Re: [mailop] Someone from nifty.com / sion.ne.jp an this list?

Thu, 01 Jun 2023 09:30:59 -0700 

On 2023-05-30 06:36, Michael Peddemors via mailop wrote:

On 2023-05-29 22:36, Hans-Martin Mosner via mailop wrote:
There's been an ongoing phishing wave originating from nifty.com. I (and most likely others) have sent abuse reports, but the root of the problem apparently hasn't been found and fixed. Would you please see that this phishing stops? If you contact me off-list, I will provide you with the addresses which we've seen in case you can use that to pinpoint the issue. 

Cheers,
Hans-Martin


106.153.226.33                    1   mta-snd00001.nifty.com
    106.153.226.38                 1   mta-snd00006.nifty.com
    106.153.226.39                 1   mta-snd00007.nifty.com
106.153.227.36                    1   mta-snd01004.nifty.com
    106.153.227.38                 1   mta-snd01006.nifty.com
    106.153.227.42                 1   mta-snd01010.nifty.com
    106.153.227.43                 1   mta-snd01011.nifty.com
    106.153.227.44                 1   mta-snd01012.nifty.com
    106.153.227.45                 1   mta-snd01013.nifty.com
106.153.228.1                     2   mta-snd00101.nifty.com
    106.153.228.2                  1   mta-snd00102.nifty.com
    106.153.228.3                  3   mta-snd00103.nifty.com
    106.153.228.4                  3   mta-snd00104.nifty.com
    106.153.228.5                  3   mta-snd00105.nifty.com
    106.153.228.6                  1   mta-snd00106.nifty.com
    106.153.228.33                 3   mta-snd01101.nifty.com
    106.153.228.34                 3   mta-snd01102.nifty.com
    106.153.228.35                 4   mta-snd01103.nifty.com
    106.153.228.36                 4   mta-snd01104.nifty.com
    106.153.228.37                 4   mta-snd01105.nifty.com
    106.153.228.38                 3   mta-snd01106.nifty.com

Going on for about a week now...

Lot of invalid users, but the ones that go through are pretty obvious..

From: Unfeigned Pharmacy-Market <mlh20...@nifty.ne.jp>
X-Priority: 1 (High)
Message-ID: <305495318.20230530150...@nifty.ne.jp>
Subject: Buy premium generic medication products here.


Right now treating like gmail spam, but if it keeps up, might have to 
get more aggressive..





Addendum:

We also see that it is a 'backscatter' issue over there..

Return-Path: <>

Received: from mta-snd00102.nifty.com (HELO osmta0018.nifty.com) 
(106.153.228.2)

        by SNIPPED  (TLS_AES_256_GCM_SHA384 encrypted) ESMTPS
        (16123842-0095-11ee-8143-fb3903172121); Thu, 01 Jun 2023 08:58:03 -0700
To: SNIPED
From: <nore...@nifty.com>
Subject: =?iso-2022-jp?B?GyRCJWEhPCVrQXc/LiUoJWkhPERMQ04bKEI=?=
Date: Fri, 2 Jun 2023 00:58:01 +0900

Message-ID: 
<20230601155801020.cagn.109110.omta01-spam-nf-airoymnf00fep...@nifty.com>


Someone should let them know that gets them blacklisted fast.. ;)



--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to