.3.1515421092220; Mon, 08 Jan 2018 06:18:12 -0800 (PST)ARC-Seal: i=1; a=rsa-sha256; t=1515421092; cv=none; d=google.com; s=arc-20160816; b=tPyZEhl98wyFIfwxRkQFLzwDXw0QH7YdnDCwlZJOX1dc27P60kS2tNT5sFhJvJgUXZ PbF0e9F33QN0Qjsm/8WAOzGISd6z5aYSkJPHirIzCEH9EHcci945cHWldtbO4pWgRdLb P27KsdoicEdI6SSmxrJb9u3lnbvHHar1cWhOHxQzUYnn/FWkk++b6PWuhvmJhngLtjba PKfnLPQkFvPuoglaW23ijg2TmqRUZXnMs5Hm0Z/P91b7/895gMQARFyZM9Ex55jc+6o1 PQMnT+jFZPbEHFQS8prV040HPDOFCmdP3k8yETuPgUAqGL3WWWRDxJdzM/u25E+B4l64 Lv1Q==ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=importance:date:subject:from:to:mime-version:message-id :arc-authentication-results; bh=Ce7aoijsgkaF6otzXyHekJBxp+CbaWNpalc+L5wvBPg=; b=BgaJ/BsRbpqMPylKi9KxzdoUHCuSaJTTF2SWlWVGlNakVEjXb6EGuxsmNS8vq+2GaQ Pyu+ImnWqQChRHdBp8k8QU8Lu2l+6CH1abOKiWKV14W10w2xUSfO/mJww6sCZ/vw341+ 7cctfj7xXYWf7sLC+cITPPXsyt8RONEpBQ+QMxvZZXTbhC+0FNhx2Wm1fkd72jFKIJnq bjYGdH6QMMoZ4tSmLHSmwvAgjR48eDXMRyoapWoirlwk5iyRaGuDzSmXBzWEp5rvlIG8 idPvWJuwUy6zznNN/foEEgUzqgq7iAn1VHUdO84INHAISbPyIaInfT1S2Nx3Wc3Ghxgu zQ1w==ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qqb65by9k@sunny.ocn.ne.jp designates 153.149.230.3 as permitted sender) smtp.mailfrom=qqb65by9k@sunny.ocn.ne.jpReturn-Path: <qqb65by9k@sunny.ocn.ne.jp>Received: from mbkd0102.ocn.ad.jp (mbkd0102.ocn.ad.jp. [153.149.230.3]) by mx.google.com with ESMTP id b2si7495207pgn.405.2018.01.08.06.18.11 for <x>; Mon, 08 Jan 2018 06:18:12 -0800 (PST)Received-SPF: pass (google.com: domain of qqb65by9k@sunny.ocn.ne.jp designates 153.149.230.3 as permitted sender) client-ip=153.149.230.3;Authentication-Results: mx.google.com; spf=pass (google.com: domain of qqb65by9k@sunny.ocn.ne.jp designates 153.149.230.3 as permitted sender) smtp.mailfrom=qqb65by9k@sunny.ocn.ne.jpReceived: from mf-smf-ucb013.ocn.ad.jp (mf-smf-ucb013.ocn.ad.jp [153.149.228.232]) by mbkd0102.ocn.ad.jp (Postfix) with ESMTP id 27259100D091; Mon, 8 Jan 2018 23:18:10 +0900 (JST)Received: from mf-smf-ucb013.ocn.ad.jp (mf-smf-ucb013 [153.149.228.232]) by mf-smf-ucb013.ocn.ad.jp (Postfix) with ESMTP id 0C595A00238; Mon, 8 Jan 2018 23:18:10 +0900 (JST)Received: from ntt.pod01.mv-mta-ucb027 (mv-mta-ucb027.ocn.ad.jp [153.149.142.101]) by mf-smf-ucb013.ocn.ad.jp (Switch-3.3.4/Switch-3.3.4) with ESMTP id w08EI9Yc049183; Mon, 8 Jan 2018 23:18:09 +0900Message-Id: <2018___________________9183@mf-smf-ucb013.ocn.ad.jp>Received: from smtp.ocn.ne.jp ([153.149.227.134]) by ntt.pod01.mv-mta-ucb027 with id vqJ21w0042ud8JZ01qJ2V8; Mon, 08 Jan 2018 14:18:09 +0000Received: from smtp.ocn.ne.jp (unknown [113.190.137.50]) by smtp.ocn.ne.jp (Postfix) with ESMTPA; Mon, 8 Jan 2018 23:18:01 +0900 (JST)MIME-Version: 1.0To: x <x>, x <x>, bmw x <x>, pandothis x <x>, PandoMovies TVShows x <x>, pando mine x <x>, PurrsPando x <x>, pando mega media x <x>, x <x>From: crystal coleman <qqb65by9k@sunny.ocn.ne.jp>Subject:Date: Mon, 8 Jan 2018 04:17:59 -1000Importance: normalX-Priority: 3Content-Type: multipart/alternative; boundary="_16A9152F-11C4-45CB-CD90-87F94A03CB8B_"--_16A9152F-11C4-45CB-CD90-87F94A03CB8B_Content-Transfer-Encoding: quoted-printableContent-Type: text/plain; charset="utf-8"http://now.yourprofitsunleashed.netCrystal Coleman--_16A9152F-11C4-45CB-CD90-87F94A03CB8B_Content-Transfer-Encoding: quoted-printableContent-Type: text/html; charset="utf-8"<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of= fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta ht=tp-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta name==3DGenerator content=3D"Microsoft Word 15 (filtered medium)"><style><!--/* Font Definitions */@font-face=09{font-family:"Cambria Math";=09panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face=09{font-family:Calibri;=09panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face=09{font-family:"Calibri Light";=09panose-1:2 15 3 2 2 2 4 3 2 4;}/* Style Definitions */p.MsoNormal, li.MsoNormal, div.MsoNormal=09{margin:0in;=09margin-bottom:.0001pt;=09font-size:11.0pt;=09font-family:"Calibri",sans-serif;}p.MsoTitle, li.MsoTitle, div.MsoTitle=09{mso-style-priority:10;=09mso-style-link:"Title Char";=09margin:0in;=09margin-bottom:.0001pt;=09mso-add-space:auto;=09font-size:28.0pt;=09font-family:"Calibri Light",sans-serif;=09letter-spacing:-.5pt;}p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst=09{mso-style-priority:10;=09mso-style-link:"Title Char";=09mso-style-type:export-only;=09margin:0in;=09margin-bottom:.0001pt;=09mso-add-space:auto;=09font-size:28.0pt;=09font-family:"Calibri Light",sans-serif;=09letter-spacing:-.5pt;}p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle=09{mso-style-priority:10;=09mso-style-link:"Title Char";=09mso-style-type:export-only;=09margin:0in;=09margin-bottom:.0001pt;=09mso-add-space:auto;=09font-size:28.0pt;=09font-family:"Calibri Light",sans-serif;=09letter-spacing:-.5pt;}p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast=09{mso-style-priority:10;=09mso-style-link:"Title Char";=09mso-style-type:export-only;=09margin:0in;=09margin-bottom:.0001pt;=09mso-add-space:auto;=09font-size:28.0pt;=09font-family:"Calibri Light",sans-serif;=09letter-spacing:-.5pt;}a:link, span.MsoHyperlink=09{mso-style-priority:99;=09color:#0563C1;=09text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed=09{mso-style-priority:99;=09color:#954F72;=09text-decoration:underline;}span.TitleChar=09{mso-style-name:"Title Char";=09mso-style-priority:10;=09mso-style-link:Title;=09font-family:"Calibri Light",sans-serif;=09letter-spacing:-.5pt;}..MsoChpDefault=09{mso-style-type:export-only;}@page WordSection1=09{size:8.5in 11.0in;=09margin:1.0in 1.0in 1.0in 1.0in;}div.WordSection1=09{page:WordSection1;}--></style></head><body lang=3DEN-US link=3D"#0563C1" vlink=3D"#954F72"><di=v class=3DWordSection1><p class=3DMsoTitle><a href=3D"http://now.yourprofit=sunleashed.net"><span style=3D'font-size:11.0pt;font-family:"Calibri",sans-=serif;letter-spacing:0pt'>http://now.yourprofitsunleashed.net</span></a></p=><p class=3DMsoNormal>Crystal Coleman<span style=3D'font-size:14.0pt'><o:p>=</o:p></span></p><p class=3DMsoTitleCxSpFirst><span style=3D'font-size:14.0=pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p><p clas=s=3DMsoTitleCxSpLast><span style=3D'font-size:14..0pt;font-family:"Times Ne=w Roman",serif'><o:p> </o:p></span></p></div></body></html>--_16A9152F-11C4-45CB-CD90-87F94A03CB8B_-- Whenever possible, instead of reporting emails to OCN (abuse [at] ocn.ad.jp) using the reporting from, I look for the X-Originating-IP at the end of the email and try to report it that way by replacing OCN's IP address in the 1st Received line such as the one below: Received: from mbkd0102.ocn.ad.jp (mbkd0102.ocn.ad.jp. [153.149.230.3]) with the one in the X-Originating-IP which is usually a 41.xx.xxx.x and usually, the ISP's email address that comes up is netabuse [at] mtn.bj. Steve
petzl Posted January 23, 2018 Posted January 23, 2018 9 hours ago, Steve said: I've reported several hundered spam messages with no let up in messages being sent from their network. Here's a recent (January 8th) auto-reply email I got from sending a report to abuse [at] ocn.ad.jp through the reporting form: 113.190.137.50 is where it came from "hm-changed [at] vnnic.vn" in notes put compromised/forged web and or email accounts BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER Make sure you are connecting to your mail server's 'authenticated mail' port 587 and not the ordinary 'unauthenticated' port 25. (ask your ISP to check for you) FAQ seehttps://www.spamhaus.org/faq/section/Spamhaus PBL >
Steve Posted February 13, 2018 Posted February 13, 2018 Is there any surefire way to get ocn.ad/ne.jp emails to stop (of course, aside from setting a filter to send them to trash) because reporting to abuse (at) ocn.ad.jp seems like NTT doesn't give a crap despite the auto-reply email they send out. Also, why doesn't SC parse the originating IP address since that's where the emails originate from despite the spammer (scammer) using NTT's servers to send this crap?
