Oh yes its our friendly scumbags from shodan (my blog) – over to you captain
Its from our beachhut scanning outpost in the Seychelles (my blog) and a small /24 this time if you want to mass block this scammy isp and its lovely client.
So shields up, and i hope you never get this recycled ip addresss once shodan.io have fucked it up reputation wise. I never delist shodian.io ip addresses from who ever the isp is.
Enjoy your day.
Bananas was interested in rpz zones which nothing to do with car parking or planning regulations but dns zones, they look quite simple until you try and get one.
However with a bit searching rpz zones could be manually created and work but then its a little out of date, most threat zones are small rather than large so having a good mail server is way more important than a rpz zone blocking a specific url sent in a scammy email say.
bank.barclays.co.uk.olb-auth-loginlink.action. asdasd45.as4d56asdas.da 4s65d46asdasdsd. ta77lia. com _b
Whois says Egypt owner and hosted in DE and I guess it depends on how dumb your network users are, how money grabbing and unethical an ssl certificate provider is and how long it takes them to ignore abuse emails to the hosting provider to shutdown something.
Getting bad site data is quite easy once you start but making it rpz friendly is another Theme and user content directories are popular for bad permissions and like the link above look shady.
Some malware domains just use an ip address so whether or not an rpz zone would work is a little more questionable. A general and unscientific match of mail server abuse to phlishing domains (a grep) seems that these are tasked to one job only so there is no overlap by domain name.
rpz’s sound great but with freshness and everybody playing catch up perhaps its best that there left as something that just cisco users have.
The monkey houses email server is quite busy and to keep it that way the website has some famous video game characters listed in a comment in html so your usually a robot extracting them rather than a carbon based lifeform with a computer.
It amazes me that people actually email these addresses which do not exist but might because there ‘listed’.
China seems to like them and these captains of banana management, and who am i not to keep the spammers happy? Have no idea what was sent to these imaginary zoo employees but you too can buy them from spammers.
Some spammers get close but make the most amusing mistakes, you know who to email, our imaginary zoo staff will be happy to get your email honest.
Another sighting for you (my blog) from the unbeautiful Seychelles this time. It is 18.104.22.168 from an isp i have mentioned for dns probers quasinetworks.com (my blog)and its a house..
connect from house.census.shodan.io[22.214.171.124]
So one more to crimson firewall. I like blocking shodan.io ip addresses and you should too.
I like writing posts about shodan.- come on send me more shodan this is fun.
I was looking at the zoo’s mailserver logs (hint really exciting) and saw facebook trying to connect to an unknown user. I decided to see more and got something like this.
I have printed the magic command somewhere on this blog so this is not impossible output.
69.171.232 Which is facebook and i decided that there no reason to tolerate this crap since no ape here in the zoo is officially on facebook or the new person they think exists. I also made a cron job so the zoo can be alerted as to extra activity which i have not yet blocked it runs once a day.
Fuck off Facebook.
Remember them ? (my blog) well a new range of addresses was being used by them the assistant was not a spam target, the boss was.
It made me laugh while looking at the cron logs some months ago.
I blocked the range of new addresses. Have not heard from them since.
I might unblock some spam ranges in a years time to further punish the isp who hopefully got paid but if they did not hey that’s not my problem if they sell crap to spammers and let me value your ranges as crap is my logic.
Facebook (or its ‘users’*) where trying to send something to an made up email address. So i decided to block facebook mail. Why ? – because i can
I deployed the mallet (my blog)
ip route show | grep 69.171;ip route show | grep 66.220
I hope you find this informative if your getting undeliverable crap from facebook via email.
Another facebook like name is ghostforfacebook (my blog) There worth banning too.
*i would guess crooks.
When you get junk email from Burkina Faso (a country and not a brand of muesli*) you just know that somebody has been selling email lists.
Anyhow its nice to know there is a least one computer there.
*sounds like one
scumbag spammer Robert Soloway
With this (my blog) i am now detecting more viruses than spam which has taken a holiday. I am not complaining although making custom spamassassin rules and testing them is a bit of a pain.
I have no complaints from people either So lets call it a win.
It is august and India famed for her scammers and crooks like Kkaran Bahree (my blog) are attempting to send viruses.
Mr Bahree was famous for selling bank account details from India until found out.
I wonder that once infected, how soon would an Indian ring the zoo and ‘fix it‘ (my blog).
Perhaps i should block indians from emailing the zoo.