Email mystery…

Posted on December 12, 2012 by Digitalkatie

I received the following email last night:

———- Forwarded message ———-
From: Brittany McClaine <bmcclaine@ncpcharterschool.org>
Date: 11 December 2012 21:54
Subject: Loved your page! Special Thanks from Mrs.McClaine and Kids! 🙂

Hi There!

I just wanted to send you a quick note on behalf of some of the kids in our After School program! We’ve been using your page ( http://digitalkatie.com/bsl.htm ) quite a bit while going over an intro to Sign Language, it has been super helpful!

The kids have a hearing impaired student in their class, and we thought it would be great if everyone was able to communicate on the same level 🙂 As a Thank You, a couple of the students also found and wanted to pass along this family resource page to ASL: ( http://usinsurancenet.com/family-health-reference-to-asl/ )

We’ve actually been using it just as much as your page and thought that maybe you would want to include it on your British Sign Language Links page! I was hesitant to email you at first but the kids keep asking if I’ve talked to you about it yet! (haha they’re so cute!)

Would you possibly consider adding it for them? I would love to surprise them before we finish the unit next Friday, that their research find has actually benefited someone else! They would be so excited!…and I may even surprise them with a pizza party for doing such good research 😉

Thanks again!
-Brittany

**************************************************************************************
Brittany McClaine
bmcclaine@ncpcharterschool.org
Jean Massieu Academy

This email set my spidey sense tingling. It seems like a spam email but I really wasn’t sure. My main issue is this is an email supposedly from America so why would they be using a web page about BRITISH Sign Language??

So, here’s a challenge – figure out if this is real. Is there really a Brittany McClaine? Does she work as a teacher? Does the Jean Massieu Academy exist and is it part of NCP Charter School (the email address domain)? Is this a standard spam email format and the same text is used pretending to be from different teachers and different schools?

When you think you have an answer look at the clues I found online to see if you’ve come up with the same deduction!

2 thoughts on “Email mystery…”

Digitalkatie

December 12, 2012 at 11:32 am

There was a request by @PMason00 on Twitter for the email headers, so here they are….

Delivered-To: [my gmail address]
Received: by 10.220.131.71 with SMTP id w7csp402971vcs;
Tue, 11 Dec 2012 13:54:19 -0800 (PST)
Received: by 10.68.241.133 with SMTP id wi5mr52434995pbc.48.1355262858890;
Tue, 11 Dec 2012 13:54:18 -0800 (PST)
Return-Path:
Received: from homiemail-mx2.g.dreamhost.com (caiajhbdcbhh.dreamhost.com. [nnn.nn.nnn.nnn])
by mx.google.com with ESMTP id uq10si26938845pbc.167.2012.12.11.13.54.18;
Tue, 11 Dec 2012 13:54:18 -0800 (PST)
Received-SPF: neutral (google.com: nnn.nn.nnn.nnn is neither permitted nor denied by best guess record for domain of bmcclaine@ncpcharterschool.org) client-ip=nnn.nn.nnn.nnn;
Authentication-Results: mx.google.com; spf=neutral (google.com: nnn.nn.nnn.nnn is neither permitted nor denied by best guess record for domain of bmcclaine@ncpcharterschool.org) smtp.mail=bmcclaine@ncpcharterschool.org
Received: from mx.ncpcharterschool.org (mx.ncpcharterschool.org [216.86.154.221])
by homiemail-mx2.g.dreamhost.com (Postfix) with ESMTP id 512FC4480DE
for [my email address]; Tue, 11 Dec 2012 13:54:18 -0800 (PST)
To: [my email address]
From: “Brittany McClaine”
Subject: Loved your page! Special Thanks from Mrs.McClaine and Kids! 🙂
Date: Tue, 11 Dec 2012 16:54:12 -0500
Message-Id: <20121211215418.512FC4480DE@homiemail-mx2.g.dreamhost.com>

Reply
Digitalkatie

April 7, 2013 at 1:13 am

I got a fantastic response from Paul Mason (@PMason00):

Hi,

so pinging the domain gives the ip in the header. Meaning there is little chance it’s spoofed and pretending to be a “real” place. Whois lookup returns this:

