Re: [mailop] starttls-virginia.securing-email.com 34.227.19.103

[Tobias Geerinckx-Rice via mailop]

Simon Arlott via mailop 写道：
I think it's just a coincidence that the one you mention is 
named
"virginia" because it's hosted at AWS. I don't think this is 
vt.edu.


From :

 ”StartTLS Scanner is a project of Virginia Tech 
 .”


Unless you mean this is a Joe-job?

Considering VT.edu's reputation for unethical research, that would 
be funny, but Occam's razor says it's just them—again.


Block away,

T G-R


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] starttls-virginia.securing-email.com 34.227.19.103

[Simon Arlott via mailop]

On 16/09/2022 04:46, Bill Cole via mailop wrote:
>> Anyone recognize them?
> 
> Looks like the same vt.edu bozos who have at least 2 prior rounds of bad 
> research behavior.

I've blocked them previously:
2020-03-17 3.104.129.119 comment "proxy-research.com"
2020-03-17 15.164.73.143 comment "proxy-research.com"
2020-03-17 15.188.24.147 comment "proxy-research.com"
2020-03-17 34.227.19.103 comment "proxy-research.com"
2020-03-17 54.94.237.221 comment "proxy-research.com"
2020-03-17 54.187.79.149 comment "proxy-research.com"

15.164.73.143 may have been discontinued since then:
143.73.164.15.in-addr.arpa domain name pointer 
ec2-15-164-73-143.ap-northeast-2.compute.amazonaws.com.

34.227.19.103 is the first one to use the new domain:
119.129.104.3.in-addr.arpa domain name pointer 
starttls-sydney.proxy-research.com.
147.24.188.15.in-addr.arpa domain name pointer 
starttls-paris.proxy-research.com.
103.19.227.34.in-addr.arpa domain name pointer 
starttls-virginia.securing-email.com.
221.237.94.54.in-addr.arpa domain name pointer 
starttls-saopaulo.proxy-research.com.
149.79.187.54.in-addr.arpa domain name pointer 
starttls-oregon.proxy-research.com.

I think it's just a coincidence that the one you mention is named
"virginia" because it's hosted at AWS. I don't think this is vt.edu.

-- 
Simon Arlott
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] starttls-virginia.securing-email.com 34.227.19.103

[Bill Cole via mailop]

On 2022-09-15 at 18:16:43 UTC-0400 (15 Sep 2022 18:16:43 -0400)
John Levine via mailop 
is rumored to have said:


While looking at my mail logs, I see a whole lot of connections from
this host. It does EHLO, then STARTTLS, then EHLO again, then
disconnects. My mail server has a lot of different names and I can see
that it is trying them all. Their host is at Amazon.

My guess is this is another lame student attempt to do research using
other people's resources. Their WHOIS is anonymized and they have no
web site.


http://starttls-virginia.securing-email.com works for me. No https, no 
website on parent domain.



Anyone recognize them?


Looks like the same vt.edu bozos who have at least 2 prior rounds of bad 
research behavior.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] starttls-virginia.securing-email.com 34.227.19.103

[John Levine via mailop]

While looking at my mail logs, I see a whole lot of connections from
this host. It does EHLO, then STARTTLS, then EHLO again, then
disconnects. My mail server has a lot of different names and I can see
that it is trying them all. Their host is at Amazon.

My guess is this is another lame student attempt to do research using
other people's resources. Their WHOIS is anonymized and they have no
web site. Anyone recognize them?

At least they're not as malicious as the fake GDPR stuff.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop