Jump to content

SERVERHUB flooding me as if it comes from Yahoo


Recommended Posts

I'm getting 3 to 5 of these a day for 2 months now.

They have fake YAHOO.COM e-mail addresses, the subjects are about products. Every one of them when I look at the contents are for images that have many different letting combinations but ALL have .party/ as the last part of the image location. For instance, this one:


Others inside have other confusing ones to me but do INCLUDE my e-mail address:

<img src="http;\\peltbangswiestdaunt,party/19915644k140e2002308?eb=i******@****r.com" />

I assume that is how they can track me?

A typical SpamCop report always comes back as it is coming from SERVERHUB.COM? Don't know how it made that connection?

After the report is sent, I can see this on SPAMCOP:


The HEADER for that one is:


Return-Path: <yunkovalcik8829@yahoo.com>
Authentication-Results: cdptpa-imsmta06 header.DKIM-Signature=@yahoo.com; dkim=pass
Received: from [] ([] helo=smtp105.biz.mail.ne1.yahoo.com)
    by cdptpa-imsmta06 (envelope-from <yunkovalcik8829@yahoo.com>)
    (ecelerity r(Core: with ESMTPS (cipher=DHE-RSA-CAMELLIA256-SHA)
    id 0F/76-13528-E3EED885; Sun, 29 Jan 2017 13:29:34 +0000
Received: (qmail 97002 invoked from network); 29 Jan 2017 13:16:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1485695778; bh=gGfWdN6RC3yXfNbEMYT3J+OEY8eZa0S9LXQ4MtN0QVY=; h=Message-ID:Date:From:To:Subject:Content-Type; b=MITSLzafvddVfXxZCb7cwA4j2noD18AN7IoQ+1gf8W7p0zo7M1RDln3fMcaPvl9434ALsXOzCMbiMKbygmOouEW5f+TBx1pAsN9s5fRLi81qB5ktGuJO4SyxvhzZ/1gk+AtmiOWWyrUAyua/8aaPVC3lXihvbFsYPe/jBMlChno=
Message-ID: <55380.49272.qm@smtp105.biz.mail.ne1.yahoo.com>
Date: Sun, 29 Jan 2017 13:16:18 +0000 (UTC)
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: tqWQH_YVM1n8jsE2uLp2bRKDjph5McZuBA63MHzD_EY_TtK
X-Yahoo-SMTP: LoI572yswBCSbUI_5YkmxJmLSAqIHsv.SzvTWEeVrl.eSN.23aXFE9aQAQqZOiS5QKhCox0-
From: Senior Living <yunkovalcik8829@yahoo.com>
To: ispalten@cfl.rr.com
Subject: Looking for 55+ living in 2017?
Content-Type: text/html; charset=UTF-8
X-Authority-Analysis: v=2.1 cv=WtfWSorv c=1 sm=1 tr=0 a=IXwzD+xon/F+YVC+ra/VSA==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=IkcTkHD0fZMA:10 a=79YnABSCSewA:10 a=IgFoBzBjUZAA:10 a=FD_G_oyTAAAA:8 a=ayC55rCoAAAA:8 a=fhRY4CD02UBmV23WEHMA:9 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=jf6ifqx8wrbFtL1ejoTd:22 a=B_RyunTPg8udlmYm5Cu2:22
X-Cloudmark-Score: 0


Body contains:


<a href="http://robhelzlattmoor.party/cdo8ihcq5gai/19915506a176o1118741/k779tlpvbmwx">
<img src="http://robhelzlattmoor.party/lfyi137qxx3f/mT/g1aa5ie3k95c" border="0" />
<br />
<a href="http://robhelzlattmoor.party/bge3j39ogj6a/19915507a176o1118741/k0o8j79nl86x">
<img src="http://robhelzlattmoor.party/9fs59t0qbwrv/6l/59neeq17kf67" border="0" />
</a><img src="http://robhelzlattmoor.party/415501a176o1118741.gif" /><img src="http://robhelzlattmoor.party/19915508a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915509a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915510a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915511a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915512a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915513a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915514a176o1118741?eb=i*******@*****.com" /><img src="http://robhelzlattmoor.party/19915515a176o1118741?eb=i*******@*****.com" />


So basically I have 2 questions?

