Steve Posted August 15, 2021 Share Posted August 15, 2021 The Russian emails I was getting a while ago seem to have stopped. I am now getting emails from IP addresses registered to a Turkish ISP. Several a day (usually in a row). Is anyone else receiving emails like this? The content of the emails are similar in nature as are the subject lines. I am including several tracking URLs from the most recent spam for reference. https://www.spamcop.net/sc?id=z6720259818z887f0423809cc71a78701bf6302ad0a1z https://www.spamcop.net/sc?id=z6720260001z67552e38a126f2fa95c67fbfca768cdbz https://www.spamcop.net/sc?id=z6720260172zf3d2e28345dca63be7a64e48c816e48fz https://www.spamcop.net/sc?id=z6720260251z86e6a32d216388d374cd131e8374fbfez https://www.spamcop.net/sc?id=z6720260318zb5b8734381d4bdc93de62693bba87d3cz SC identifies the offenders' ISP as Meric Internet Teknolojileri A.s. (Meric Internet Technologies Inc.) with the reporting address abuse AT meric DOT net DOT tr. So far, since receiving emails associated with this ISP via the IP addresses registered to the offenders I have reported 72 emails from various IP addresses registered to this ISP, the first one having been submitted to SC on 7/17 at 11:48PM. Why hasn't the ISP done anything to curb or stop the spam originating from their network?🤔😕🤨🤷🏼♂️ Steve Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted August 15, 2021 Share Posted August 15, 2021 10 hours ago, Steve said: The Russian emails I was getting a while ago seem to have stopped. I am now getting emails from IP addresses registered to a Turkish ISP. Several a day (usually in a row). Is anyone else receiving emails like this? I haven't see subject lines like those since maybe April. In April I started adding to my reports that they need to patch their systems and it seems to have stopped mine. They are probably on a rotation, so now that I said it out loud, my time to get them again is coming up. Quote Link to comment Share on other sites More sharing options...
Steve Posted August 15, 2021 Author Share Posted August 15, 2021 Who, the ISP? Or SC? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted August 15, 2021 Share Posted August 15, 2021 I would put my note about them needing to patch in the "additional notes" section that would be sent with the report to the ISP. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 15, 2021 Share Posted August 15, 2021 (edited) 6 hours ago, Steve said: Who, the ISP? Or SC? HOSTNAME topgoodcoffee.com Meric Internet Teknolojileri A.S. https://check.spamhaus.org/listed/?searchterm=45.147.46.128 Suspected Snowshoe spam IP Range Based on research, analysis of network data, our 'snowshoe' spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume 'snowshoe' spam emission.https://www.spamcop.net/w3m?action=checkblock&ip=45.147.46.128 Listing History In the past 16.9 days, it has been listed 7 times for a total of 5.7 days Other hosts in this "neighborhood" with spam reports 45.147.46.20 45.147.46.38 45.147.46.56 45.147.46.74 45.147.46.110 45.147.46.146 45.147.46.164 45.147.46.182 45.147.46.200 45.147.46.218 45.147.46.236 45.147.47.20 45.147.47.38 45.147.47.74 45.147.47.92 45.147.47.110 Always put in report notes "RESET PASSWORD" if they read abuse reports? Might pay to also send tohttps://www.first.org/members/teams/tr-certtrcert[AT]usom[DOT]gov[DOT]tr Edited August 15, 2021 by petzl Quote Link to comment Share on other sites More sharing options...
Steve Posted August 16, 2021 Author Share Posted August 16, 2021 And like I said in the original post, I reported 72 emails within that range. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 16, 2021 Share Posted August 16, 2021 3 hours ago, Steve said: And like I said in the original post, I reported 72 emails within that range. Turkey is having forest fires/floods?https://www.france24.com/en/live-news/20210814-no-survivors-of-turkey-fire-fighting-plane-crash-as-floods-kill-44 Always put in report notes "RESET PASSWORD" if they read abuse reports?*Might pay to also send to*https://www.first.org/members/teams/tr-cert trcert[AT]usom[DOT]gov[DOT]tr Quote Link to comment Share on other sites More sharing options...
Steve Posted September 4, 2021 Author Share Posted September 4, 2021 Still receiving said email from the 45.xx.xx.xxx IP range that is reported to abuse AT meric DOT net DOT tr. I have put RESET PASSWORD in the report notes but apparently they're not reading the reports? Also manually sending the spam to trcert[AT]usom[DOT]gov[DOT]tr. Not sure if they're reading the emails either because I'm still receiving them. Steve Quote Link to comment Share on other sites More sharing options...
petzl Posted September 5, 2021 Share Posted September 5, 2021 4 hours ago, Steve said: Still receiving said email from the 45.xx.xx.xxx IP range that is reported to abuse AT meric DOT net DOT tr. I have put RESET PASSWORD in the report notes but apparently they're not reading the reports? Also manually sending the spam to trcert[AT]usom[DOT]gov[DOT]tr. Not sure if they're reading the emails either because I'm still receiving them. Steve If you can log into Google mail mark as Phishing Quote Link to comment Share on other sites More sharing options...
