At least one IP address in 185.217.127.0/28, 185.217.127.13, is sending spam for «Apple Advance Academy», aka P2P Hub. P2P Hub operates in-person seminars covering various basic business, marketing, and sales training subjects.
The domain skilltrainers360.com has misconfigured DNS, with two DNS servers that do not exist entered into Whois and into the DNS configuration running on the IP address that serves as the A record, NS service, and MX service for the domain. (Evidence below).
If other IP addresses in this /28 start sending spam for this spammer, the /28 will be listed.
Contabo: You have a malicious sender here. Please nuke the account(s) associated with this sender.
Received: from sha3.skilltrainers360.com (unknown [185.217.127.13])
Date: Fri, 25 Mar 2022 03:###:## +0800
From: «HRD CORP -Claimable Courses» <learning@skilltrainers360.com>
Reply-To: training@skilltrainers360.com
Subject: Import-Export Procedures / Training <x>
<snip>
Respected Madam/Sir,
We are pleased to extend an invitation for you to join our courses
Topic: Malaysian Import & Export Procedures & Documentation
<snip>
Apple Advance Academy
SBL KHAS / HRD Corp Claimable
Trained By ZOOM-Webinar Classroom Training
Contact : Mr.Adam
Mobile: 016-3066336
Email 1 : adam.trainings@gmail.com
Email 2: adam.trainings@hotmail.com
Note: This email is only for our potential clients. If you have accidentally received this, please accept our deepest apologies. To choose not to receive future emails from us, simply reply with the subject header «Unsubscribe»
Anti-SPAM Policy Disclaimer: Mail cannot be considered spam as long as we include contact information and a remove link for removal from this mailing list. If this e-mail is unsolicited, please accept our apologies.
<snip>
% Information related to ‘185.217.126.0 — 185.217.127.255’
% Abuse contact for ‘185.217.126.0 — 185.217.127.255’ is ‘abuse@contabo.de’
inetnum: 185.217.126.0 — 185.217.127.255
netname: TT-2021092904
descr: Contabo GmbH
country: DE
org: ORG-CG313-RIPE
admin-c: MH7476-RIPE
tech-c: MH7476-RIPE
abuse-c: MH12453-RIPE
status: SUB-ALLOCATED PA
mnt-by: MNT-CONTABO
created: 2021-09-29T14:31:44Z
last-modified: 2021-10-08T13:40:40Z
source: RIPE
organisation: ORG-CG313-RIPE
org-name: Contabo GmbH
org-type: other
remarks: * Please direct all complaints about Internet abuse like Spam, hacking or scans *
remarks: * to abuse@contabo.de . This will guarantee fastest processing possible. *
address: Aschauer Strasse 32a
address: 81549
address: Munchen
address: GERMANY
phone: +498921268372
fax-no: +498921665862
abuse-c: MH12453-RIPE
mnt-ref: MNT-CONTABO
mnt-by: MNT-CONTABO
mnt-ref: de-buechvps1-1-mnt
mnt-ref: mnt-de-bnc-1
mnt-by: de-buechvps1-1-mnt
mnt-by: mnt-de-bnc-1
created: 2021-09-29T14:30:02Z
last-modified: 2021-12-22T06:52:39Z
source: RIPE # Filtered
person: Wilhelm Zwalina
address: Contabo GmbH
address: Aschauer Str. 32a
address: 81549 Muenchen
phone: +49 89 21268372
fax-no: +49 89 21665862
nic-hdl: MH7476-RIPE
mnt-by: MNT-CONTABO
mnt-by: MNT-GIGA-HOSTING
created: 2010-01-04T10:41:37Z
last-modified: 2020-04-24T16:09:30Z
source: RIPE
% Information related to ‘185.217.126.0/23AS51167’
route: 185.217.126.0/23
descr: CONTABO
origin: AS51167
mnt-by: MNT-CONTABO
created: 2021-09-29T14:24:48Z
last-modified: 2021-10-08T13:40:45Z
source: RIPE
[whois.namecheap.com]
Domain name: skilltrainers360.com
Registry Domain ID: 2648792130_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2021-10-19T12:44:57.00Z
Registrar Registration Expiration Date: 2022-10-19T12:44:57.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Redacted for Privacy
