And the abuse report in question:
We have received a complaint about your account. Please investigate and fix within 24 hours.
Hurricane Electric Abuse Department
support@he.net
From 7113040874.58ba8d50@bounces.spamcop.net Tue Mar 9 10:13:31 2021
Return-Path: <7113040874.58ba8d50@bounces.spamcop.net>
X-Original-To: report@abuse.he.net
Delivered-To: report@abuse.he.net
Received: from mail.he.net (mail.he.net [216.218.186.2])
by abuse.he.net (Postfix) with ESMTPS id EB682542C8C
for <report@abuse.he.net>; Tue, 9 Mar 2021 10:13:30 -0800 (PST)
Authentication-Results: mail.he.net;
spf=pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) smtp.mailfrom=7113040874.58ba8d50@bounces.spamcop.net;
dmarc=none (Policy up to you. No DMARC record found) header.from=reports.spamcop.net
Received-SPF: pass (mail.he.net: domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender) client-ip=184.94.240.112; envelope-from=7113040874.58ba8d50@bounces.spamcop.net; helo=vmx.spamcop.net;
Received: from vmx.spamcop.net ([184.94.240.112])
by he.net with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384:TLSv1.2:Kx=ECDH:Au=RSA:Enc=AESGCM(256):Mac=AEAD)
for <abuse@he.net>; Tue, 9 Mar 2021 10:13:27 -0800
IronPort-SDR: mFFyMdVbug86w5Wwx2ff6TUlK76v/q5b2Gz6IQs4oC4JL1E1Hoz+sgpZpci4txM/nX8S/K40sG
T6k8KhNcieDnx58SYG3+oACC6f5IVbvLd0XGGwzWb5hu9A4UsAfgVgjg9NQLmmdanyb9IC8xYq
OpuMoNkSUvx5qnkEak5iwUCqfgnodw5xaP5kskz4my4A7IzEpn+OQ/rNwRMgwekSg4JbIPgudE
HNElsdNOmLucvgYEESMeHb+02T8zM4Gdj+CVCPUdBPe6cQxjdPN51DEq42Z9+AZskvzBO+QJIF
NLg=
Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226])
by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 09 Mar 2021 10:13:27 -0800
Received: from [73.99.51.79] by spamcop.net
with HTTP; Tue, 09 Mar 2021 18:13:27 GMT
Content-Type: multipart/report; report-type=feedback-report;
boundary="----------=_1615313607-17249-1"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Date: Mon, 08 Mar 2021 13:00:43 -0500
From: "Koakoa" <7113040874@reports.spamcop.net>
To: abuse@he.net
Subject: [SpamCop (https://www.link.edvicon.org/myfla) id:7113040874]Your
Personal information are not protected, Scan ..
Precedence: list
Message-ID: <rid_7113040874@msgid.spamcop.net>
X-Mailer: https://www.spamcop.net/ v5.3.0
X-Spamcop-Sourceip: 74.63.221.29
This is a multi-part message in MIME format...
------------=_1615313607-17249-1
Content-Type: text/plain; charset="charset=ISO-8859-1; format=flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
[ SpamCop V5.3.0 ]
This message is brief for your comfort. Please use links below for details.