Domain ID:D164942503-LROR
Domain Name:NCPCHARTERSCHOOL.ORG
Created On:08-Mar-2012 16:40:01 UTC
Last Updated On:08-May-2012 03:50:12 UTC
Expiration Date:08-Mar-2013 16:40:01 UTC
Sponsoring Registrar:GoDaddy.com, LLC (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR107736198
Registrant Name:Registration Private
Registrant Organization:Domains By Proxy, LLC
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US
Registrant Phone:+1.4806242599
Registrant Phone Ext.:
Registrant FAX:+1.4806242598
Registrant FAX Ext.:
Registrant Email:NCPCHARTERSCHOOL.ORG@domainsbyproxy.com
Admin ID:CR107736200
Admin Name:Registration Private
Admin Organization:Domains By Proxy, LLC
Admin Street1:DomainsByProxy.com
Admin Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Admin Street3:
Admin City:Scottsdale
Admin State/Province:Arizona
Admin Postal Code:85260
Admin Country:US
Admin Phone:+1.4806242599
Admin Phone Ext.:
Admin FAX:+1.4806242598
Admin FAX Ext.:
Admin Email:NCPCHARTERSCHOOL.ORG@domainsbyproxy.com
Tech ID:CR107736199
Tech Name:Registration Private
Tech Organization:Domains By Proxy, LLC
Tech Street1:DomainsByProxy.com
Tech Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Tech Street3:
Tech City:Scottsdale
Tech State/Province:Arizona
Tech Postal Code:85260
Tech Country:US
Tech Phone:+1.4806242599
Tech Phone Ext.:
Tech FAX:+1.4806242598
Tech FAX Ext.:
Tech Email:NCPCHARTERSCHOOL.ORG@domainsbyproxy.com
Name Server:NS61.DOMAINCONTROL.COM
Name Server:NS62.DOMAINCONTROL.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

So it’s protected by domains by proxy which is odd as a school has little to hide. Also:
Created On:08-Mar-2012 16:40:01 UTC
Last Updated On:08-May-2012 03:50:12 UTC
Expiration Date:08-Mar-2013 16:40:01 UTC

Only registered for a year? Only created in March 2012? A little odd.
So we use dns enumeration to find out what else is on this server and we get:

*****************************************
* program created by t0ka7a *
* http://infond.blogspot.com *
* under GNU 3.0 licence *
* v0.2 02/13/2010 *
* using dns, find hostnames in a subnet *
*****************************************

