inboxpartners.com

Sendgrid is sending spam for the domain inboxpartners.com. Cloudflare hosts the A record and website. FSX Holding hosts the MX record for this domain.

This domain is sending significant volumes of dating spam through Sendgrid. The domain has no SPF record and has private Whois, and is sending from an IP address in the sendgrid.net domain, so there is no way for recipients to verify independently that the email was actually sent by the owners of the domain, although given the time spam that we have been seeing this email we believe that it is from them and not a forgery. The spam emails have tagged Friendly From and Subject, so those fields are redacted in the spam sample below.

The URIs, although within the inboxpartners.com, are dedicated subdomains posting to redirectors within Sendgrid. Presumably they redirect to either inboxpartners.com or to the dating service for whom they are spamming.

SENDING IPs:

149.72.142.96 wrqvvzsh.outbound-mail.sendgrid.net

HOSTING IPs:

$ host inboxpartners.com
inboxpartners.com has address 172.67.166.248
inboxpartners.com has address 104.27.167.218
inboxpartners.com has address 104.27.166.218
inboxpartners.com mail is handled by 1 mail.inboxpartners.com.

$ host url<x>.inboxpartners.com
url<x>.inboxpartners.com is an alias for sendgrid.net.
sendgrid.net has address 167.89.118.83
sendgrid.net has address 167.89.123.124
sendgrid.net has address 167.89.115.120
sendgrid.net has address 167.89.115.56
sendgrid.net has address 167.89.118.52
sendgrid.net has address 167.89.123.54
sendgrid.net mail is handled by 10 mx.sendgrid.net.
sendgrid.net mail is handled by 20 mx2.sendgrid.net.

MX IP:

$ host mail.inboxpartners.com
mail.inboxpartners.com has address 195.167.165.125

$ host 167.165.125
Host 167.165.125 not found: 3(NXDOMAIN)

$ host -t txt inboxpartners.com
inboxpartners.com has no TXT record

SPAM SAMPLE:

From bounces+9318103-<x>
Received: from wrqvvzsh.outbound-mail.sendgrid.net (wrqvvzsh.outbound-mail.sendgrid.net
[149.72.142.96])
Date: Tue, 24 Nov 2020 08:##:## +0000 (UTC)
From: <x> <info@inboxpartners.com>
Subject: <x>

<snip>

Find Someone Just For You Tonight!

Find A Date @ Victoria Hearts

Find Your True Love Today!

<snip>

[ FIND A WOMAN! ]

<snip>

URI: http://<x>.inboxpartners.com/ls/click?<x>

IP AND DOMAIN WHOIS:

[ NOTE: We assume Sendgrid and Cloudflare recognize their IP addressses.]

NetRange: 195.167.160.0 — 195.167.175.255
CIDR: 195.167.160.0/20
NetName: FSX-350
NetHandle: NET-195-167-160-0-1
Parent: RIPE-CBLK3 (NET-195-0-0-0-1)
NetType: Direct Allocation
OriginAS: AS46378
Organization: FSX HOLDINGS, LLC (FHL-23)
RegDate: 2016-12-08
Updated: 2016-12-09
Comment: http://www.fsx.com Standard NOC hours are 7am to 11pm EST
Ref: https://rdap.arin.net/registry/ip/195.167.160.0

OrgName: FSX HOLDINGS, LLC
OrgId: FHL-23
Address: 102 NE 2nd Street #386
City: Boca Raton
StateProv: FL
PostalCode: 33432
Country: US
RegDate: 2013-12-09
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/FHL-23

OrgTechHandle: TECH830-ARIN
OrgTechName: Tech
OrgTechPhone: +1-954-857-0040
OrgTechEmail: it@fsx.com
OrgTechRef: https://rdap.arin.net/registry/entity/TECH830-ARIN

OrgAbuseHandle: ABUSE4029-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-954-857-0000
OrgAbuseEmail: abuse@fsx.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4029-ARIN

OrgNOCHandle: NOC17261-ARIN
OrgNOCName: Noc
OrgNOCPhone: +1-954-857-0040
OrgNOCEmail: noc@fsx.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC17261-ARIN

RNOCHandle: NOC17261-ARIN
RNOCName: Noc
RNOCPhone: +1-954-857-0040
RNOCEmail: noc@fsx.com
RNOCRef: https://rdap.arin.net/registry/entity/NOC17261-ARIN

RAbuseHandle: ABUSE4029-ARIN
RAbuseName: Abuse
RAbusePhone: +1-954-857-0000
RAbuseEmail: abuse@fsx.com
RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4029-ARIN

RTechHandle: TECH830-ARIN
RTechName: Tech
RTechPhone: +1-954-857-0040
RTechEmail: it@fsx.com
RTechRef: https://rdap.arin.net/registry/entity/TECH830-ARIN

Domain Name: INBOXPARTNERS.COM
Registry Domain ID: 2131888920_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.pananames.com
Registrar URL: http://www.pananames.com
Updated Date: 2020-05-02T04:22:21Z
Creation Date: 2017-06-08T15:22:20Z
Registrar Registration Expiration Date: 2021-06-08T15:22:20Z
Registrar: URL SOLUTIONS INC.
Registrar IANA ID: 1449
Registrar Abuse Contact Email: abuse@pananames.com
Registrar Abuse Contact Phone: +1.4692250522
Reseller:
Domain Status: clientTransferProhibited — https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Private Whois
Registrant Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
Registrant Street: Tower Financial Center Flr 35, 50th St y E. Mendez St
Registrant City: Panama
Registrant State/Province: NA
Registrant Postal Code: NA
Registrant Country: PA
Registrant Phone: +1.4692250522
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: inboxpartners.com.rhog8ehcurso@domains-anonymizer.com
Registry Admin ID:
Admin Name: Private Whois
Admin Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
Admin Street: Tower Financial Center Flr 35, 50th St y E. Mendez St
Admin City: Panama
Admin State/Province: NA
Admin Postal Code: NA
Admin Country: PA
Admin Phone: +1.4692250522
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: admin.inboxpartners.com.rhog8ehcurso@domains-anonymizer.com
Registry Tech ID:
Tech Name: Private Whois
Tech Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
Tech Street: Tower Financial Center Flr 35, 50th St y E. Mendez St
Tech City: Panama
Tech State/Province: NA
Tech Postal Code: NA
Tech Country: PA
Tech Phone: +1.4692250522
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: tech.inboxpartners.com.rhog8ehcurso@domains-anonymizer.com
Name Server: NORM.NS.CLOUDFLARE.COM
Name Server: ZOE.NS.CLOUDFLARE.COM

Добавить комментарий

Ваш адрес email не будет опубликован.