[gnso-rds-pdp-wg] [POSSIBLY OFF-TOPIC] Example of Usage for Conversation..
Michael Peddemors
michael at linuxmagic.com
Thu Jun 1 17:45:16 UTC 2017
When it comes to addressing 'thin' or 'thick' data, it helps to have an
example of what kinds of data are valuable, and whether a 'specific'
part of the data is important/invaluable to the community at large.. vs
any privacy implications, and as already mentioned now several times,
the personal information issue should be able to be addressed with
simple 'informed consent' that the data is being made available..
108.170.9.82 (M) 5 protecting.qlive.us
108.170.9.84 (M) 4 fortnight.catau.us
108.170.9.85 (M) 6 fancy.showsdepositplan.us
108.170.9.87 (M) 4 childhood.thesecarwarranty.us
108.170.9.88 (M) 4 sweating.samplehairgrowth.us
108.170.9.90 (M) 4 resignation.hirio.us
184.95.36.99 44 nowhere.yesfrenchwineflatbelly.us
184.95.36.100 33 vertical.bidea.us
184.95.36.101 41 relevance.indeednerverenew.us
184.95.36.102 15 decrease.iflifeinsurance.us
192.3.137.211 (M) 8 talent.soldtimesharefrom.us
192.3.137.212 (M) 12 global.reliefnervepainwith.us
192.3.137.213 (M) 7 steal.memoryfixgoodmini.us
192.3.137.214 (M) 8 show.viewautowarrantythat.us
192.3.137.215 (M) 7 culture.catho.us
192.3.137.216 (M) 9 reverse.oueme.us
192.3.137.217 (M) 5 include.causewineflattummy.us
192.3.137.218 (M) 8 pour.provedshepardweightloss.us
192.3.137.219 (M) 11 looks.ylame.us
192.3.137.220 (M) 32 forward.exactlymiracleoil.us
192.3.137.221 (M) 37 sidesbrainboosters.us
192.3.137.222 (M) 35 ballet.bsume.us
Example, our spam auditors received reports of 'snowshoe' spammers over
night from the following domains:
While 'whois' information is not really standardized of course, but lets
look at it from the perspective of what this registrar provides, and
discuss the information that is valuable..
Domain Name: QLIVE.US
^^^^^ Of course..
Domain ID: D59983383-US
Sponsoring Registrar: NAMECHEAP, INC.
^^^^^ Some registrars have different reputation
Sponsoring Registrar IANA ID: 1068
Registrar URL (registration services): http://www.namecheap.com
Domain Status: clientTransferProhibited
Registrant ID: T112TZREYY9QGXNM
Registrant Name: Ancell Powls
^^^^^^ For comparison against other domains..
We 'could' use a simple label, but that doesn't work across
registrars
Registrant Address1: 23 Main St
Registrant Address2: P.O. Box 2033
^^^^^^^ Use of a PO Box, and for comparison against other actors with
similar/same information
Registrant City: Symington
^^^^^^^ Is the same city used?
Registrant State/Province: Biggar
^^^^^^^ Same province?
Registrant Postal Code: ML12 6LJ
^^^^^^^ Same Postal?
Registrant Country: UNITED KINGDOM
^^^^^^^ Same Country
Registrant Country Code: GB
Registrant Phone Number: +44.3457220123
^^^^^^^^ Is it valid, and conform to the specified geographical location
Registrant Email: ancellpowls7627997 at aol.com
^^^^^^^^^ FreeEmail provider, throwaway address
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: K2GPWOMDZJLH056R
Administrative Contact Name: Ancell Powls
^^^^^^^^^ Similar reason for all administrative contact information
and compared against the registrant data
<clipped>
Billing Contact ID: WDKK5ZI9VTLK5GI6
Billing Contact Name: Ancell Powls
^^^^^^^^^ Similar reason for all administrative contact information
and compared against the registrant data
<clipped>
Technical Contact ID: UCTFQMK8L13PWK4A
Technical Contact Name: Ancell Powls
^^^^^^^^^ Similar reason for all administrative contact information
and compared against the registrant data
<clipped>
Name Server: JOSH.NS.CLOUDFLARE.COM
Name Server: IRIS.NS.CLOUDFLARE.COM
^^^^^^^^^ Which name servers do they use? Are they common across domains?
Some name servers might even be a preferred method ..
Created by Registrar: NAMECHEAP, INC.
Last Updated by Registrar: NAMECHEAP, INC.
Domain Registration Date: Thu Jun 01 05:45:30 GMT 2017
^^^^^^^^^^ Obvious, newly created.. and only an automated script can
generate email under that domain that fast..
Domain Expiration Date: Thu May 31 23:59:59 GMT 2018
Domain Last Updated Date: Thu Jun 01 07:24:28 GMT 2017
^^^^^^^^^^^
DNSSEC: false
^^^^^^^^^^^ Don't really care ;)
We also like to compare against the 'rwhois' data.. same guy operate the
IP(s)?
network:Network-Name:Private
network:IP-Network:108.170.9.80/28
network:IP-Network-Block:108.170.9.80 - 108.170.9.95
network:Org-Name:AndreAgoncillo
network:Street-Address:#10 Rizal Street
network:City:La Carlota City
network:State:XX
network:Postal-Code:6130
network:Country-Code:PH
Gives an indication of whether using a 3rd party..
NetRange: 192.3.137.208 - 192.3.137.223
CIDR: 192.3.137.208/28
NetName: CC-192-3-137-208-28
NetHandle: NET-192-3-137-208-1
Parent: CC-15 (NET-192-3-0-0-1)
NetType: Reallocated
OriginAS: AS36352
Organization: Hudson Valley Host (HVH-9)
RegDate: 2017-03-06
Updated: 2017-03-06
Ref: https://whois.arin.net/rest/net/NET-192-3-137-208-1
(that is simply bad information, known snowshoe haven, colocrossing)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
More information about the gnso-rds-pdp-wg
mailing list