begin search…

216.86.154.150 ip150.216-86-154.static.steadfastdns.net
216.86.154.151 ip151.216-86-154.static.steadfastdns.net
216.86.154.152 ip152.216-86-154.static.steadfastdns.net
216.86.154.155 ip155.216-86-154.static.steadfastdns.net
216.86.154.153 ip153.216-86-154.static.steadfastdns.net
216.86.154.156 ip156.216-86-154.static.steadfastdns.net
216.86.154.154 ip154.216-86-154.static.steadfastdns.net
216.86.154.157 ip157.216-86-154.static.steadfastdns.net
216.86.154.158 ip158.216-86-154.static.steadfastdns.net
216.86.154.159 ip159.216-86-154.static.steadfastdns.net
216.86.154.161 ip161.216-86-154.static.steadfastdns.net
216.86.154.160 ip160.216-86-154.static.steadfastdns.net
216.86.154.162 ip162.216-86-154.static.steadfastdns.net
216.86.154.163 ip163.216-86-154.static.steadfastdns.net
216.86.154.165 ip165.216-86-154.static.steadfastdns.net
216.86.154.164 ip164.216-86-154.static.steadfastdns.net
216.86.154.166 ip166.216-86-154.static.steadfastdns.net
216.86.154.167 ip167.216-86-154.static.steadfastdns.net
216.86.154.168 ip168.216-86-154.static.steadfastdns.net
216.86.154.169 ip169.216-86-154.static.steadfastdns.net
216.86.154.170 ip170.216-86-154.static.steadfastdns.net
216.86.154.171 ip171.216-86-154.static.steadfastdns.net
216.86.154.175 ip175.216-86-154.static.steadfastdns.net
216.86.154.172 ip172.216-86-154.static.steadfastdns.net
216.86.154.173 ip173.216-86-154.static.steadfastdns.net
216.86.154.177 ip177.216-86-154.static.steadfastdns.net
216.86.154.176 ip176.216-86-154.static.steadfastdns.net
216.86.154.174 ip174.216-86-154.static.steadfastdns.net
216.86.154.178 ip178.216-86-154.static.steadfastdns.net
216.86.154.179 ip179.216-86-154.static.steadfastdns.net
216.86.154.180 ip180.216-86-154.static.steadfastdns.net
216.86.154.181 ip181.216-86-154.static.steadfastdns.net
216.86.154.182 ip182.216-86-154.static.steadfastdns.net
216.86.154.183 ip183.216-86-154.static.steadfastdns.net
216.86.154.185 ip185.216-86-154.static.steadfastdns.net
216.86.154.184 ip184.216-86-154.static.steadfastdns.net
216.86.154.186 ip186.216-86-154.static.steadfastdns.net
216.86.154.187 ip187.216-86-154.static.steadfastdns.net
216.86.154.188 ip188.216-86-154.static.steadfastdns.net
216.86.154.189 ip189.216-86-154.static.steadfastdns.net
216.86.154.190 ip190.216-86-154.static.steadfastdns.net
216.86.154.193 ip193.216-86-154.static.steadfastdns.net
216.86.154.192 ip192.216-86-154.static.steadfastdns.net
216.86.154.191 ip191.216-86-154.static.steadfastdns.net
216.86.154.195 ip195.216-86-154.static.steadfastdns.net
216.86.154.194 ip194.216-86-154.static.steadfastdns.net
216.86.154.196 ip196.216-86-154.static.steadfastdns.net
216.86.154.197 node01002.gigatux.com
216.86.154.198 cpanel01003.gigatux.com
216.86.154.199 ip199.216-86-154.static.steadfastdns.net
216.86.154.200 ip200.216-86-154.static.steadfastdns.net
216.86.154.201 ip201.216-86-154.static.steadfastdns.net
216.86.154.203 ip203.216-86-154.static.steadfastdns.net
216.86.154.202 ip202.216-86-154.static.steadfastdns.net
216.86.154.205 ip205.216-86-154.static.steadfastdns.net
216.86.154.204 ip204.216-86-154.static.steadfastdns.net
216.86.154.207 ip207.216-86-154.static.steadfastdns.net
216.86.154.206 ip206.216-86-154.static.steadfastdns.net
216.86.154.209 ip209.216-86-154.static.steadfastdns.net
216.86.154.208 ip208.216-86-154.static.steadfastdns.net
216.86.154.210 ip210.216-86-154.static.steadfastdns.net
216.86.154.211 ip211.216-86-154.static.steadfastdns.net
216.86.154.212 ip212.216-86-154.static.steadfastdns.net
