Jump to content

Anyone receiving emails like this?


Steve
 Share

Recommended Posts

I have received several (and reported) several originating from transcriby.com, and a few others. They all are in Russian. The abuse addresses are admin a7 at-sib dot ru, and noc#serverlux dot ru at devnull.spamcop.net which seem to be doing nothing to stop spam. 

https://www.spamcop.net/sc?id=z6714117615zfd7ff783b07e7f7b264f63bb6305a96ez
Link to comment
Share on other sites

I have been getting spam in Russian lately, but not from transcriby...

they are always something about money ... scams IMO...

Today, this one: https://www.spamcop.net/sc?id=z6714158319za96a80e7bd03d49067421101abebbddfz

oddly enough, if I look at the whois records for 87.251.84.130

% Abuse contact for '87.251.84.0 - 87.251.85.255' is 'noc@serverlux.ru'

and sc sez:

Quote
Reports routes for 87.251.84.130:
routeid: 78610748 87.251.84.0 - 87.251.89.255 to: admin@at-sib.ru
Administrator interested in all reports
3/19/2020, 10:52:56 AM -0500
[Note added by  (no name)]
Route added without comment
routeid: 78610752 87.251.84.0 - 87.251.88.255 to: noc@serverlux.ru
Administrator interested in all reports
3/19/2020, 10:53:21 AM -0500
[Note added by  (no name)]
Route added without comment

but:

Quote

Routing details for 87.251.84.130
Reports disabled for noc@serverlux.ru

Using noc#serverlux.ru@devnull.spamcop.net for statistical tracking.

Report routing for 87.251.84.130: admin@at-sib.ru, noc#serverlux.ru@devnull.spamcop.net

of course, Reports disabled ...

Link to comment
Share on other sites

well, looks like both, yours and mine, are hosted by the same Russian spam haven SERVERLUX-NET aka serverlux.ru...

...seems to be a yandex.ru / yandex.net customer... IMNSHO it's the Russian ransomware group phishing for more... just my opinion...

I mean no offense to Russians in this forum, nor any offense to yandex/serverlux users, but the hosting companies seem to be very lax when it comes to spammers, scammers, and cyber criminals... seem is the word of choice I am using...

 

Link to comment
Share on other sites

  • 5 months later...
On 6/14/2021 at 3:53 AM, RobiBue said:

...seems to be a yandex.ru / yandex.net customer... 

No, they don't seem to be a yandex.ru or yandex.net customer. I just see that their abuse address noc@serverlux.ru have MX records at yandex and at the same time their sister abuse address admin@at-sib.ru have MX records at google, however either yandex or google don't have any relation to these spammers. They just use yandex and google public mail services for processing these single particuar mailboxes for them (both yandex and google seem to have such a service to process emails for other domains if you can prove (with some technical procedure) you own a domain you want them to process emails for). Quite probably these mailboxes even aren't monitored by them, but just provide valid abuse contacts according to "broken" (imho) anti-abuse RIPE policy which requires just technically existing abuse e-mail but doesn't require it to be actively monitored or react in any way on abuses (and recently RIPE declined a proposal to improve that policy https://www.ripe.net/participate/policies/proposals/2019-04 ). However that also could be that these mailboxes are monitored and just ignored. I also tried to report spam many times to both these emails with no success however once I've got a positive response (with further temporary lowered spam rate) from another contact which can be found at https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=ORG-PMAV1-RIPE&type=organisation and which seems to be a kind of parent of them according to https://myip.ms/view/hosts/27949943/serverlux_ru.html .

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...