For the record, the command line 'whois' tool is getting long in the
tooth, and the maintainer isnt' really interested in updating the tools,
database.. (We offered to help)
But, because I end up showing this to our own staff, a little trick..
whois 49.13.172.216 -h whois.ripe.net
You CAN query the individual RIR's directly.. There are also other query
methods directly available from RIR's, and 3rd parties like 'ipinfo' you
can also check..
Still have it on the project list for a new unified 'rwhois' standalone
tool, and SaaS.. for the community.. .. but never enough hours in the
day, or budgets for opensource projects ;0
On 2023-12-07 12:44, Randolf Richardson, Postmaster via mailop wrote:
I'm not familiar with Hertzner, but APNIC's WHOIS indicates a
country code of ZZ for the sending IP address's netblock, which the
ISO lists as "Unknown or unspecified country."
I guess the whole /23 is in the process of being moved? The most
recent modification seems to be ~7 months ago (2023-May-17).
debian# whois 49.13.172.216
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '49.12.0.0 - 49.13.255.255'
% Abuse contact for '49.12.0.0 - 49.13.255.255' is 'no-em...@apnic.net'
inetnum: 49.12.0.0 - 49.13.255.255
netname: STUB-49-12SLASH15
descr: Transferred to the RIPE region on 2018-06-27T02:24:02Z.
country: ZZ
admin-c: STUB-AP
tech-c: STUB-AP
abuse-c: AS2444-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-STUB
mnt-irt: IRT-STUB-AP
last-modified: 2023-05-17T13:13:11Z
source: APNIC
irt: IRT-STUB-AP
address: N/A
e-mail: no-em...@apnic.net
abuse-mailbox: no-em...@apnic.net
admin-c: STUB-AP
tech-c: STUB-AP
auth: # Filtered
remarks: IRT for stub records.
remarks: We do not operate the referring network and
remarks: are unable to investigate complaints of network abuse.
remarks: For information about IRT, see www.apnic.net/irt
remarks: no-em...@apnic.net is invalid
mnt-by: APNIC-HM
last-modified: 2023-05-17T13:09:19Z
source: APNIC
role: ABUSE STUBAP
address: N/A
country: ZZ
phone: +000000000
e-mail: no-em...@apnic.net
admin-c: STUB-AP
tech-c: STUB-AP
nic-hdl: AS2444-AP
remarks: Generated from irt object IRT-STUB-AP
remarks: no-em...@apnic.net is invalid
abuse-mailbox: no-em...@apnic.net
mnt-by: APNIC-ABUSE
last-modified: 2023-05-17T13:13:08Z
source: APNIC
person: STUB PERSON
address: N/A
country: ZZ
phone: +00 0000 0000
e-mail: no-em...@apnic.net
nic-hdl: STUB-AP
remarks: No contact information for stub records.
mnt-by: APNIC-HM
last-modified: 2019-09-23T04:53:33Z
source: APNIC
% This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4)
Free trial account on Microsoft 365 being relayed through Microsoft 365
outbounds by a Hetzner IP
--srs
________________________________
From: mailop <mailop-boun...@mailop.org> on behalf of Michael Peddemors via mailop
<mailop@mailop.org>
Sent: Thursday, December 7, 2023 5:38:33 AM
To: mailop@mailop.org <mailop@mailop.org>
Subject: [mailop] Another very strange microsoft originated email??
Take a look at the headers for this one..
Appears to come from an sender IP on Hetzner, but related to Microsoft??
Some headers snipped for brevity, but something sure appears rotten in
denmark.. love the boundary.. Any takers on explained how this is being
allowed or performed?
Return-Path: <no-re...@cdklu.onmicrosoft.com>
Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO
APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64)
...
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216)
smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com;
From: Autozone Department <root_4...@cdklu.onmicrosoft.com>
Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece
Mechanics Tool Set
In-Reply: <rep...@cdklu.onmicrosoft.com>
Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp"
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