Steve Posted September 5, 2021 Author Share Posted September 5, 2021 Just received another one of said emails. Reported it thru SC and to trcert[AT]usom[DOT]gov[DOT]tr. Also marked as phishing in Gmail. Quote Link to comment Share on other sites More sharing options...
petzl Posted September 5, 2021 Share Posted September 5, 2021 4 hours ago, Steve said: Just received another one of said emails. Reported it thru SC and to trcert[AT]usom[DOT]gov[DOT]tr. Also marked as phishing in Gmail. Yes if going though Gmail as soon as one marks it phishing the email and links are stopped. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted September 5, 2021 Share Posted September 5, 2021 5 hours ago, petzl said: if going though Gmail I think if it gets marked enough times, then gmail will block it at the SMTP level. (At least, that is what I have seen from my experience. I am sure functionality is subject to change.) Quote Link to comment Share on other sites More sharing options...
petzl Posted September 6, 2021 Share Posted September 6, 2021 8 hours ago, gnarlymarley said: I think if it gets marked enough times, then gmail will block it at the SMTP level. (At least, that is what I have seen from my experience. I am sure functionality is subject to change.) I only use web-gmail seems blocked as soon as I mark it phishing, most links are through google gmail cloud. Don't know if they would block SMTP My Russian Crime gang gone silent or a year are back but down to one phishing attempt every few dayshttps://www.spamcop.net/sc?id=z6722646496z39beae5ed09980866a86f01b527a11fdz I truncate most of their rubbish static also went through a oneandone email server 212.227.15.19 which I reported from my Gmail account Spamcop did not report oneandone 217.136.236.221 ?https://check.spamhaus.org/listed/?searchterm=217.136.236.221 Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted September 6, 2021 Share Posted September 6, 2021 1 hour ago, petzl said: web-gmail seems blocked as soon as I mark it phishing I think the web-gmail block only sends the email from that address to the spam folder. I have one that keeps coming in to my spam folder even though it is listed as blocked. Quote Link to comment Share on other sites More sharing options...
Steve Posted September 6, 2021 Author Share Posted September 6, 2021 Has anyone gotten an auto response back from the ISP just reporting the emails manually? I just tried doing that to the 2 most recent spams I received from their network. Will be waiting for a response to see if they take action and cease spam from their network. Quote Link to comment Share on other sites More sharing options...
petzl Posted September 6, 2021 Share Posted September 6, 2021 (edited) On 9/6/2021 at 11:48 AM, gnarlymarley said: I think the web-gmail block only sends the email from that address to the spam folder. I have one that keeps coming in to my spam folder even though it is listed as blocked. I now only use Gmail webmail if a email is marked "phishing" you get a warning "this email is dangerous links disabled." Here is a screen shot of such a warning.https://ibb.co/kBTDTmQ It is from someone I bought pinhole glasses from today hope they are not a scam? Address they got from PayPal I use my SpamCop email address with PayPal. I did not mark them Phishing must of been a Gmail computer. Edited September 7, 2021 by petzl Quote Link to comment Share on other sites More sharing options...
petzl Posted September 21, 2021 Share Posted September 21, 2021 (edited) On 9/6/2021 at 7:22 PM, petzl said: I now only use Gmail webmail if a email is marked "phishing" you get a warning "this email is dangerous links disabled." Here is a screen shot of such a warning.https://ibb.co/kBTDTmQ It is from someone I bought pinhole glasses from today hope they are not a scam? Address they got from PayPal I use my SpamCop email address with PayPal. I did not mark them Phishing must of been a Gmail computer. The article arrived yesterday, Looks good, big problem with most Chinese made glasses the frame attacks centres on your eyes with the SHARP ear handles! These ones are made for boofheads like mine Edited September 21, 2021 by petzl Quote Link to comment Share on other sites More sharing options...
postcd Posted January 6, 2022 Share Posted January 6, 2022 (edited) Several months later it seems that their spam@ mailbox still not being read or paid attention to reports. Read/add some reviews: https://www.trustpilot.com/review/meric.net.tr https://www.mywot.com/scorecard/meric.net.tr Anyone got some response from https://www.first.org/members/teams/tr-cert ? Or by contacting them other way than abuse@ ? On their contact page is info@ and Call: +90 (850) 346 37 42 Edited January 7, 2022 by Lking Edited to break the links so one will have to work hard to follow. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted January 10, 2022 Share Posted January 10, 2022 On 1/6/2022 at 5:00 AM, postcd said: Several months later it seems that their spam@ mailbox still not being read or paid attention to reports. That is part of the reason I use a block list and a firewall. If their ISP doesn't want to play nice, then I sometimes block the whole range. (Of course, I try to figure out if there might be any legitimate email from those IPs before blocking.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.