1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too?

2) Why are the reports being ignored?

I've even used my ISP's spam REPORTING and it still had not stopped? My ISP does have spam Filters, but only back on FROM and blocking all YAHOO.COM doesn't help me.


Link to comment
Share on other sites

Welcome to the SpamCop forum.

Please note that I have broken the first link in your post. 

  • Not knowing what the spammer now has at the end of this link OR may have in the future, I do not want to follow the link. Nor does SpamCop want to have, what may be a poisonous link in this forum that some visitor could follow to disastrous results.
  • We do not want a link on this forum to assist a spammer get better SEO ratings by having references to their domain.

Thank you for providing a Tracking URL as an example of the spam you are addressing.  By providing the Tracking URL, all of up can see the spam, and how the SpamCop parser processed your submission, without you copping the spam into your post.

I notice the spam cut/pasted into your post is not the same as the Tracking URL

8 hours ago, IrvSp said:

1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too?

If you will look near the bottom of the results of parsing the spam you will see


[report history]
Host robhelzlattmoor.party (checking ip) =
Resolves to
Routing details for
Using smaller IP block (/ 11 vs. / 16 )
Removing 1 larger (> / 11 ) route(s) from cache
[refresh/show] Cached whois for : noc@serverhub.com
Using abuse net on noc@serverhub.com
abuse net serverhub.com = admin@serverhub.com, postmaster@serverhub.com
Using best contacts admin@serverhub.com postmaster@serverhub.com
admin@serverhub.com redirects to spamcop@serverhub.com
postmaster@serverhub.com redirects to spamcop@serverhub.com



Which explains why reports were sent to SERVERHUB.COM, because they host a link included in the body of the spam, not because they sent the spam.

Looking at the bottom of the results you will see


Re: (Administrator of network where email originates)

Internal spamcop handling: (yahoo)

Which tells us that the IP address where the spam originated, is controlled by Yahoo, and SpamCop does not send them spam reports.


8 hours ago, IrvSp said:

2) Why are the reports being ignored?

Because they are spammers and they don't care.

Link to comment
Share on other sites

  • 1 month later...

Well, something must have got to them? About a week ago it stopped.... 2 weeks ago I started sending them to my ISP's spam Handler... well it was short lived... started up again yesterday. About all I can tell is they changed the end part of the URL from .party/ to .stream/.

I guess it is hard to stop whomever it is? Shut them down and they come right back...


On 1/29/2017 at 7:09 PM, Lking said:

Because they are spammers and they don't care.

Surely there must be a way? Even adding SERVERHUB to a black list maybe?

Link to comment
Share on other sites

I looked at a few of these today. All have the SAME info at the bottom.

Yes, I know it is part of the JPG it seems, and it does link off to a slightly different ending on the URL line, but I googled part of it, " 8123 Interport Blvd Englewood, CO 80112" and added spam to it. I was SURPRISED at all the HITS I got... it seems to be the 'home' for many different companies posting.

Why can't this information help stop this? Of course that link it does go to might not be them at all either???

Link to comment
Share on other sites

On 30/01/2017 at 2:12 AM, IrvSp said:




'm getting 3 to 5 of these a day for 2 months now.


So basically I have 2 questions?

1) How does this all translate into SERVERHUB.COM as the 'sender' to be reported too?

2) Why are the reports being ignored?

I've even used my ISP's spam REPORTING and it still had not stopped? My ISP does have spam Filters, but only back on FROM and blocking all YAHOO.COM doesn't help me.



SpamCop reporting addresses I see often as a legacy issue and are set in mud (ignored/old defunct reporting addresses)

https://www.spamcop.net/sc?id=z6354566965z58e6e1b554cd81aafb9894c99b1451dcz : abuse [at] yahoo-inc.com is sent to yahoo [at] admin.spamcop.net : noc [at] serverhub.com is sent to spamcop [at] serverhub.com
You need to use SpamCop to "clue" one in as to IP source, Then check abuse addresses with a "who is" program like "IPNetInfo"
And send from the email it was sent to (some have privacy concerns in doing this). Also submit from SpamCop


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...