Bulk emailer mailzapp.io is operating a tracking host for bulk emails that they send on several IP addresses at OVH. Their customer supercool.email is sending spam to a list scraped from Whois records and other sources, possibly purchased from a third party.
Spamhaus has seen occasional spamtrap hits from mailzapp.io, but so far this is the first that has reached a threshold requiring attention from us. We hope it will be the last.
SPAM SAMPLE:
Received: from mta16.mailzapp.io (mta16.mailzapp.io [216.169.98.186])
Date: Fri, 31 Dec 2021 02:##:## +0000
From: SuperCool <Special@supercool.email>
Subject: Did God Inspire This, and Choose You ? What If ?
<snip>
Did God Inspire This, and Choose You ? What If ?
Hi,
I don’t know if you use the name “God”, “Creator”,
«Source”, “Higher Power” or another name…
But I do know “Awesome” when I see it !
https://charity.thrivecart.com/bundle/
<snip>
[ Unsubscribe ]
[[ http://tracking.supercool.email/tracking/click?<x> ]]
Calle Margarita, Suite 115, Pozos de Santa Ana, San Jose 10903, Costa Rica.
<snip>
HOST LOOKUP:
$ host tracking.supercool.email
tracking.supercool.email is an alias for tracking.mailzapp.io.
tracking.mailzapp.io is an alias for api.elasticemail.com.
api.elasticemail.com has address 94.23.161.19
api.elasticemail.com has address 46.105.88.234
api.elasticemail.com has address 188.165.1.80
api.elasticemail.com has address 164.132.95.123
api.elasticemail.com has address 54.38.226.140
WHOIS:
% Information related to ‘94.23.160.0 — 94.23.167.255’
% Abuse contact for ‘94.23.160.0 — 94.23.167.255’ is ‘abuse@ovh.net’
inetnum: 94.23.160.0 — 94.23.167.255
netname: DE-OVH
descr: OVH GmbH
country: DE
org: ORG-OG9-RIPE
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
created: 2009-05-14T11:22:50Z
last-modified: 2009-05-14T11:22:50Z
source: RIPE
organisation: ORG-OG9-RIPE
org-name: OVH GmbH
org-type: OTHER
address: St. Johanner Str. 41-43
address: 66111 Saarbrucken
address: Deutschland
abuse-c: ACRO39426-RIPE
admin-c: OTC13-RIPE
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
created: 2005-09-02T12:40:05Z
last-modified: 2021-02-26T13:10:09Z
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
tech-c: SL10162-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2004-01-28T17:42:29Z
last-modified: 2014-09-05T10:47:15Z
source: RIPE # Filtered
person: Octave Klaba
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
phone: +33 9 74 53 13 23
nic-hdl: OK217-RIPE
mnt-by: OVH-MNT
created: 1970-01-01T00:00:00Z
last-modified: 2017-10-30T21:44:51Z
source: RIPE # Filtered
% Information related to ‘94.23.0.0/16AS16276’
route: 94.23.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
created: 2008-07-15T16:59:42Z
last-modified: 2008-07-15T16:59:42Z
source: RIPE # Filtered
% Information related to ‘46.105.88.192 — 46.105.88.255’
% Abuse contact for ‘46.105.88.192 — 46.105.88.255’ is ‘abuse@ovh.net’
inetnum: 46.105.88.192 — 46.105.88.255
netname: OVH-DEDICATED-46-105-88-192-FO
descr: Dedicated Servers
country: IE
org: ORG-OH5-RIPE
admin-c: OTC9-RIPE
tech-c: OTC9-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
created: 2016-01-14T15:50:24Z
last-modified: 2016-01-14T15:50:24Z
source: RIPE
organisation: ORG-OH5-RIPE
org-name: OVH Hosting Limited
org-type: OTHER
address: 5 Fitzwilliam Place
address: Dublin 2
address: Ireland
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
created: 2009-09-16T15:41:10Z
last-modified: 2017-10-30T16:13:19Z
source: RIPE # Filtered
role: OVH IE Technical Contact
address: OVH Hosting Limited
address: 5 Fitzwilliam Place
address: Dublin 2
address: Ireland
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC9-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2009-09-16T15:41:10Z
last-modified: 2009-09-16T15:41:10Z
source: RIPE # Filtered
% Information related to ‘46.105.0.0/16AS16276’
route: 46.105.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
created: 2011-01-06T17:04:52Z
last-modified: 2011-01-06T17:04:52Z
source: RIPE # Filtered
% Information related to ‘188.165.0.0 — 188.165.7.255’
