31 Dec
2015
31 Dec
'15
8:08 p.m.
Subject:
[44net] Suspected Spam or Phishing Request through the AMPR portal
From:
Elias Basse <kd5jfe(a)gmail.com>
Date:
12/31/2015 02:17 PM
To:
AMPRNet Working Group Email <44net(a)hamradio.ucsd.edu>
All,
Received a strange request today for an allocation.
You have received a request for an IP allocation from:
Name: Rickey Francis
Email:Admin@abc-hosters.com <mailto:Admin@abc-hosters.com>
Callsign: RSF8192
The request details are as follows:
Type: user
Network: 44.108.230.0 / 32
Connection: TUNNEL
Please note that this has an invalid callsign, email address that is a bit hard to
believe, and this points to a hosting company somewhere.
Anyone have any ideas???
I Rejected it solely on the basis that it does not have a valid amateur radio callsign
attached and I suspect that they are trying to use the address space for personal use
(i.e. they are a hosting company) I only see one valid Rickey Francis in the QRZ database
and that is in Washington state.
Has anyone else received any strange request via the portal?
Thanks!
Best Regards,
Elias Basse
KD5JFE
Lousiana Amprnet Coordinator
Was there no spammy message in the free text area of the request?
(this is forwarded as a separate attachment by the portal)
Normally spammers use methods like this (filling in forms on websites) to spread some form
of spam, at the
minimum some URL of a website they want you to go to. But maybe in this case it was not
spam or phishing but an
attempt to get something registered. Some users are very confused about how to use the
AMPR net.
Unfortunately when you do a reject on a portal request that fact is always mailed back to
the e-mail contact, I have asked for
a way to silently remove requests so invalid requests like this can be deleted without
resulting in a mail to an innocent person
or invoke another reply by the requester.
I think it has not yet been implemented.
Rob
31 Dec
31 Dec
10:25 p.m.
New subject: Suspected Spam or Phishing Request through the AMPR portal
There was not a spam text in the message at all.
I did an nslookup on his domain name and it was registered to the
requestors name with a Shreveport LA address. (Since the address was
admin@domain name)
Best Regards,
Elias Basse
1 Jan
1 Jan
12:04 a.m.
New subject: Suspected Spam or Phishing Request through the AMPR portal
Way too much traffic on this -- bogus requests get denied and then move
on....
On Thu, Dec 31, 2015 at 2:25 PM, Elias Basse <kd5jfe(a)gmail.com> wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> There was not a spam text in the message at all.
>
> I did an nslookup on his domain name and it was registered to the
> requestors name with a Shreveport LA address. (Since the address was
> admin@domain name)
>
> Best Regards,
> Elias Basse
>
3040
days inactive
3041
days old
2 comments
3 participants
participants (3)
-
Elias Basse -
K7VE - John -
Rob Janssen