Steve Posted June 12, 2021 Posted June 12, 2021 I have received several (and reported) several originating from transcriby.com, and a few others. They all are in Russian. The abuse addresses are admin a7 at-sib dot ru, and noc#serverlux dot ru at devnull.spamcop.net which seem to be doing nothing to stop spam. https://www.spamcop.net/sc?id=z6714117615zfd7ff783b07e7f7b264f63bb6305a96ez Quote
RobiBue Posted June 12, 2021 Posted June 12, 2021 I have been getting spam in Russian lately, but not from transcriby... they are always something about money ... scams IMO... Today, this one: https://www.spamcop.net/sc?id=z6714158319za96a80e7bd03d49067421101abebbddfz oddly enough, if I look at the whois records for 87.251.84.130 % Abuse contact for '87.251.84.0 - 87.251.85.255' is 'noc@serverlux.ru' and sc sez: Quote Reports routes for 87.251.84.130: routeid: 78610748 87.251.84.0 - 87.251.89.255 to: admin@at-sib.ru Administrator interested in all reports 3/19/2020, 10:52:56 AM -0500 [Note added by (no name)] Route added without comment routeid: 78610752 87.251.84.0 - 87.251.88.255 to: noc@serverlux.ru Administrator interested in all reports 3/19/2020, 10:53:21 AM -0500 [Note added by (no name)] Route added without comment but: Quote Routing details for 87.251.84.130 Reports disabled for noc@serverlux.ru Using noc#serverlux.ru@devnull.spamcop.net for statistical tracking. Report routing for 87.251.84.130: admin@at-sib.ru, noc#serverlux.ru@devnull.spamcop.net of course, Reports disabled ... Quote
Steve Posted June 14, 2021 Author Posted June 14, 2021 Received another from transcriby today: https://www.spamcop.net/sc?id=z6714249413zc38513f3d9174ae4143330f04b9e2929z Quote
RobiBue Posted June 14, 2021 Posted June 14, 2021 well, looks like both, yours and mine, are hosted by the same Russian spam haven SERVERLUX-NET aka serverlux.ru... ...seems to be a yandex.ru / yandex.net customer... IMNSHO it's the Russian ransomware group phishing for more... just my opinion... I mean no offense to Russians in this forum, nor any offense to yandex/serverlux users, but the hosting companies seem to be very lax when it comes to spammers, scammers, and cyber criminals... seem is the word of choice I am using... Quote
yurs5 Posted November 24, 2021 Posted November 24, 2021 On 6/14/2021 at 3:53 AM, RobiBue said: ...seems to be a yandex.ru / yandex.net customer... No, they don't seem to be a yandex.ru or yandex.net customer. I just see that their abuse address noc@serverlux.ru have MX records at yandex and at the same time their sister abuse address admin@at-sib.ru have MX records at google, however either yandex or google don't have any relation to these spammers. They just use yandex and google public mail services for processing these single particuar mailboxes for them (both yandex and google seem to have such a service to process emails for other domains if you can prove (with some technical procedure) you own a domain you want them to process emails for). Quite probably these mailboxes even aren't monitored by them, but just provide valid abuse contacts according to "broken" (imho) anti-abuse RIPE policy which requires just technically existing abuse e-mail but doesn't require it to be actively monitored or react in any way on abuses (and recently RIPE declined a proposal to improve that policy https://www.ripe.net/participate/policies/proposals/2019-04 ). However that also could be that these mailboxes are monitored and just ignored. I also tried to report spam many times to both these emails with no success however once I've got a positive response (with further temporary lowered spam rate) from another contact which can be found at https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=ORG-PMAV1-RIPE&type=organisation and which seems to be a kind of parent of them according to https://myip.ms/view/hosts/27949943/serverlux_ru.html . Quote
RobiBue Posted November 25, 2021 Posted November 25, 2021 interesting read! Thanks for the info @yurs5 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.