% Abuse contact for ‘188.165.0.0 — 188.165.7.255’ is ‘abuse@ovh.net’
inetnum: 188.165.0.0 — 188.165.7.255
netname: IE-OVH
descr: OVH Hosting Limited
country: IE
org: ORG-OH5-RIPE
admin-c: OTC9-RIPE
tech-c: OTC9-RIPE
status: ASSIGNED PA
remarks: INFRA-AW
mnt-by: OVH-MNT
created: 2016-09-29T10:45:44Z
last-modified: 2016-09-29T10:45:44Z
source: RIPE
organisation: ORG-OH5-RIPE
org-name: OVH Hosting Limited
org-type: OTHER
address: 5 Fitzwilliam Place
address: Dublin 2
address: Ireland
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
created: 2009-09-16T15:41:10Z
last-modified: 2017-10-30T16:13:19Z
source: RIPE # Filtered
role: OVH IE Technical Contact
address: OVH Hosting Limited
address: 5 Fitzwilliam Place
address: Dublin 2
address: Ireland
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC9-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2009-09-16T15:41:10Z
last-modified: 2009-09-16T15:41:10Z
source: RIPE # Filtered
% Information related to ‘188.165.0.0/16AS16276’
route: 188.165.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
created: 2009-06-08T16:23:41Z
last-modified: 2009-06-08T16:23:41Z
source: RIPE # Filtered
% Information related to ‘164.132.95.64 — 164.132.95.127’
% Abuse contact for ‘164.132.95.64 — 164.132.95.127’ is ‘abuse@ovh.net’
inetnum: 164.132.95.64 — 164.132.95.127
netname: OVH-DEDICATED-FO
country: FR
descr: Failover IPs
org: ORG-OS3-RIPE
admin-c: OTC2-RIPE
tech-c: OTC2-RIPE
status: LEGACY
mnt-by: OVH-MNT
created: 2019-04-02T08:16:38Z
last-modified: 2019-04-02T08:16:38Z
source: RIPE
organisation: ORG-OS3-RIPE
org-name: OVH SAS
country: FR
org-type: LIR
address: 2 rue Kellermann
address: 59100
address: Roubaix
address: FRANCE
phone: +33972101007
admin-c: OTC2-RIPE
admin-c: OK217-RIPE
admin-c: GM84-RIPE
abuse-c: AR15333-RIPE
mnt-ref: OVH-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: OVH-MNT
created: 2004-04-17T11:23:17Z
last-modified: 2020-12-16T10:24:51Z
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
tech-c: SL10162-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2004-01-28T17:42:29Z
last-modified: 2014-09-05T10:47:15Z
source: RIPE # Filtered
% Information related to ‘164.132.0.0/16AS16276’
route: 164.132.0.0/16
descr: OVH
origin: AS16276
mnt-by: OVH-MNT
created: 2015-12-09T09:54:51Z
last-modified: 2015-12-09T09:58:12Z
source: RIPE
% Information related to ‘54.38.226.0 — 54.38.226.255’
% Abuse contact for ‘54.38.226.0 — 54.38.226.255’ is ‘abuse@ovh.net’
inetnum: 54.38.226.0 — 54.38.226.255
netname: OVH-DEDICATED-FO
country: FR
descr: Failover IPs
org: ORG-OS3-RIPE
admin-c: OTC2-RIPE
tech-c: OTC2-RIPE
status: LEGACY
mnt-by: OVH-MNT
created: 2018-03-08T19:10:08Z
last-modified: 2018-03-08T19:10:08Z
source: RIPE
organisation: ORG-OS3-RIPE
org-name: OVH SAS
country: FR
org-type: LIR
address: 2 rue Kellermann
address: 59100
address: Roubaix
address: FRANCE
phone: +33972101007
admin-c: OTC2-RIPE
admin-c: OK217-RIPE
admin-c: GM84-RIPE
abuse-c: AR15333-RIPE
mnt-ref: OVH-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: OVH-MNT
created: 2004-04-17T11:23:17Z
last-modified: 2020-12-16T10:24:51Z
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
tech-c: SL10162-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2004-01-28T17:42:29Z
last-modified: 2014-09-05T10:47:15Z
source: RIPE # Filtered
% Information related to ‘54.38.0.0/16AS16276’
route: 54.38.0.0/16
origin: AS16276
mnt-by: OVH-MNT
created: 2017-10-06T07:58:11Z
last-modified: 2017-10-06T07:58:11Z
source: RIPE
[whois.nic.io]
Domain Name: mailzapp.io
Registry Domain ID: c18dfbef114e430e96ac53c9aece8fc9-DONUTS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://www.namecheap.com/
Updated Date: 2021-05-27T20:32:26Z
Creation Date: 2021-03-28T09:07:15Z
Registry Expiry Date: 2022-03-28T09:07:15Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Capital Region
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: IS
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: dns1.registrar-servers.com
Name Server: dns2.registrar-servers.com
DNSSEC: unsigned