216.86.154.213 ip213.216-86-154.static.steadfastdns.net
216.86.154.214 ip214.216-86-154.static.steadfastdns.net
216.86.154.215 ip215.216-86-154.static.steadfastdns.net
216.86.154.218 ip218.216-86-154.static.steadfastdns.net
216.86.154.216 ip216.216-86-154.static.steadfastdns.net
216.86.154.219 ip219.216-86-154.static.steadfastdns.net
216.86.154.217 f.bitur.is
216.86.154.220 ip220.216-86-154.static.steadfastdns.net
216.86.154.221 mx.ncpcharterschool.org
216.86.154.222 server1.fullharnessit.co.uk
216.86.154.224 mx.nutra-smart.net
216.86.154.223 ip223.216-86-154.static.steadfastdns.net
216.86.154.225 ip225.216-86-154.static.steadfastdns.net
216.86.154.226 smtp.keybureau.com
216.86.154.227 gg227.techniland.net
216.86.154.228 ip228.216-86-154.static.steadfastdns.net
216.86.154.232 ip232.216-86-154.static.steadfastdns.net
216.86.154.229 ip229.216-86-154.static.steadfastdns.net
216.86.154.233 ip233.216-86-154.static.steadfastdns.net
216.86.154.230 mail1.napora.me
216.86.154.234 ip234.216-86-154.static.steadfastdns.net
216.86.154.235 ip235.216-86-154.static.steadfastdns.net
216.86.154.236 ip236.216-86-154.static.steadfastdns.net
216.86.154.237 ip237.216-86-154.static.steadfastdns.net
216.86.154.239 ip239.216-86-154.static.steadfastdns.net
216.86.154.238 ip238.216-86-154.static.steadfastdns.net
216.86.154.240 ip240.216-86-154.static.steadfastdns.net
216.86.154.241 ip241.216-86-154.static.steadfastdns.net
216.86.154.242 ip242.216-86-154.static.steadfastdns.net
216.86.154.243 ip243.216-86-154.static.steadfastdns.net
216.86.154.247 chesssence.com
216.86.154.245 chessfeed.com
216.86.154.246 cheespop.com
216.86.154.244 ip244.216-86-154.static.steadfastdns.net
216.86.154.248 chesspack.com
216.86.154.250 ip250.216-86-154.static.steadfastdns.net
216.86.154.249 chesspool.com
216.86.154.251 ip251.216-86-154.static.steadfastdns.net
216.86.154.253 ip253.216-86-154.static.steadfastdns.net
216.86.154.254 ip254.216-86-154.static.steadfastdns.net
216.86.154.252 ip252.216-86-154.static.steadfastdns.net
216.86.154.255 ip255.216-86-154.static.steadfastdns.net
216.86.155.0 ip0.216-86-155.static.steadfastdns.net
216.86.155.1 ip1.216-86-155.static.steadfastdns.net
216.86.155.3 ip3.216-86-155.static.steadfastdns.net
216.86.155.2 ip2.216-86-155.static.steadfastdns.net
216.86.155.4 ip4.216-86-155.static.steadfastdns.net
216.86.155.6 ip6.216-86-155.static.steadfastdns.net
216.86.155.9 ip9.216-86-155.static.steadfastdns.net
216.86.155.8 ip8.216-86-155.static.steadfastdns.net
216.86.155.13 ip13.216-86-155.static.steadfastdns.net
216.86.155.11 ip11.216-86-155.static.steadfastdns.net
216.86.155.10 mail.midlandhealth.com
216.86.155.5 ip5.216-86-155.static.steadfastdns.net
216.86.155.14 ip14.216-86-155.static.steadfastdns.net
216.86.155.7 ip7.216-86-155.static.steadfastdns.net
216.86.155.12 ip12.216-86-155.static.steadfastdns.net
216.86.155.15 ip15.216-86-155.static.steadfastdns.net
216.86.155.16 ip16.216-86-155.static.steadfastdns.net
216.86.155.17 ip17.216-86-155.static.steadfastdns.net
216.86.155.18 ip18.216-86-155.static.steadfastdns.net
216.86.155.20 ip20.216-86-155.static.steadfastdns.net
216.86.155.21 ip21.216-86-155.static.steadfastdns.net
216.86.155.19 ip19.216-86-155.static.steadfastdns.net
216.86.155.23 ip23.216-86-155.static.steadfastdns.net
216.86.155.22 ip22.216-86-155.static.steadfastdns.net
216.86.155.24 ip24.216-86-155.static.steadfastdns.net
216.86.155.25 ip25.216-86-155.static.steadfastdns.net
216.86.155.26 ip26.216-86-155.static.steadfastdns.net
