Jump to content

OVH.Net spam ?


georgestama

Recommended Posts

For the last coupe of weeks, i’ve been getting tons (10 per day) of spam emails from different IP’s from ovh.net (Administrator of network where email originates) and cloudfare.com (Administrator of network hosting website referenced in spam).  (FYI: I use AirMail as my e-mail client.: http://airmailapp.com )
 
I’ve done many reports through SpamCop but haven’t seen any results. Are they ignoring the reporting? Is SpamCop working? Is there anything else that can be done?
 
* Attached are the reports I have done.
 
Thanks for all of your help :)
 
- George

Screen Shot 2018-02-21 at 8.20.42 AM.png

Edited by georgestama
Link to comment
Share on other sites

Unfortunately only you can see the spam reports referenced by the 10 digit report number. If you would have provided the Tracking URL we all could see the action taken.

3 hours ago, georgestama said:

Are they ignoring the reporting?

Yes, I'm afraid they are.

 

3 hours ago, georgestama said:

Is SpamCop working?

Yes.  SpamCop of course can not directly block any spam.  SC does create a block list (SCBL) that, if used by (your) ISP, can be used to filter emails delivered to your inbox that are from IPs know to be spammers.  In the hope that the manager of the source IP is a "good" member of the internet community SC also sends a spam Report to them so they can work to stop the spam coming from their IP.  Of course if the revenue from the spammer is more important than good citizenship, they will not take responsible action.

Link to comment
Share on other sites

kolor you will have to explain more completely what you mean.

Looking at the link you provided, currently that IP address has a "spam level" of none for today and last month.  Today the IP has a email level of 0.0 for today.  Although the IP does have an email reputation of "poor" but many not be on any current block list because it has timed off the list.

For how the SCBL works go to https://www.spamcop.net/fom-serve/cache/297.html and scroll down to "How the SCBL Works" and " SCBL Rules "

Link to comment
Share on other sites

18 hours ago, georgestama said:
I’ve done many reports through SpamCop but haven’t seen any results. Are they ignoring the reporting? Is SpamCop working? Is there anything else that can be done?
 

Try adding "cert-fr.cossi@ssi.gouv.fr" to report can't read French buy maybe a Canadian can? Also give tracking URL OVH have gone back to being  blackhat
https://www.cert.ssi.gouv.fr

Link to comment
Share on other sites

Almost there, but not quite. Most of us won't be able to view those reports. The tracking URL that's more useful to the rest of us typically appears below this:

SpamCop v 4.8.7 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:

Link to comment
Share on other sites

6 hours ago, georgestama said:

phishing spam I would also attack rhe URL

http://trk.bestschoolguide.com/campaigns/bk12218xfw81e/track-url/er221nbtj4141/6bc357f9cb098f50b5608061a558cf3605577d04

104.18.63.84 abuse@cloudflare.com

redirects to 
http://www.indiabullsventures.com/AQGEN/

115.112.249.189 4755abuse@tatacommunications.com

 

Link to comment
Share on other sites

  • 11 months later...

I know this thread is a year old, but perhaps the following is still useful. I recently received and reported spam that resolves to ovh.net. I looked them up at The Spamhaus Project. Their SBL Advisory found 74 listings listings for IPs under the responsibility of ovh.net — starting from today and going back to October 2018.

See: https://www.spamhaus.org/sbl/listings/ovh.net

My mail host has a section where users can build and edit a personal blacklist. I added @ovh.net (the @ symbol tells the server to block everything associated with them, not just specific email addresses). Works great. 

Link to comment
Share on other sites

Just got one with a OVH link have to truncate as it's full of base 64 gibber
https://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z
I also sent full report from my email account

Criminal  phishing, bogus reply address, bogus unsubscribe
This/my email address I believe provided to this Russian (?) Crime gang by FaceBook
..
Received from 185.252.147.144 abuse[AT]firstbyte.ru

link obfuscation  
https://aiplotnic.ru/yqjutzsgrfuwz

Resolves to 51.38.186.24  abuse[AT]ovh.net

offending email (eml) forwarded also, 
can be read as text attachment with a text/ASCII editor like notepad or eml text reader

>

 

Edited by petzl
Link to comment
Share on other sites

It's so sad. The Internet — the most important advance in human communication since the invention of the printing press — is highjacked by crazy, money-grubbing, jerkoff spammers. 

Link to comment
Share on other sites

Spammers are not only annoying, they tend to be stupid. I've even had one (can't remember which provider the original email was traced back to) where the sender claimed to be Donald Duck. I couldn't resist having a little bit of fun with them.......