Spamvertised web site: https://www.link.edvicon.org/myfla
https://www.spamcop.net/w3m?i=z7113040874z58ba8d50670b1df7b27cf65ebb55e826z
https://www.link.edvicon.org/myfla is 65.19.143.6; Tue, 09 Mar 2021 18:13:21 GMT
This is an email abuse report for an email message received from IP source 74.63.221.29 on Mon, 08 Mar 2021 13:00:43 -0500
For more information about this format please see http://www.mipassoc.org/arf/
To change ARF message format to SpamCop format change settings on your preferences page: https://www.spamcop.net/mcgi?action=showispprefs
------------=_1615313607-17249-1
Content-Type: message/feedback-report
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Feedback-Type: abuse
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
via https://www.spamcop.net
Version: 0.1
Received-Date: Mon, 08 Mar 2021 13:00:43 -0500
Source-IP: 74.63.221.29
------------=_1615313607-17249-1
Content-Type: message/rfc822;
Content-Disposition: inline
Content-Transfer-Encoding: binary
"From - Mon Mar 8 16:34:59 2021
"
X-Account-Key: account11
X-UIDL: 319083.0kvef6F6DGO3Lwynpauwx9zy8YQ=
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Received: from mx02.rcn.cmh.synacor.com (LHLO mx.rcn.com) (10.33.3.180) by
md07.rcn.cmh.synacor.com with LMTP; Mon, 8 Mar 2021 13:01:00 -0500 (EST)
Return-Path: <>
X-Received-HELO: from [74.63.221.29] (helo=paper.ycvweb.com)
Authentication-Results: mx02.rcn.cmh.synacor.com smtp.mail=postmaster@paper.ycvweb.com; spf=neutral; sender-id=neutral
Authentication-Results: mx02.rcn.cmh.synacor.com header.from=boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com; sender-id=neutral
Received-SPF: neutral (mx02.rcn.cmh.synacor.com: 74.63.221.29 is neither permitted nor denied by domain of paper.ycvweb.com)
Received: from [74.63.221.29] ([74.63.221.29:34769] helo=paper.ycvweb.com)
by mx.rcn.com (envelope-from <>)
(ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP
id 4A/BD-57799-A4666406; Mon, 08 Mar 2021 13:00:43 -0500
Received: by fm.com (Postfix, from userid 100) id HX6WC8OWDURD1YA76DYHRJVBXB6V41;Mon, 8 Mar 2021 13:00:19 -0500
To: x
Date: Mon, 8 Mar 2021 13:00:19 -0500
Accept-Language: en-US, en-GB
Content-Language: en-US
From: Virus detected<KCJA6YNK4X6X4QTT6A2EIC1UYE6OAP.geo-mmmmm@fm.com>
Subject: Your Personal information are not protected, Scan now!
Message-Id: <BNVE______________________ET9Z@fm.com>
X_DLP_INBOUND: true
Importance: high
X-Priority: 1
X_DLP_INBOUND: true
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Content-Type: multipart/alternative;boundary=--boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Sender: <boxLight4.LE2BLOHE5J8EDS4E2TOAXPPL6167TC@fm.com>
X-Vade-Verdict: clean
X-Vade-Analysis: gggruggvucftvghtrhhoucdtuddrgeduledruddugedggeegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuufgjpfetvefqtfdptfevpfenuceurghilhhouhhtmecufedtudenucfqnhhlhicuohhnvgcuphgrrhhtucdlhedumdenucfjughrpefvfffhuffkkgfrggfguggtshesrgekggertddtjeenucfhrhhomhepgghirhhushcuuggvthgvtghtvgguoefmveflteeijgfpmfegigeiigegsffvvfeitedvgffkvedufggjgfeiqfetrfdrghgvohdqmhhmmhhmmhesfhhmrdgtohhmqeenucggtffrrghtthgvrhhnpeffueejiedujeejvdevgeelteeivdejffetkeekudeivddvhedugeelgefgtedtvdenucffohhmrghinhepvgguvhhitghonhdrohhrghdpghhoohhglhgvrdgtohhmnecukfhppeejgedrieefrddvvddurddvleenucevlhhushhtvghrufhiiigvpedvkeejieenucfrrghrrghmpehinhgvthepjeegrdeifedrvddvuddrvdelnedpmhgrihhlfhhrohhmpeenpdhrtghpthhtoheprghlsggvrhhtshhonhhkohesvghrohhlshdrtghomhen
X-Vade-Client: RCN
----boundary_36347130_f7d50c66-0077-4e20-a6a0-8e909d2c1ffd
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<center><h1></h1>
<a href="https://www.link.edvicon.org/myfla">
<img src="https://www.link.edvicon.org/0d883"></a>
<br>
<a href="https://google.com/c1hooe">
<img src="https://google.com/o5nysg" style="display:none;" alt="fsz"></a>
</center>
------------=_1615313607-17249-1--
Can you explain what happened here? Hi Admin, Thank you for quick response. link.edvicon.org is a URL shortning service. So users can shorten their lengthy URLs. It seems that someone has use this for malicious activities. Since the server is down, I'm unable to test the mentioned link in the report: https://www.link.edvicon.org/myfla This is a sub service we provided. But if it needs to be removed, we can take that service down. Because other services are important for us than this. Please let me know your reply. Thank you. BR, Nimesh