216.86.155.27 ip27.216-86-155.static.steadfastdns.net
216.86.155.28 ip28.216-86-155.static.steadfastdns.net
216.86.155.29 ip29.216-86-155.static.steadfastdns.net
216.86.155.30 ip30.216-86-155.static.steadfastdns.net
216.86.155.31 ip31.216-86-155.static.steadfastdns.net
216.86.155.32 ip32.216-86-155.static.steadfastdns.net
216.86.155.33 ip33.216-86-155.static.steadfastdns.net
216.86.155.34 ip34.216-86-155.static.steadfastdns.net
216.86.155.35 ip35.216-86-155.static.steadfastdns.net
216.86.155.36 glamourmodels.com
216.86.155.37 chi1.staticservers.com
216.86.155.38 smtp.desedge.com
216.86.155.39 ip39.216-86-155.static.steadfastdns.net
216.86.155.41 ip41.216-86-155.static.steadfastdns.net
216.86.155.40 ip40.216-86-155.static.steadfastdns.net
216.86.155.43 ip43.216-86-155.static.steadfastdns.net
216.86.155.42 ip42.216-86-155.static.steadfastdns.net
216.86.155.44 ip44.216-86-155.static.steadfastdns.net
216.86.155.45 ip45.216-86-155.static.steadfastdns.net
216.86.155.46 ip46.216-86-155.static.steadfastdns.net
216.86.155.47 ip47.216-86-155.static.steadfastdns.net
216.86.155.48 ip48.216-86-155.static.steadfastdns.net
216.86.155.49 ip49.216-86-155.static.steadfastdns.net
216.86.155.50 ip50.216-86-155.static.steadfastdns.net
216.86.155.53 ip53.216-86-155.static.steadfastdns.net
216.86.155.51 ip51.216-86-155.static.steadfastdns.net
216.86.155.54 ip54.216-86-155.static.steadfastdns.net
216.86.155.56 ip56.216-86-155.static.steadfastdns.net
216.86.155.52 ip52.216-86-155.static.steadfastdns.net
216.86.155.57 ip57.216-86-155.static.steadfastdns.net
216.86.155.55 ip55.216-86-155.static.steadfastdns.net
216.86.155.58 ip58.216-86-155.static.steadfastdns.net
216.86.155.59 ip59.216-86-155.static.steadfastdns.net
216.86.155.60 ip60.216-86-155.static.steadfastdns.net
216.86.155.61 ip61.216-86-155.static.steadfastdns.net
216.86.155.62 ip62.216-86-155.static.steadfastdns.net
216.86.155.63 ip63.216-86-155.static.steadfastdns.net
216.86.155.64 ip64.216-86-155.static.steadfastdns.net
216.86.155.65 ip65.216-86-155.static.steadfastdns.net
216.86.155.66 ip66.216-86-155.static.steadfastdns.net
216.86.155.68 ip68.216-86-155.static.steadfastdns.net
216.86.155.67 ip67.216-86-155.static.steadfastdns.net
216.86.155.69 ip69.216-86-155.static.steadfastdns.net
216.86.155.72 ip72.216-86-155.static.steadfastdns.net
216.86.155.70 ip70.216-86-155.static.steadfastdns.net
216.86.155.71 ip71.216-86-155.static.steadfastdns.net
216.86.155.73 ip73.216-86-155.static.steadfastdns.net
216.86.155.74 ip74.216-86-155.static.steadfastdns.net
216.86.155.75 ip75.216-86-155.static.steadfastdns.net
216.86.155.77 ip77.216-86-155.static.steadfastdns.net
216.86.155.76 ip76.216-86-155.static.steadfastdns.net
216.86.155.78 ip78.216-86-155.static.steadfastdns.net
216.86.155.81 ip81.216-86-155.static.steadfastdns.net
216.86.155.79 ip79.216-86-155.static.steadfastdns.net
216.86.155.80 ip80.216-86-155.static.steadfastdns.net
216.86.155.82 ip82.216-86-155.static.steadfastdns.net
216.86.155.83 ip83.216-86-155.static.steadfastdns.net
216.86.155.84 ip84.216-86-155.static.steadfastdns.net
216.86.155.86 ip86.216-86-155.static.steadfastdns.net
216.86.155.85 ip85.216-86-155.static.steadfastdns.net
216.86.155.87 ip87.216-86-155.static.steadfastdns.net
216.86.155.88 ip88.216-86-155.static.steadfastdns.net
216.86.155.89 ip89.216-86-155.static.steadfastdns.net
216.86.155.90 ip90.216-86-155.static.steadfastdns.net
216.86.155.92 ip92.216-86-155.static.steadfastdns.net
216.86.155.91 ip91.216-86-155.static.steadfastdns.net
