seo and webdesigner spammers are weird

Kkaran Bahree indian crook of well know ill repute

Strange bunch – I would like to know

why send via outlook,com – microsoft free email it is not like microsoft are writing ie6 compatible sites for us, I hate microsoft and report it as spam and i can fuck up microsoft free email that way too..

I am amused to read (if it gets past the spam filter) that microshit only employ 10 people.  Are these indians doing this too incompetent to have a domain themselves ?

Use of return receipts  – so first thing it does is ask for a confirmation and them ….

Asks for another human reply -you just got one so what was wrong with the one from above ? you demanded .

no checking of websites – The monkey house does not give a shit that we are not number 1, and yes our design is mobile friendly.

Forward of the original email.  – er why would i reply to that ?

Anyhow

Microsoft home to paid spammers and fraudsters

Kkaran Bahree noted crook

I have in the past lamented the sad state of microsoft clients who it appears to be Nigerians wishing to donate billions of dollars to you and me are at home in the zoo.

One day i noticed that one set a spammers where using the newish microsoft ‘cloud’ which i believe is paid for rather than hotmail ‘free’.

At least they are paying microsoft after all free spam is not on is it 104.40.0.0/13.  Lets hope they got paid rather than indicate a security hole in shit software.

I am happy to associate both scammer and microsoft as both shady and this evidence i once saw made me very happy and it proved it the collusion which i am sure somebody at microsoft sales will regret selling

I was very happy that day.

2017 targetted whois spam

well there was n bomb and ….

The zoo’s (plus zoo1 -3) domain owner account is not handled by the zoo, but a separate email system that i do not control. Just in case things go apocalyptic.

So i do get some spam

I login about once a week and clear the crap which strangely appears to be supermarket vouchers and i doubt these ‘organisations’ pay out and they are data phishing scams of which the monkey house has no interest in discovering and probably need a facebook thing that i do not have – most things need facebook if its scammy/marketing.

I never look at them except at the brand names being ripped off – why would a discount German based supermarket be offering more money off on its ‘low’ prices*.

scumbag spammer Robert Soloway

Anyhow its very boring compared to the crap Robert Soloway (my blog) sent and who i helped play a part in his downfall.

Anyhow since role accounts are hosted by us and they get no spam it is good way to judge our email system. ssl confirmations and other stuff do get through.

*an exercise left to the reader to figure out

Zimbabwean isps in the wild

the boss of unemployment

Zimbabwe sends the zoo some odd attempted email traffic considering that 96% of its people are unemployed and the chinese rmb (my blog) is its currency last time i checked.

Those Chinese people are sure generous with money and the family who run it.

The more exotic the country (my blog) then the more fun these are to do

197.221.237.138 attempts 56

/smtpd[*]: warning: hostname 16.138.telone.co.zw does not resolve to address 197.221.237.138: No address associated with hostname

197.221.240.250 attempts 4

smtpd[*]: warning: hostname 16.250.telone.co.zw does not resolve to address 197.221.240.250: No address associated with hostname

196.27.127.154 attempts 2

policyd-spf[*0]: None; identity=helo; client-ip=196.27.127.154; helo=307311.customer.zol.co.zw; envelope-from=karrycristinajm@excite.it; receiver=ape@zoo
smtpd[*]: NOQUEUE: reject: RCPT from unknown[196.27.127.154]: 554 5.7.1 Service unavailable; Client host [196.27.127.154] blocked using xbl.spamhaus.org; https://www.spamhaus.org/query/ip/196.27.127.154;

The last one is kind of interesting but it has deemed spammy and quite why an Italian domain is sending mail from there confirms it.

Surely they cannot all be unemployed spammers, or perhaps the best ones emigrate to Nigeria ?

The .zw tld does not help being one of the last so they kind of deserve the attention being my geoip script lists it last and so sticks out like a sore thumb..Anyhow it is amusing that its leader who hates the english (not americans) allows his citizens to try and email the zoo i mean that being a really shit despot mind you there’s the 4% he still has to make jobless.

Try harder Grace Mugabe.