petzl Posted February 13, 2018 Posted February 13, 2018 abuse (at) ocn.ad.jp do deal with spammers just don't tell you
Steve Posted February 13, 2018 Posted February 13, 2018 Then why haven't they stopped all spam yet despite the hundreds if not thousands of reports sent?
petzl Posted February 13, 2018 Posted February 13, 2018 On 5/4/2016 at 11:21 AM, paulgj said: Lately I don't get a huge amount of spam but it seems like almost all the spam I do get ends up being reported to abuse[at]ocn.ad.jp. There seems to be no letup in the quantity though, so am wondering if ocn.ad.jp is actually a known spammer friendly provider of some kind? Japanese have little English skills and tend to turn off malware programs like windows defender because it "nags" them https://www.spamcop.net/sc?id=z6444739102zd3ea6cfa9f916bda689da0afcd930389z X-Originating-IP: [41.138.91.165] Etisalat Benin SA (SpamCop didn't pickup) in notes I put compromised/forged web and or email accounts If Microsoft Windows Defender is available to you, use it Scan for Malware! THEN Change log-on to a more secure password-Phrase! > SpamCop reports to mail server 153.149.236.27 abuse (at) ocn.ad.jp Other hosts in this "neighborhood" with spam reports 153.149.236.2 153.149.236.3 153.149.236.4 153.149.236.5 153.149.236.6 153.149.236.7 153.149.236.8 153.149.236.9 153.149.236.10 153.149.236.11 153.149.236.22153.149.236.23 153.149.236.24 153.149.236.25 153.149.236.26 153.149.236.27 153.149.236.28 153.149.236.29 153.149.236.30 153.149.236.31 153.149.236.32 153.149.236.33153.149.236.34 153.149.236.35 153.149.236.36 153.149.236.37 153.149.236.38 153.149.236.39 153.149.236.40
Steve Posted February 13, 2018 Posted February 13, 2018 SC NEVER picks X-Originating-IP up in ocn.ad/ne.jp emails. I almost always (99% of the time) have to re-report the emails and replace the 1st 153.xxx.xxx.x/153.xxx.xxx.xx IP address with the IP in the X-Originating-IP field so it goes to that respective ISP. Steve
petzl Posted February 13, 2018 Posted February 13, 2018 12 hours ago, Steve said: SC NEVER picks X-Originating-IP up in ocn.ad/ne.jp emails. I almost always (99% of the time) have to re-report the emails and replace the 1st 153.xxx.xxx.x/153.xxx.xxx.xx IP address with the IP in the X-Originating-IP field so it goes to that respective ISP. Steve SC will often stop at a mail server, as if in doubt it won't report, but you can take over
Steve Posted February 14, 2018 Posted February 14, 2018 That's why, whenever possible, I take the X-Originating-IP address and replace it with NTT's and then report the email again.
petzl Posted February 14, 2018 Posted February 14, 2018 15 hours ago, Steve said: That's why, whenever possible, I take the X-Originating-IP address and replace it with NTT's and then report the email again. I try to be better than SC and would add Botnet 41.138.91.165 abuse address (if any) to report [moov [at] moov.bj] 41.138.91.165 BOTNET SEE https://www.abuseat.org/lookup.cgi SEE ALSO CisCo sites REPUTATION IP LOOKUP https://www.talosintelligence.com If Microsoft Windows Defender is available to your customers, they need to use it! THEN Change Password >
Recommended Posts
Archived
This topic is now archived and is closed to further replies.