216.86.155.93 ip93.216-86-155.static.steadfastdns.net
216.86.155.95 ip95.216-86-155.static.steadfastdns.net
216.86.155.96 baldheadislandnc.com
216.86.155.94 ip94.216-86-155.static.steadfastdns.net
216.86.155.97 georgewhitley.com
216.86.155.100 ip100.216-86-155.static.steadfastdns.net
216.86.155.98 ajaxaction.com
216.86.155.101 outerbankrental.com
216.86.155.99 ip99.216-86-155.static.steadfastdns.net
216.86.155.102 nschops.com
216.86.155.104 ip104.216-86-155.static.steadfastdns.net
216.86.155.103 ip103.216-86-155.static.steadfastdns.net
216.86.155.105 ip105.216-86-155.static.steadfastdns.net
216.86.155.106 ip106.216-86-155.static.steadfastdns.net
216.86.155.107 uno.gren2.com
216.86.155.109 jade.hostsomething1.com
216.86.155.108 ip108.216-86-155.static.steadfastdns.net
216.86.155.110 ip110.216-86-155.static.steadfastdns.net
216.86.155.111 ip111.216-86-155.static.steadfastdns.net
216.86.155.112 ip112.216-86-155.static.steadfastdns.net
216.86.155.113 ip113.216-86-155.static.steadfastdns.net
216.86.155.115 ip115.216-86-155.static.steadfastdns.net
216.86.155.114 ip114.216-86-155.static.steadfastdns.net
216.86.155.116 a1.aicdesign.net
216.86.155.117 ip117.216-86-155.rdns.voipclear.net
216.86.155.119 ip119.216-86-155.static.steadfastdns.net
216.86.155.120 ip120.216-86-155.static.steadfastdns.net
216.86.155.118 ip118.216-86-155.rdns.voipclear.net
216.86.155.122 ip122.216-86-155.static.steadfastdns.net
216.86.155.121 ip121.216-86-155.static.steadfastdns.net
216.86.155.123 ip123.216-86-155.static.steadfastdns.net
216.86.155.124 ip124.216-86-155.static.steadfastdns.net
216.86.155.125 ip125.216-86-155.static.steadfastdns.net
216.86.155.126 ip126.216-86-155.static.steadfastdns.net
216.86.155.127 ip127.216-86-155.static.steadfastdns.net
216.86.155.129 ip129.216-86-155.static.steadfastdns.net
216.86.155.128 ip128.216-86-155.static.steadfastdns.net
216.86.155.130 ip130.216-86-155.static.steadfastdns.net
216.86.155.132 ip132.216-86-155.static.steadfastdns.net
216.86.155.133 ip133.216-86-155.static.steadfastdns.net
216.86.155.131 ip131.216-86-155.static.steadfastdns.net
216.86.155.134 ip134.216-86-155.static.steadfastdns.net
216.86.155.135 ip135.216-86-155.static.steadfastdns.net
216.86.155.137 ip137.216-86-155.static.steadfastdns.net
216.86.155.136 ip136.216-86-155.static.steadfastdns.net
216.86.155.138 ip138.216-86-155.static.steadfastdns.net
216.86.155.139 ns1.aicdns.com
216.86.155.141 ip141.216-86-155.static.steadfastdns.net
216.86.155.140 ip140.216-86-155.static.steadfastdns.net
216.86.155.142 ip142.216-86-155.static.steadfastdns.net
216.86.155.143 b4.hostkarma.com
216.86.155.145 ip145.216-86-155.static.steadfastdns.net
216.86.155.146 ip146.216-86-155.static.steadfastdns.net
216.86.155.147 ip147.216-86-155.static.steadfastdns.net
216.86.155.144 ip144.216-86-155.static.steadfastdns.net
216.86.155.148 ip148.216-86-155.static.steadfastdns.net
216.86.155.149 ip149.216-86-155.static.steadfastdns.net
216.86.155.150 ip150.216-86-155.static.steadfastdns.net
216.86.155.151 ip151.216-86-155.static.steadfastdns.net
216.86.155.152 ip152.216-86-155.static.steadfastdns.net
216.86.155.153 ip153.216-86-155.static.steadfastdns.net
216.86.155.154 ip154.216-86-155.static.steadfastdns.net
216.86.155.155 ip155.216-86-155.static.steadfastdns.net
216.86.155.156 ip156.216-86-155.static.steadfastdns.net
216.86.155.157 ip157.216-86-155.static.steadfastdns.net
216.86.155.158 ip158.216-86-155.static.steadfastdns.net
216.86.155.159 ip159.216-86-155.static.steadfastdns.net