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: Kalkofnsvegur 2
Registrant City: Reykjavik
Registrant State/Province: Capital Region
Registrant Postal Code: 101
Registrant Country: IS
Registrant Phone: +354.4212434
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 093d4cbb33d845059382dfff06d5b6b5.protect@withheldforprivacy.com
Registry Admin ID:
Admin Name: Redacted for Privacy
Admin Organization: Privacy service provided by Withheld for Privacy ehf
Admin Street: Kalkofnsvegur 2
Admin City: Reykjavik
Admin State/Province: Capital Region
Admin Postal Code: 101
Admin Country: IS
Admin Phone: +354.4212434
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 093d4cbb33d845059382dfff06d5b6b5.protect@withheldforprivacy.com
Registry Tech ID:
Tech Name: Redacted for Privacy
Tech Organization: Privacy service provided by Withheld for Privacy ehf
Tech Street: Kalkofnsvegur 2
Tech City: Reykjavik
Tech State/Province: Capital Region
Tech Postal Code: 101
Tech Country: IS
Tech Phone: +354.4212434
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 093d4cbb33d845059382dfff06d5b6b5.protect@withheldforprivacy.com
Name Server: ns1.skilltrainers360.com
Name Server: ns2.skilltrainers360.com
DNSSEC: unsigned
$ host ns1.skilltrainers360.com
Host ns1.skilltrainers360.com not found: 3(NXDOMAIN)
$ host ns2.skilltrainers360.com
Host ns2.skilltrainers360.com not found: 3(NXDOMAIN)
[ NOTE: *Interesting*. Pulling out dig. ]
$ dig -t ns skilltrainers360.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> -t ns skilltrainers360.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6301
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;skilltrainers360.com. IN NS
;; ANSWER SECTION:
skilltrainers360.com. 3600 IN NS ns.2skilltrainers360.com.
skilltrainers360.com. 3600 IN NS ns.1skilltrainers360.com.
;; Query time: 171 msec
;; SERVER: 198.58.107.5#53(198.58.107.5)
;; WHEN: Fri Mar 25 02:50:12 UTC 2022
;; MSG SIZE rcvd: 119
[ NOTE: OK. The nameservers are ns.1${domain} and ns.2${domain}… Let’s see if those exist. ]
$ host ns.2skilltrainers360.com
Host ns.2skilltrainers360.com not found: 3(NXDOMAIN)
$ host ns.1skilltrainers360.com
Host ns.1skilltrainers360.com not found: 3(NXDOMAIN)
[ NOTE: These don’t exist either. ]
$ dig skilltrainers360.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> skilltrainers360.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34139
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;skilltrainers360.com. IN A
;; ANSWER SECTION:
skilltrainers360.com. 3600 IN A 185.217.127.7
;; Query time: 125 msec
;; SERVER: 198.58.107.5#53(198.58.107.5)
;; WHEN: Fri Mar 25 02:49:24 UTC 2022
;; MSG SIZE rcvd: 65
$ host skilltrainers360.com
skilltrainers360.com has address 185.217.127.7
skilltrainers360.com mail is handled by 5 mail.skilltrainers360.com.
$ host mail.skilltrainers360.com
mail.skilltrainers360.com has address 185.217.127.7
$ dig @skilltrainers360.com skilltrainers360.com +all +norec
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @skilltrainers360.com skilltrainers360.com +all +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34727
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;skilltrainers360.com. IN A
;; ANSWER SECTION:
skilltrainers360.com. 3600 IN A 185.217.127.7
;; AUTHORITY SECTION:
skilltrainers360.com. 3600 IN NS ns.2skilltrainers360.com.
skilltrainers360.com. 3600 IN NS ns.1skilltrainers360.com.
;; Query time: 125 msec
;; SERVER: 185.217.127.7#53(185.217.127.7)
;; WHEN: Fri Mar 25 02:56:28 UTC 2022
;; MSG SIZE rcvd: 135
[ NOTE: This domain has deliberately misconfigured nameservers, and DNS service set up on the A record IP address.