Jump to content

[Solved] Suspended: edvicon

nimeshk

By nimeshk
in Suspended and Queued Accounts

 Share

Recommended Posts

nimeshk Newbie

nimeshk

Posted
Posted

Hi Admin,

 

* Username: edvicon

* Server: Tommy

* Main Domain: edvicon.heliohost.org (www.edvicon.org)

 

My account was suspended suddenly. Can you please unsuspend it for me? And I would like to know the reason for this suspension. So that I can ensure this won't happen again. This service is very important for us, as this site represents a non-profit start-up. So please help me fast as you can.

 

Best Regards,

Nimesh

wolstech Grand Master

wolstech

Posted
Posted

 

Abuse report. Dubious and/or malicious links at link.edvicon.org

 

 

And the abuse report in question:

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From 7113040874.58ba8d50@bounces.spamcop.net  Tue Mar  9 10:13:31 2021
Return-Path: <7113040874.58ba8d50@bounces.spamcop.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from mail.he.net (mail.he.net [216.218.186.2])
        by abuse.he.net (Postfix) with ESMTPS id EB682542C8C
        for <report@abuse.he.net>; Tue,  9 Mar 2021 10:13:30 -0800 (PST)
Authentication-Results: mail.he.net;
        spf=pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) smtp.mailfrom=7113040874.58ba8d50@bounces.spamcop.net;
        dmarc=none (Policy up to you. No DMARC record found) header.from=reports.spamcop.net
Received-SPF: pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) client-ip=184.94.240.112; envelope-from=7113040874.58ba8d50@bounces.spamcop.net; helo=vmx.spamcop.net;
Received: from vmx.spamcop.net ([184.94.240.112])
        by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD)
        for <abuse@he.net>; Tue, 9 Mar 2021 10:13:27 -0800
IronPort-SDR: mFFyMdVbug86w5Wwx2ff6TUlK76v/q5b2Gz6IQs4oC4JL1E1Hoz+sgpZpci4txM/nX8S/K40sG
 T6k8KhNcieDnx58SYG3+oACC6f5IVbvLd0XGGwzWb5hu9A4UsAfgVgjg9NQLmmdanyb9IC8xYq
 OpuMoNkSUvx5qnkEak5iwUCqfgnodw5xaP5kskz4my4A7IzEpn+OQ/rNwRMgwekSg4JbIPgudE
 HNElsdNOmLucvgYEESMeHb+02T8zM4Gdj+CVCPUdBPe6cQxjdPN51DEq42Z9+AZskvzBO+QJIF
 NLg=
Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226])
  by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 09 Mar 2021 10:13:27 -0800
Received: from [73.99.51.79] by spamcop.net
        with HTTP; Tue, 09 Mar 2021 18:13:27 GMT
Content-Type: multipart/report; report-type=feedback-report;
 boundary="----------=_1615313607-17249-1"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Date: Mon, 08 Mar 2021 13:00:43 -0500
From: "Koakoa" <7113040874@reports.spamcop.net>
To: abuse@he.net
Subject: [SpamCop (https://www.link.edvicon.org/myfla) id:7113040874]Your
 Personal information are not protected, Scan ..
Precedence: list
Message-ID: <rid_7113040874@msgid.spamcop.net>
X-Mailer: https://www.spamcop.net/ v5.3.0
X-Spamcop-Sourceip: 74.63.221.29

This is a multi-part message in MIME format...

------------=_1615313607-17249-1
Content-Type: text/plain; charset="charset=ISO-8859-1; format=flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

[ SpamCop V5.3.0 ]
This message is brief for your comfort.  Please use links below for details.

Spamvertised web site: https://www.link.edvicon.org/myfla
https://www.spamcop.net/w3m?i=z7113040874z58ba8d50670b1df7b27cf65ebb55e826z
https://www.link.edvicon.org/myfla is 65.19.143.6; Tue, 09 Mar 2021 18:13:21 GMT


This is an email abuse report for an email message received from IP source 74.63.221.29 on Mon, 08 Mar 2021 13:00:43 -0500
For more information about this format please see http://www.mipassoc.org/arf/
To change ARF message format to SpamCop format change settings on your preferences page: https://www.spamcop.net/mcgi?action=showispprefs

------------=_1615313607-17249-1
Content-Type: message/feedback-report
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Feedback-Type: abuse
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
        via https://www.spamcop.net
Version: 0.1
Received-Date: Mon, 08 Mar 2021 13:00:43 -0500
Source-IP: 74.63.221.29