216.86.155.160 ip160.216-86-155.static.steadfastdns.net
216.86.155.163 ip163.216-86-155.static.steadfastdns.net
216.86.155.161 ip161.216-86-155.static.steadfastdns.net
216.86.155.162 ip162.216-86-155.static.steadfastdns.net
216.86.155.164 ip164.216-86-155.static.steadfastdns.net
216.86.155.165 ip165.216-86-155.static.steadfastdns.net
216.86.155.166 ip166.216-86-155.static.steadfastdns.net
216.86.154.16 optionsunversity.com
216.86.155.167 ip167.216-86-155.static.steadfastdns.net
216.86.155.168 ip168.216-86-155.static.steadfastdns.net
216.86.154.18 commoditiesbrokering.com
216.86.154.35 ip35.216-86-154.static.steadfastdns.net
216.86.154.100 ip100.216-86-154.static.steadfastdns.net
216.86.154.131 ip131.216-86-154.static.steadfastdns.net
216.86.154.128 ip128.216-86-154.static.steadfastdns.net
216.86.154.122 ip122.216-86-154.static.steadfastdns.net
216.86.154.123 ip123.216-86-154.static.steadfastdns.net
216.86.154.135 ip135.216-86-154.static.steadfastdns.net
216.86.155.179 ip179.216-86-155.static.steadfastdns.net
216.86.155.180 ip180.216-86-155.static.steadfastdns.net
216.86.155.181 brunswickgreen.com
216.86.155.178 ip178.216-86-155.static.steadfastdns.net
216.86.155.183 ip183.216-86-155.static.steadfastdns.net
216.86.155.184 ip184.216-86-155.static.steadfastdns.net
216.86.155.185 ip185.216-86-155.static.steadfastdns.net
216.86.155.186 ip186.216-86-155.static.steadfastdns.net
216.86.155.187 ip187.216-86-155.static.steadfastdns.net
216.86.155.189 ip189.216-86-155.static.steadfastdns.net
216.86.155.188 ip188.216-86-155.static.steadfastdns.net
216.86.155.191 ip191.216-86-155.static.steadfastdns.net
216.86.155.192 ip192.216-86-155.static.steadfastdns.net
216.86.155.190 ip190.216-86-155.static.steadfastdns.net
216.86.155.193 ip193.216-86-155.static.steadfastdns.net
216.86.155.195 ip195.216-86-155.static.steadfastdns.net
216.86.155.196 ip196.216-86-155.static.steadfastdns.net
216.86.155.194 ip194.216-86-155.static.steadfastdns.net
216.86.155.197 ip197.216-86-155.static.steadfastdns.net
216.86.155.198 ip198.216-86-155.static.steadfastdns.net
216.86.155.199 ip199.216-86-155.static.steadfastdns.net
216.86.155.200 ip200.216-86-155.static.steadfastdns.net
216.86.155.201 ip201.216-86-155.static.steadfastdns.net
216.86.155.202 ip202.216-86-155.static.steadfastdns.net
216.86.155.203 ip203.216-86-155.static.steadfastdns.net
216.86.155.204 ip204.216-86-155.static.steadfastdns.net
216.86.155.205 ip205.216-86-155.static.steadfastdns.net
216.86.155.206 ip206.216-86-155.static.steadfastdns.net
216.86.155.207 ip207.216-86-155.static.steadfastdns.net
216.86.155.209 ip209.216-86-155.static.steadfastdns.net
216.86.155.208 ip208.216-86-155.static.steadfastdns.net
216.86.155.211 ip211.216-86-155.static.steadfastdns.net
216.86.155.210 ip210.216-86-155.static.steadfastdns.net
216.86.155.212 ip212.216-86-155.static.steadfastdns.net
216.86.155.213 ip213.216-86-155.static.steadfastdns.net
216.86.155.214 ip214.216-86-155.static.steadfastdns.net
216.86.155.215 ip215.216-86-155.static.steadfastdns.net
216.86.155.216 ip216.216-86-155.static.steadfastdns.net
216.86.155.217 ip217.216-86-155.static.steadfastdns.net
216.86.155.218 ip218.216-86-155.static.steadfastdns.net
216.86.155.221 ip221.216-86-155.rdns.voipclear.net
216.86.155.219 mail.kisercontrols.com
216.86.155.220 ip220.216-86-155.rdns.voipclear.net
216.86.155.223 ip223.216-86-155.rdns.voipclear.net
216.86.155.222 ip222.216-86-155.rdns.voipclear.net
216.86.155.224 ip224.216-86-155.rdns.voipclear.net
