Spam Tracking URI on Bare IP Address (OMICS)

This IP address is tracking opens in spam sen by OMICS, a publisher of «open-access» journals that solicits contributions and (by implication) fees and/or subscriptions through spam sent to scraped, purchased, or appended email addresses.

At the end of the email are two bits of code that are not visible in the email as rendered in most email clients. These bits of code contain links to servers that track «opens» for the email. Both links are shown below, with tagging information removed so that they do not identify the specific spamrap that received his email.

The first link timed out when we teested it—the IP address 194.147.44.7 is dead. The second link did not time out—it is live and recording opens.

Two possible reasons for this occur to us. This might be a simple cut-and-paste error in creation of the spam email. And it might be that OMICS is reacting against an ISP that disconnected service to them by making sure that the IP address(es) coninue to appear in their spam emails, preventing blocklistings and reputation services from ageing those IP addresses out of their systems.

Linode: You host the live IP address below, the subject of this SBL listing. Please shut down that VPS and all other services to this customer. Be aware that the customer uses many business names and contacts to obtain service, and might have multiple accounts or reappear under a new name and open new Services.

SPAM SAMPLE:

Received: from ping1.host6.trans.vcomweb.net (ping1.host6.trans.vcomweb.net [121.242.207.32])
Date: Mon, 21 Mar 2022 05:##:## +0000
From: «Clinics in Surgery™ (Impact Factor ##)» <editor@ijoapcis.com>
Reply-To: «Clinics in Surgery™ (Impact Factor ##)» <editor@clinsurg.org>
Subject: Short Article Submissions: <x>

<snip>

Greetings for the Day!!
We understand your priorities and professional commitments. It would
not be appropriate at this point in time to overburden you by asking
you to write/contribute a full-length manuscript.

<snip>

[ NOTE: Responses must be sent to Reply-to email address; no submission
weblink is provided. ]

<snip>

<img data-connectorsauthtoken=»1″ data-<x>=»/<x>/<x>»
data-<x>=»» data-<x>=»External» height=»1″
originalsrc=»http://194.147.44.7/mail/index.php/campaigns/<x>/track-opening/<x>»
src=»https://outlook.office.com/actions/ei?u=http%3A%2F%2F194.147.44.7%2Fmail%2Findex.php%2Fcampaigns%2F<x>%2Ftrack-opening%2F<x>;d=<x>%3A<x>» width=»1″ />

</span><img width=»1″ height=»1″ src=»http://45.79.13.23/mail/index.php/campaigns/<x>/track-opening/<x>» alt=»» />

<snip>

NetRange: 45.79.0.0 — 45.79.255.255
CIDR: 45.79.0.0/16
NetName: LINODE-US
NetHandle: NET-45-79-0-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS3595, AS21844, AS6939, AS8001
Organization: Linode (LINOD)
RegDate: 2015-04-29
Updated: 2015-04-29
Comment: Linode, LLC
Comment: http://www.linode.com
Ref: https://rdap.arin.net/registry/ip/45.79.0.0

OrgName: Linode
OrgId: LINOD
Address: 249 Arch St
City: Philadelphia
StateProv: PA
PostalCode: 19106
Country: US
RegDate: 2008-04-24
Updated: 2019-06-28
Comment: http://www.linode.com
Ref: https://rdap.arin.net/registry/entity/LINOD

OrgNOCHandle: LNO21-ARIN
OrgNOCName: Linode Network Operations
OrgNOCPhone: +1-609-380-7304
OrgNOCEmail: support@linode.com
OrgNOCRef: https://rdap.arin.net/registry/entity/LNO21-ARIN

OrgAbuseHandle: LAS12-ARIN
OrgAbuseName: Linode Abuse Support
OrgAbusePhone: +1-609-380-7100
OrgAbuseEmail: abuse@linode.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LAS12-ARIN

OrgTechHandle: LNO21-ARIN
OrgTechName: Linode Network Operations
OrgTechPhone: +1-609-380-7304
OrgTechEmail: support@linode.com
OrgTechRef: https://rdap.arin.net/registry/entity/LNO21-ARIN

Опубликовано
В рубрике linode.com

Добавить комментарий

Ваш адрес email не будет опубликован.