------------=_1615313607-17249-1
Content-Type: message/rfc822;
Content-Disposition: inline
Content-Transfer-Encoding: binary

"From - Mon Mar  8 16:34:59 2021
"
X-Account-Key: account11
X-UIDL: 319083.0kvef6F6DGO3Lwynpauwx9zy8YQ=
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Received: from mx02.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.180) by
 md07.rcn.cmh.synacor.com with LMTP; Mon, 8 Mar 2021 13:01:00 -0500 (EST)
Return-Path: <>
X-Received-HELO: from [74.63.221.29] (helo=paper.ycvweb.com)
Authentication-Results: mx02.rcn.cmh.synacor.com smtp.mail=postmaster@paper.ycvweb.com; spf=neutral; sender-id=neutral
Authentication-Results: mx02.rcn.cmh.synacor.com header.from=boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com; sender-id=neutral
Received-SPF: neutral (mx02.rcn.cmh.synacor.com: 74.63.221.29 is neither permitted nor denied by domain of paper.ycvweb.com)
Received: from [74.63.221.29] ([74.63.221.29:34769] helo=paper.ycvweb.com)
        by mx.rcn.com (envelope-from <>)
        (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP
        id 4A/BD-57799-A4666406; Mon, 08 Mar 2021 13:00:43 -0500
Received: by fm.com (Postfix, from userid 100) id HX6WC8OWDURD1YA76DYHRJVBXB6V41;Mon, 8 Mar 2021 13:00:19 -0500
To: x
Date: Mon, 8 Mar 2021 13:00:19 -0500
Accept-Language: en-US, en-GB
Content-Language: en-US
From: Virus detected<KCJA6YNK4X6X4QTT6A2EIC1UYE6OAP.geo-mmmmm@fm.com>
Subject: Your Personal information are not protected, Scan now!
Message-Id: <BNVE______________________ET9Z@fm.com>
X_DLP_INBOUND: true
Importance: high
X-Priority: 1
X_DLP_INBOUND: true
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-Type: multipart/alternative;boundary=--boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Sender: <boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com>
X-Vade-Verdict: clean
X-Vade-Analysis: gggruggvucftvghtrhhoucdtuddrgeduledruddugedggeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuufgjpfetvefqtfdptfevpfenuceurghilhhouhhtmecufedtudenucfqnhhlhicuohhnvgcuphgrrhhtucdlhedumdenucfjughrpefvfffhuffkkgfrggfguggtshesrgekggertddtjeenucfhrhhomhepgghirhhushcuuggvthgvtghtvgguoefmveflteeijgfpmfegigeiigegsffvvfeitedvgffkvedufggjgfeiqfetrfdrghgvohdqmhhmmhhmmhesfhhmrdgtohhmqeenucggtffrrghtthgvrhhnpeffueejiedujeejvdevgeelteeivdejffetkeekudeivddvhedugeelgefgtedtvdenucffohhmrghinhepvgguvhhitghonhdrohhrghdpghhoohhglhgvrdgtohhmnecukfhppeejgedrieefrddvvddurddvleenucevlhhushhtvghrufhiiigvpedvkeejieenucfrrghrrghmpehinhgvthepjeegrdeifedrvddvuddrvdelnedpmhgrihhlfhhrohhmpeenpdhrtghpthhtoheprghlsggvrhhtshhonhhkohesvghrohhlshdrtghomhen
X-Vade-Client: RCN



----boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<center><h1></h1>
  <a href="https://www.link.edvicon.org/myfla">
<img src="https://www.link.edvicon.org/0d883"></a>
    <br>
    <a href="https://google.com/c1hooe">
<img src="https://google.com/o5nysg" style="display:none;" alt="fsz"></a>
</center>

------------=_1615313607-17249-1--

The links shown at the bottom of the report above were being advertised in spam email. From the looks of it, I suspect that whatever is at link.edvicon.org is hacked or was otherwise abused/compromised.

 

Can you explain what happened here? Also, are you able to remove those links and ensure that no such material is hosted on your site or advertised via spam going forward?

nimeshk Newbie

nimeshk

Posted
  • Author
Posted

 

 

Abuse report. Dubious and/or malicious links at link.edvicon.org

 

 

And the abuse report in question:

We have received a complaint about your account. Please investigate and fix within 24 hours.

Hurricane Electric Abuse Department
support@he.net

From 7113040874.58ba8d50@bounces.spamcop.net  Tue Mar  9 10:13:31 2021
Return-Path: <7113040874.58ba8d50@bounces.spamcop.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from mail.he.net (mail.he.net [216.218.186.2])
        by abuse.he.net (Postfix) with ESMTPS id EB682542C8C
        for <report@abuse.he.net>; Tue,  9 Mar 2021 10:13:30 -0800 (PST)
Authentication-Results: mail.he.net;
        spf=pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) smtp.mailfrom=7113040874.58ba8d50@bounces.spamcop.net;
        dmarc=none (Policy up to you. No DMARC record found) header.from=reports.spamcop.net
Received-SPF: pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) client-ip=184.94.240.112; envelope-from=7113040874.58ba8d50@bounces.spamcop.net; helo=vmx.spamcop.net;
Received: from vmx.spamcop.net ([184.94.240.112])
        by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD)
        for <abuse@he.net>; Tue, 9 Mar 2021 10:13:27 -0800
IronPort-SDR: mFFyMdVbug86w5Wwx2ff6TUlK76v/q5b2Gz6IQs4oC4JL1E1Hoz+sgpZpci4txM/nX8S/K40sG
 T6k8KhNcieDnx58SYG3+oACC6f5IVbvLd0XGGwzWb5hu9A4UsAfgVgjg9NQLmmdanyb9IC8xYq
 OpuMoNkSUvx5qnkEak5iwUCqfgnodw5xaP5kskz4my4A7IzEpn+OQ/rNwRMgwekSg4JbIPgudE
 HNElsdNOmLucvgYEESMeHb+02T8zM4Gdj+CVCPUdBPe6cQxjdPN51DEq42Z9+AZskvzBO+QJIF
 NLg=
Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226])
  by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 09 Mar 2021 10:13:27 -0800
Received: from [73.99.51.79] by spamcop.net
        with HTTP; Tue, 09 Mar 2021 18:13:27 GMT
Content-Type: multipart/report; report-type=feedback-report;
 boundary="----------=_1615313607-17249-1"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Date: Mon, 08 Mar 2021 13:00:43 -0500
From: "Koakoa" <7113040874@reports.spamcop.net>
To: abuse@he.net
Subject: [SpamCop (https://www.link.edvicon.org/myfla) id:7113040874]Your
 Personal information are not protected, Scan ..
Precedence: list
Message-ID: <rid_7113040874@msgid.spamcop.net>
X-Mailer: https://www.spamcop.net/ v5.3.0
X-Spamcop-Sourceip: 74.63.221.29

This is a multi-part message in MIME format...

------------=_1615313607-17249-1
Content-Type: text/plain; charset="charset=ISO-8859-1; format=flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

[ SpamCop V5.3.0 ]
This message is brief for your comfort.  Please use links below for details.

Spamvertised web site: https://www.link.edvicon.org/myfla
https://www.spamcop.net/w3m?i=z7113040874z58ba8d50670b1df7b27cf65ebb55e826z
https://www.link.edvicon.org/myfla is 65.19.143.6; Tue, 09 Mar 2021 18:13:21 GMT


This is an email abuse report for an email message received from IP source 74.63.221.29 on Mon, 08 Mar 2021 13:00:43 -0500
For more information about this format please see http://www.mipassoc.org/arf/
To change ARF message format to SpamCop format change settings on your preferences page: https://www.spamcop.net/mcgi?action=showispprefs

------------=_1615313607-17249-1
Content-Type: message/feedback-report
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Feedback-Type: abuse
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
        via https://www.spamcop.net
Version: 0.1
Received-Date: Mon, 08 Mar 2021 13:00:43 -0500
Source-IP: 74.63.221.29


------------=_1615313607-17249-1
Content-Type: message/rfc822;
Content-Disposition: inline
Content-Transfer-Encoding: binary