There's a humorous post on how stupid they are in the Lounge section of the forum.

Link to comment
Share on other sites

On 2/2/2019 at 9:35 AM, Art101 said:

It's so sad. The Internet — the most important advance in human communication since the invention of the printing press — is highjacked by crazy, money-grubbing, jerkoff spammers. 

Seems Facebook are still selling info to criminals. I do not have any financial accounts connected to my Mobile phone.
https://www.itnews.com.au/news/45k-stolen-in-phone-porting-scam-282310/page0 

Link to comment
Share on other sites

Thanks, petzl... good info. We'll all bumble through the spam nightmare, thanks to services like Spamcop and Spamhaus. The fun never ends. [insert ironic emoji here]

Totally off-topic (but maybe not)... good song by a longtime client/friend. Potential inspiration to maybe help brighten our days...

http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob...

In our sukkot of bone
through this wondrous land we roam,
ever lost — always home.

Link to comment
Share on other sites

2 hours ago, Art101 said:

Totally off-topic (but maybe not)... good song by a longtime client/friend. Potential inspiration to maybe help brighten our days...

http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob...

In our sukkot of bone
through this wondrous land we roam,
ever lost — always home.

Found him on youtube your link no sound for me?
https://youtu.be/rV32KmxMCic

As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)
https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal

 

Edited by petzl
Link to comment
Share on other sites

23 hours ago, petzl said:

As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)
https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal

The Scam in Australia regarding Mobile phone bank fraud
https://youtu.be/sABVEHUhx8k

 

Link to comment
Share on other sites

  • 1 year later...

> ovh.net

Me too.

If you wanna hear a nightmare: I went to Googlemaps to find a doctor near me.  I found a nearby listing, but the address was a private residence, but they provided a cellphone number.  So I sent a text message with damn near my life's story in it, including my ever-clean [google] email address that I use for friends and family.  One clue that the listing was fake was that the Dr.'s name was Dibbledydibble, or something like that.  But, y'know, I needed a doctor, and who ever heard of people using Googlemaps to harvest information like that?

That fake "doctor's" listing disappeared.  Within a couple of days, I started getting ovh.net and some other spams to my "clean" email address.  Anyway, google does a good job of keeping spam out of the Inbox.

I haven't anti-spammed in a long time, but this guy forced me back into it with a vengeance.  I'm even setting my alarm clock for 2:30 AM to catch his 1:30 AM spams, so I can report them Fresh.

Based on this thread, I wouldn't expect this unstoppable behavior to come out of a civilized country as France.  It's disappointing that there's no authority there to affect ovh.net.

I just noticed, an interesting line from my most recent report:

Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. [51.79.145.214])
        by mx.google.com with ESMTPS id l3si5139590plb.379.2020.07.24.22.53.52
        for <x>

According to ipinfo.io, 51.79.145.214 is ovh.net.  They report a Canadian flag.

The report was not copied to Newegg.  I'll have to send a copy on my own.  "Dear Newegg, I found your name in the header of a spam-email, if you might be interested..."  I don't understand how the spammer got Newegg tied up with his shenanigans.

Thanks for anti-spamming.

Edited by nei1_j
Link to comment
Share on other sites

7 hours ago, nei1_j said:

Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. [51.79.145.214])

Two decades ago, spammers were advertising the wrong hostname to get past blocking filters.  When spam filtering kept getting them, some of them went to using their real hostname of the computer they had hacked.  I think most of the OVH spammers might be the "fly by night" salesman, where the OVH computers are not patched.  I think that by the time we file a report, they may have already abandoned the machine.

Link to comment
Share on other sites

Hi Gnarly.  Thanks for the reply.

I think I understand some of that.  Are you saying that Newegg was hacked?!? 

But what you say suggests that it would indeed be beneficial if I can send in those SpamCop reports ASAP.  Perhaps if someone can invent a SpamCop Alarm, so that my computer would beep when stuff shows up in my spam folder.  That would certainly cut down on my reporting delays.

Edited by nei1_j
OCD
Link to comment
Share on other sites

On 7/25/2020 at 2:48 PM, nei1_j said:

Are you saying that Newegg was hacked?!?

Nope, I am saying that OVH customers were probably hacked.  The spammer is just using the Newegg hostname to try to get past spam filters.  (Some people who get a spam report that supposedly came from their discount it and ignore it because they "didn't send it".)

Link to comment
Share on other sites

Ok.  So the whole "Received:" line is a forgery.

If anyone's interested: https://www.spamcop.net/sc?id=z6643327190zb33a603c90f8edb039ee9fc7ef49ffd1z

Edited by nei1_j
s'more
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...