216.86.155.225 ip225.216-86-155.rdns.voipclear.net
216.86.155.226 ip226.216-86-155.rdns.voipclear.net
216.86.155.227 ip227.216-86-155.rdns.voipclear.net
216.86.155.228 ip228.216-86-155.rdns.voipclear.net
216.86.155.229 ip229.216-86-155.rdns.voipclear.net
216.86.155.230 ip230.216-86-155.rdns.voipclear.net
216.86.155.231 ip231.216-86-155.rdns.voipclear.net
216.86.155.232 ip232.216-86-155.rdns.voipclear.net
216.86.155.234 ip234.216-86-155.rdns.voipclear.net
216.86.155.233 ip233.216-86-155.rdns.voipclear.net
216.86.155.236 ip236.216-86-155.rdns.voipclear.net
216.86.155.235 ip235.216-86-155.rdns.voipclear.net
216.86.155.237 ip237.216-86-155.rdns.voipclear.net
216.86.155.238 ip238.216-86-155.rdns.voipclear.net
216.86.155.239 ip239.216-86-155.rdns.voipclear.net
216.86.155.240 ip240.216-86-155.rdns.voipclear.net
216.86.155.241 ip241.216-86-155.rdns.voipclear.net
216.86.155.242 ip242.216-86-155.rdns.voipclear.net
216.86.155.243 ip243.216-86-155.rdns.voipclear.net
216.86.155.244 ip244.216-86-155.rdns.voipclear.net
216.86.155.245 ip245.216-86-155.rdns.voipclear.net
216.86.155.246 ip246.216-86-155.rdns.voipclear.net
216.86.155.248 ip248.216-86-155.rdns.voipclear.net
216.86.155.247 ip247.216-86-155.rdns.voipclear.net
216.86.155.250 ip250.216-86-155.rdns.voipclear.net
216.86.155.249 ip249.216-86-155.rdns.voipclear.net
216.86.155.251 ip251.216-86-155.rdns.voipclear.net
216.86.155.252 ip252.216-86-155.rdns.voipclear.net
216.86.155.253 ip253.216-86-155.rdns.voipclear.net
216.86.155.254 ip254.216-86-155.rdns.voipclear.net
216.86.155.169 ip169.216-86-155.static.steadfastdns.net
216.86.155.171 ip171.216-86-155.static.steadfastdns.net
216.86.155.170 ip170.216-86-155.static.steadfastdns.net
216.86.155.172 ip172.216-86-155.static.steadfastdns.net
216.86.155.182 ip182.216-86-155.static.steadfastdns.net
216.86.155.175 ip175.216-86-155.static.steadfastdns.net
216.86.155.176 ip176.216-86-155.static.steadfastdns.net
216.86.155.173 ip173.216-86-155.static.steadfastdns.net
216.86.155.174 ip174.216-86-155.static.steadfastdns.net
216.86.155.177 allenphillipshomes.com

This looks like a fairly typical return from a hosting server but when you look deeper there are quite a few just mail servers and things like the “glamour models” site. Totally possible for a school to end up there if they’ve just taken any old hosting but then why just put your mail server there and nothing else? However, if you owned a whole server then you would probably do exactly this. It gets better….

The IP address they have asked you to link onto your site is 50.57.153.244 this claims to be usinsurancenet.com but it’s registered in Russia- home of spam and dodgy websites.

So we have a single mail server in the US making it look legit but it’s asking for a linkback to a Russian website? No way, this looks like linkback spam where putting the link on your site will increase the legitmacy of the russian site in the eyes of search engines. What for I don’t know… it could just be for the link but it seems a lot of effort. Prob the site will infect a visitor with malware. I certainly don’t intend to visit it.

That was fun, it’s brightened up a rather dull day trying to format numeracy questions.

Regards Paul

P.S. Just tried to nmap their IP (the original one) they are using advanced evasion techniques that no school would even know about!

Reply

Digital Media Computing

Resources for teaching the NPAs and NCs

Email mystery…

2 thoughts on “Email mystery…”

Leave a Reply Cancel reply