"From - Mon Mar  8 16:34:59 2021
"
X-Account-Key: account11
X-UIDL: 319083.0kvef6F6DGO3Lwynpauwx9zy8YQ=
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Received: from mx02.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.180) by
 md07.rcn.cmh.synacor.com with LMTP; Mon, 8 Mar 2021 13:01:00 -0500 (EST)
Return-Path: <>
X-Received-HELO: from [74.63.221.29] (helo=paper.ycvweb.com)
Authentication-Results: mx02.rcn.cmh.synacor.com smtp.mail=postmaster@paper.ycvweb.com; spf=neutral; sender-id=neutral
Authentication-Results: mx02.rcn.cmh.synacor.com header.from=boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com; sender-id=neutral
Received-SPF: neutral (mx02.rcn.cmh.synacor.com: 74.63.221.29 is neither permitted nor denied by domain of paper.ycvweb.com)
Received: from [74.63.221.29] ([74.63.221.29:34769] helo=paper.ycvweb.com)
        by mx.rcn.com (envelope-from <>)
        (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP
        id 4A/BD-57799-A4666406; Mon, 08 Mar 2021 13:00:43 -0500
Received: by fm.com (Postfix, from userid 100) id HX6WC8OWDURD1YA76DYHRJVBXB6V41;Mon, 8 Mar 2021 13:00:19 -0500
To: x
Date: Mon, 8 Mar 2021 13:00:19 -0500
Accept-Language: en-US, en-GB
Content-Language: en-US
From: Virus detected<KCJA6YNK4X6X4QTT6A2EIC1UYE6OAP.geo-mmmmm@fm.com>
Subject: Your Personal information are not protected, Scan now!
Message-Id: <BNVE______________________ET9Z@fm.com>
X_DLP_INBOUND: true
Importance: high
X-Priority: 1
X_DLP_INBOUND: true
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-Type: multipart/alternative;boundary=--boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Sender: <boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com>
X-Vade-Verdict: clean
X-Vade-Analysis: gggruggvucftvghtrhhoucdtuddrgeduledruddugedggeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuufgjpfetvefqtfdptfevpfenuceurghilhhouhhtmecufedtudenucfqnhhlhicuohhnvgcuphgrrhhtucdlhedumdenucfjughrpefvfffhuffkkgfrggfguggtshesrgekggertddtjeenucfhrhhomhepgghirhhushcuuggvthgvtghtvgguoefmveflteeijgfpmfegigeiigegsffvvfeitedvgffkvedufggjgfeiqfetrfdrghgvohdqmhhmmhhmmhesfhhmrdgtohhmqeenucggtffrrghtthgvrhhnpeffueejiedujeejvdevgeelteeivdejffetkeekudeivddvhedugeelgefgtedtvdenucffohhmrghinhepvgguvhhitghonhdrohhrghdpghhoohhglhgvrdgtohhmnecukfhppeejgedrieefrddvvddurddvleenucevlhhushhtvghrufhiiigvpedvkeejieenucfrrghrrghmpehinhgvthepjeegrdeifedrvddvuddrvdelnedpmhgrihhlfhhrohhmpeenpdhrtghpthhtoheprghlsggvrhhtshhonhhkohesvghrohhlshdrtghomhen
X-Vade-Client: RCN



----boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<center><h1></h1>
  <a href="https://www.link.edvicon.org/myfla">
<img src="https://www.link.edvicon.org/0d883"></a>
    <br>
    <a href="https://google.com/c1hooe">
<img src="https://google.com/o5nysg" style="display:none;" alt="fsz"></a>
</center>

------------=_1615313607-17249-1--

Can you explain what happened here?

 

 

Hi Admin,

 

Thank you for quick response.

 

link.edvicon.org is a URL shortning service. So users can shorten their lengthy URLs. It seems that someone has use this for malicious activities. Since the server is down, I'm unable to test the mentioned link in the report: https://www.link.edvicon.org/myfla

 

This is a sub service we provided. But if it needs to be removed, we can take that service down. Because other services are important for us than this.

 

Please let me know your reply.

 

Thank you.

 

BR,

Nimesh

wolstech Grand Master

wolstech

Posted
Posted

Please remove that service as quickly as possible and don't offer such a service going forward, it'll only result in us receiving similar reports when the links end up involved in spam or illegal activity.

 

The link in question forwarded to a Norton Security affiliate/referrals page and was being sent in spam emails (the sender was hoping to make a quick buck or score free licenses through the referral program most likely).

 

Unsuspended.

  • Like 1
nimeshk Newbie

nimeshk

Posted
  • Author
Posted

Hi Admin,

 

Thank you for the support.

 

I have already informed the IT team to take this down. It'll be removed completely within next 24 hours.

 

BR,

Nimesh

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...