I think you sent the report to the wrong instance. Thats why they said it was
illegitimate, because HIVELOCITY is the ISP of the web hotel. Try
[email protected] , which is the web hotel of the phisher.
-------- Originalmeddelande --------Från: Lennart Mühlenmeier - GFF via mailop
<[email protected]> Datum: 2025-12-04 06:36 (GMT+01:00) Till:
[email protected] Ämne: [mailop] AS29802 allows their customers to send
phishing mails, disregards abuse complaints Dear list,this is my first post
here. I am the IT officer and thus postmaster of aBerlin based NGO. Since our
founding in 2015, we have tried to hosteverything ourselves – including our
mail server. It's unironically fun.On 2025-11-19 our boss recieved a phishing
mail asking him to click alink to reset his password for his expiring mail
account. He flaggedthis malicious mail internally. I took care of it this week
after myholidays.The URL to "reset the password" was clearly malicious,
pointing to acPanel Webmail Login Field hosted in India. I'll also flag this
websiteto the hoster, but my problem right now is about the phishing mail,which
was sent out of AS29802 HIVELOCITY, Inc. based in Florida, USA.The headers of
the mail included:> Received: from jupiter.ileysinc.com (jupiter.ileysinc.com
[209.133.220.9])> by mail.freiheitsrechte.org (Postfix) with ESMTPS id
205F42395EEA> for <[email protected]>; Wed, 19 Nov 2025
09:44:32 +0100 (CET)> […]> X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report> X-AntiAbuse: Primary Hostname -
jupiter.ileysinc.com> X-AntiAbuse: Original Domain - freiheitsrechte.org>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]> X-AntiAbuse: Sender
Address Domain - freiheitsrechte.org> X-Get-Message-Sender-Via:
jupiter.ileysinc.com: authenticated_id: [email protected]>
X-Authenticated-Sender: jupiter.ileysinc.com: [email protected] you may see,
this actor also spoofed the sender, showing as it musthave come from our own
mail server. We do not check DKIM strictly…On 2025-12-02 I sent an abuse
complaint to [email protected],including context about the abuse, and even
attaching the mail includingits headers. On 2025-12-03 I recieved the following
reply:> Hi, we have determined that this abuse case regarding IP 209.133.220.9>
is not valid. Please refrain from making illegitimate reports to our> abuse
team, thank you. This is an automated message, please do not reply> to this
email.I guess they just do not care. I never heard of that AS before.
Myquestions for this mailing list are:1. Are they known for being oblivious?2.
Could there be any other reason for such a reply?I feel like I'm being taken
for a ride with that kind of answer, but Ialso have to laugh a little. If
anyone needs a hoster to send phishingcampaigns, you now know where to go. If
their reply was a mistake, well…that should not happen, if you work in the
abuse team IMHO.Happy about any input on this, thanks!BestLennart--
Gesellschaft für Freiheitsrechte e.V.Boyenstraße 41D - 10115 BerlinLennart
MühlenmeierIT-ReferentPronomen:
er/ihmlennart.muehlenmeier@freiheitsrechte.org3701F7B941FC3FBCF22853782D6E1CB58D4460E3Unbequem
seit 2015.Was wir bisher erreicht haben:https://freiheitsrechte.org/10ygffMit
Ihnen geht noch mehr:https://freiheitsrechte.org/mitmachenSpendenkonto der
GFF:IBAN: DE88 4306 0967 1182 9121 00BIC: GENODEM1GLSFür die Grundrechte vor
Gericht.Machen Sie mit:
https://freiheitsrechte.org/join_______________________________________________mailop
mailing [email protected]https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