Afghanistan internet favourites

So another .af address (my blog) had a quick chat with the email server.

smtpd[*]: connect from unknown[117.55.207.29]
policyd-spf[*]: None; identity=helo; client-ip=117.55.207.29; helo=[117.55.207.4]; envelope-from=mfd@thezoo; receiver=user@thezoo
policyd-spf[*]: Fail; identity=mailfrom; client-ip=117.55.207.29; helo=[117.55.207.4]; envelope-from=mfd@thezoo; receiver=user@thezoo
smtpd[*]: NOQUEUE: reject: RCPT from unknown[117.55.207.29]: 554 5.7.1 Service unavailable; Client host [117.55.207.29] blocked using xbl.spamhaus.org; https://www.spamhaus.org/query/ip/117.55.207.29; from=<MFD@thezoo> to=<user@thezoo> proto=ESMTP helo=<[117.55.207.4]>
smtpd[*]: disconnect from unknown[117.55.207.29]

the man who became a pig

So lets say a big hello to

address: Neda Telecommunications 13, Esmat Muslim Street,Shar-e-Naw Kabul, Afghanistan
e-mail: abuse@neda.af

Oddly there pretending to be the zoo – Probably not pork product spam then.

The paradox of cavemen selling art

I wrote a geoip script (my blog) and if you mess about with various log formats it works with many output logs since they all differ to a certain extent and so i ran it aganust our email server.

So i got curious and wondered what Afghanistan was sending….

/smtpd[*]: connect from unknown[103.224.215.18]
policyd-spf[*]: Neutral; identity=mailfrom; client-ip=103.224.215.18; helo=[103.224.215.18]; envelope-from=*@billwatsonfineart.com; receiver=thezoo
/smtpd[*]: NOQUEUE: reject: RCPT from unknown[103.224.215.18]: 554 5.7.1 Service unavailable; Client host [103.224.215.18] blocked using xbl.spamhaus.org; 103.224.215.18; from=.215.18; from=<*@billwatsonfineart.com> to=<*@billwatsonfineart.com> to=<thezoo> proto=ESMTP helo=<[103.224.215.18]>
/smtpd[*]: disconnect from unknown[103.224.215.18]

No idea but Afganistan selling art sounds wrong based on this (my blog).  I am sure the domain owner would not be welcome in Kabul.

 103.224.214.1 - 103.224.215.254
 Giganor-BroadBand-wireless-customers
 H # 263, Shora Street 4, Cart e 3, Kabul Kabul
 AF
 abuse-mailbox:  support@giganor.com

This ‘Freedom’ seems wasted on Islamic believers, However i guess it might be drugs or something deemed moral after all it been already flagged as spam its certainly not bacon.

The moral to this story do not use godaddy (my blog) who our cavemen are using for a false identity.

A picard moment for you (shodan.io)

Oh yes its our friendly scumbags from shodan (my blog) – over to you captain

connect from 
cloud.census.shodan.io[94.102.49.193]

Its from our beachhut scanning outpost in the Seychelles (my blog) and a small /24 this time if you want to mass block this scammy isp and its lovely client.

So shields up, and i hope you never get this recycled ip addresss once shodan.io have fucked it up reputation wise.  I never delist shodian.io ip addresses from who ever the isp is.

Enjoy your day.

rpz zones for the few not the many

Bananas was interested in rpz zones which nothing to do with car parking or planning regulations but dns zones, they look quite simple until you try and get one.

seocrookHowever with a bit searching rpz zones could be manually created and work but then its a little out of date, most threat zones are small rather than large so having a good mail server is way more important than a rpz zone blocking a specific url sent in a scammy email say.

bank.barclays.co.uk.olb-auth-loginlink.action. asdasd45.as4d56asdas.da 4s65d46asdasdsd. ta77lia. com _b

Whois says Egypt owner and hosted in DE  and  I guess it depends on how dumb your network users are, how money grabbing and unethical an ssl certificate provider is and how long it takes them to ignore abuse emails to the hosting provider to shutdown something.

Getting bad site data is quite easy once you start but making it rpz friendly is another  Theme and user content directories are popular for bad permissions and like the link above look shady.

Some malware domains just use an ip address so whether or not an rpz zone would work is a little more questionable.  A general and unscientific match of mail server abuse to phlishing domains (a grep) seems that these are tasked to one job only so there is no overlap by domain name.

rpz’s sound great but with freshness and everybody playing catch up perhaps its best that there left as something that just cisco users have.

Email for imaginary zoo staff

portal2melstoriesThe monkey houses email server is quite busy and to keep it that way the website has some famous video game characters  listed in a comment in html so your usually a robot extracting them rather than a carbon based lifeform with a computer.

It amazes me that people actually email these addresses which do not exist but might because there ‘listed’.

China seems to like them and these captains of banana management, and who am i not to keep the spammers happy?  Have no idea what was sent to these imaginary zoo employees but you too can buy them from spammers.

Some spammers get close but make the most amusing mistakes, you know who to email, our imaginary zoo staff will be happy to get your email honest.