Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


colocrossing is phishing network provider
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

colocrossing is phishing network provider

tommyluotommyluo Member

All below IPs are used to sending phishing emails:

107.175.243.19
192.227.177.187
192.227.190.192
192.227.190.193
192.3.83.101
192.3.83.107
192.3.83.108
198.23.174.136
23.94.169.28

Subject: =?utf-8?b?VFMzIFRTIENVQklDQ0FSROOCq+ODvOODieOAkOmHjeimgTrlv4XjgZrjgYo=?=
=?utf-8?b?6Kqt44G/44GP44Gg44GV44GE44CR?=

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 107.175.243.19
X-SM_ReverseDNS: 107-175-243-19-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO tebkuoz.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.227.177.187
X-SM_ReverseDNS: 192-227-177-187-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO tjvwmxx.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.227.190.192
X-SM_ReverseDNS: 192-227-190-192-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO ttrptes.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.227.190.193
X-SM_ReverseDNS: 192-227-190-193-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO uawqsih.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.3.83.101
X-SM_ReverseDNS: 192-3-83-101-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO slcmtwt.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.3.83.107
X-SM_ReverseDNS: 192-3-83-107-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO woqpigq.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 192.3.83.108
X-SM_ReverseDNS: 192-3-83-108-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO spzyjnz.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 198.23.174.136
X-SM_ReverseDNS: 198-23-174-136-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO cbilcxz.cn

X-SM_EnvelopeFrom: [email protected]
X-SM_SENDER_IP: 23.94.169.28
X-SM_ReverseDNS: 23-94-169-28-host.colocrossing.com
X-SM_HeloStrInEnvelope: EHLO wkdwmik.cn

Comments

  • in other news, the sky is blue.

  • I assumed you reported this already to their abuse team.?

  • ok

  • vpn2024vpn2024 Member

    @jonesolutions said:
    I assumed you reported this already to their abuse team.?

    team email-alias

    There's very few companies that have a dedicated abuse employee let alone a team..

  • neohneoh Member

    Nothing new. What I expect is those emails are sent from IPv6 addresses.

    Thanked by 1Frameworks
  • GravelyGravely Member

    @jonesolutions said:
    I assumed you reported this already to their abuse team.?

    Optimistic of you to think they properly action any reports.

  • kvz12kvz12 Member

    @neoh said:
    Nothing new. What I expect is those emails are sent from IPv6 addresses.

    That's impossible, considering Colocrossing doesn't have IPv6 and actively seems to avoid any question related to it.

  • neohneoh Member

    @kvz12 said:

    @neoh said:
    Nothing new. What I expect is those emails are sent from IPv6 addresses.

    That's impossible, considering Colocrossing doesn't have IPv6 and actively seems to avoid any question related to it.

    That is what they promised all those years ago. Nothing is impossible. Our future generations will see it.

  • tommyluotommyluo Member
    edited May 29

    My postfix will check if it is from colocrossing network,all send to quarantine.
    If it is from hostwinds,then 100% reject mode.

  • GulfGulf Member
    edited May 29

    I reported to hostpapa abuse (from whois info got hostpapa email).
    Then contacted colo via abuse form and they blocked within 1 day

  • GulfGulf Member

    @tommyluo said:
    If it is from hostwinds

    Last time I reported they blocked very fast

  • angstromangstrom Moderator

    All those .cn addresses -- this doesn't help against the negative stereotypes, unfortunately :/

  • r3kr3k Member
    edited May 29

    people call them ColonCrossing for a reason.

  • tommyluotommyluo Member

    All these CN domain same persion

    Registrant: 陈超
    Registrant Contact Email: [email protected]

  • GulfGulf Member

    I confirm that abuse works. But you need to contact them directly from their site.
    Now colo's ips have hostpapa listed there. Do not contact hostpapa, endless useless conversations like "we are working on the problem", despite they just do nothing.

  • GreyhoundGreyhound Member

    @tommyluo said:
    All these CN domain same persion

    Registrant: 陈超
    Registrant Contact Email: [email protected]

    So why don't you report the abuse to the domain registrar Aliyun as well?

  • taizitaizi Member
    tdjnzwn.cn
    ledjdax.cn
    lingne.cn
    vivvjjh.cn
    yjir.cn
    tptxqfj.cn
    ocstjxm.cn
    ameux.cn
    eerw.cn
    sfreaob.cn
    wnopmvm.cn
    tlxaelg.cn
    cnlihui.cn
    odjcusw.cn
    ruymecx.cn
    egwsljt.cn
    tj4hka.cn
    tw7vze.cn
    jetpak.cn
    ogwjuzb.cn
    snwvgll.cn
    rwknlie.cn
    xgwry.cn
    tebkuoz.cn
    sagui.cn
    vnwgvhg.cn
    fzlichi.cn
    sdktagj.cn
    alpuo.cn
    rqwuqcv.cn
    rfhphf.cn
    rhmyw.cn
    aluuj.cn
    ohccfh.cn
    wkdwmik.cn
    amkeu.cn
    sgsonvd.cn
    xkescgb.cn
    vebopii.cn
    qxfndst.cn
    swptbpa.cn
    honglinsm.cn
    wpuvkkf.cn
    tgrftpq.cn
    jsanhe.cn
    vedmuyl.cn
    amtue.cn
    oqomcyq.cn
    qxzipsn.cn
    exela.cn
    trxwfws.cn
    ibjtmqh.cn
    dessa.cn
    tglzwjs.cn
    harbinlvyou.cn
    tppgnhz.cn
    alvif.cn
    pyqrymn.cn
    bcybw.cn
    wiccbyu.cn
    zvyh.cn
    rvahyjh.cn
    fzmuxu.cn
    alqou.cn
    mbgcwwj.cn
    woqpigq.cn
    optxecy.cn
    m259.cn
    qvrjmzu.cn
    slcmtwt.cn
    alreu.cn
    rzpquwb.cn
    shesan.cn
    swychxw.cn
    lkhqw.cn
    alnua.cn
    tjvwmxx.cn
    wxhnbyk.cn
    919qq.cn
    laladsk.cn
    yndqgc.cn
    scmbrhw.cn
    a540.cn
    aluox.cn
    wzpkehm.cn
    rcnwusn.cn
    ciwjscz.cn
    xefzlpw.cn
    sgremtz.cn
    rgtspit.cn
    rbshqbc.cn
    tccyclu.cn
    rvrzngo.cn
    vsifcss.cn
    ruxjafk.cn
    guone.cn
    rmpsgzs.cn
    alquu.cn
    amkeo.cn
    shekun.cn
    alovp.cn
    tmvsmoo.cn
    odgjysb.cn
    skzcgcf.cn
    lalafoj.cn
    jaixwjz.cn
    runzai.cn
    xuanxianwl.cn
    amguu.cn
    jamtpfm.cn
    

    all from [email protected]

Sign In or Register to comment.