• Break in attempt 5.34.205.54

    From Post To Usenet@21:1/5 to All on Sat Mar 19 15:09:54 2022
    Ok so all of this happened on March 8 2022 when I got a person
    trying to break into my mail server from IP 5.34.205.54 (AS15828)


    Mar 8 19:01:20 server1 postfix/smtps/smtpd[151411]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
    authentication mechanism
    Mar 8 19:01:20 server1 postfix/smtps/smtpd[151411]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max
    connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:01:19
    Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max
    connection count 1 for (smtps:5.34.205.54) at Mar 8 19:01:19
    Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max cache
    size 1 at Mar 8 19:01:19
    Mar 8 19:22:15 server1 postfix/smtps/smtpd[151551]: connect from unknown[5.34.205.54]
    Mar 8 19:22:16 server1 postfix/smtps/smtpd[151551]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
    authentication mechanism
    Mar 8 19:22:16 server1 postfix/smtps/smtpd[151551]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max
    connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:22:15
    Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max
    connection count 1 for (smtps:5.34.205.54) at Mar 8 19:22:15
    Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max cache
    size 1 at Mar 8 19:22:15
    Mar 8 19:43:05 server1 postfix/smtps/smtpd[151689]: connect from unknown[5.34.205.54]
    Mar 8 19:43:06 server1 postfix/smtps/smtpd[151689]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
    authentication mechanism
    Mar 8 19:43:07 server1 postfix/smtps/smtpd[151689]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    Mar 8 19:46:27 server1 postfix/anvil[151692]: statistics: max
    connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:43:06
    Mar 8 19:46:27 server1 postfix/anvil[151692]: statistics: max
    connection count 1 for (smtps:5.34.205.54) at Mar 8 19:43:06


    So I believe that the person responsible for this break in attempt was
    the one that I was contacting is the one responsible for the spam.

    The person is using a free yandex.com email address as their contact
    email address and doesn't appear to be any kind of legit website
    for this ISP. The person is using the email address of spaceshipnetworks@yandex.com the whole thing looks fishy to me.

    I did contact the person on the ripe record first and got no where
    with them before contacting the one providing connectivity to them.

    https://apps.db.ripe.net/db-web-ui/query?searchtext=5.34.205.54


    https://www.cidr-report.org/cgi-bin/as-report?as=AS15828

    15828 WCD-AS, IR

    Adjacency: 1 Upstream: 1 Downstream: 0
    Upstream Adjacent AS list
    AS133398 TELE-AS Tele Asia Limited, HK

    whois: 401308

    IANA has recorded AS15828 as originally allocated by
    /usr/bin/whois -h jwhois.apnic.netr "AS15828\n % This is the
    RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.

    % Information related to 'AS15826 - AS15833'

    as-block: AS15826 - AS15833
    descr: RIPE NCC ASN block
    remarks: These AS Numbers are assigned to network operators in the RIPE NCC service region.
    mnt-by: RIPE-NCC-HM-MNT
    created: 2018-11-22T15:27:25Z
    last-modified: 2018-11-22T15:27:25Z
    source: RIPE

    % Information related to 'AS15828'

    % Abuse contact for 'AS15828' is
    'spaceshipnetworks@yandex.com'

    aut-num: AS15828
    as-name: WCD-AS
    export: to AS59721 announce as15828
    export: to AS43754 announce as15828
    export: to AS48011 announce as15828
    export: to AS47350 announce as15828
    export: to AS133398 announce as15828
    import: From AS43754 accept any
    import: From AS48011 accept any
    import: From AS47350 accept any
    import: From AS59721 accept any
    import: From AS133398 accept any
    org: ORG-BDNC3-RIPE
    admin-c: MK17520-RIPE
    tech-c: MK17520-RIPE
    abuse-c: ACRO45411-RIPE
    status: ASSIGNED
    mnt-by: RIPE-NCC-END-MNT
    mnt-by: wcd
    created: 2015-08-31T13:46:05Z
    last-modified: 2021-12-22T17:59:44Z
    source: RIPE
    sponsoring-org: ORG-RNB1-RIPE

    organisation: ORG-BDNC3-RIPE
    org-name: Blue Diamond Network Co., Ltd.
    org-type: OTHER
    address: AlmaseAbi Building - Mosalla blv -
    RobatKarim - Tehran - Iran
    abuse-c: AR33223-RIPE
    mnt-ref: MNT-ALMAS
    mnt-by: MNT-ALMAS
    created: 2015-08-17T07:55:22Z
    last-modified: 2015-08-17T08:19:44Z
    source: RIPE # Filtered

    person: DWCI NET
    address: 1110 Palms Airport Drive 89119 Las Vegas, NV
    phone: +971525729284
    nic-hdl: MK17520-RIPE
    mnt-by: wcd
    created: 2015-01-27T10:15:09Z
    last-modified: 2022-03-12T22:46:25Z
    source: RIPE

    So I decided to contact the person who it appears is providing ISP
    providing connectivity to them Who is Tele Asia Limited, HK

    Lovely another provider in Hong Hong. But this one is a special kind
    of stupid he has been insulting and rude towards me every since the
    start when I asked him to block all traffic to the /24 5.34.205.0/24

    I have been dealing with Clive Rand clive.rand@tele-asia.net and he
    has been rude and ignorant and cursing at me and insulting me constantly.

    So then I started to do a bit more digging and find out who exact
    is tele-asia.net is.

    I came across this


    https://www.spamhaus.org/sbl/listings/tele-asia.net

    Found 6 SBL listings for IPs under the responsibility of tele-asia.net

    SBL545218
    185.36.81.177/32 tele-asia.net
    17-Mar-2022 10:49 GMT
    Spamvertised website

    SBL543599
    45.125.67.0/24 tele-asia.net
    23-Feb-2022 23:29 GMT
    Suspected Snowshoe Spam IP Range

    SBL543598
    45.125.67.77/32 tele-asia.net
    23-Feb-2022 23:28 GMT
    spam source

    SBL543473
    45.125.67.75/32 tele-asia.net
    22-Feb-2022 17:39 GMT
    spam source

    SBL543230
    45.125.67.74/32 tele-asia.net
    18-Feb-2022 22:22 GMT
    spam source

    SBL543112
    45.125.67.73/32 tele-asia.net
    17-Feb-2022 15:32 GMT
    spam source

    Oh looks like they are quite spam friendly too
    it makes sense now why they are willing to provide
    connectivity to some one who is trying to break into mail
    servers.

    Then I did a bit more digging on abuseipdb.com

    https://www.abuseipdb.com/check/5.34.205.54

    There has been 656 reports of abuse coming from this IP at
    the time of writing this post from 44 different sources.
    and the last report was just 48 minutes ago at the time of writing
    this post. So the abuse is very active.

    So it isn't just me seeing abuse coming from this IP


    https://www.abuseipdb.com/check/5.34.205.54


    Anyone else seeing these break in attempts it appears to be a spammer
    trying to break into mail servers to gain access to to the mail
    server to send out spam emails.

    I would also be very careful contacting tele-asia.net as they appear to
    either being paid a large sum of money to turn a blind eye to this abuse
    or are working in conjunction with this abuser.

    http://www.tele-asia.net/eng/index.php


    They also don't even have a working abuse mailbox at tele-asia.net
    either. If you email abuse@tele-asia.net it bounces back saying the
    mailbox is full.

    They must be getting a lot of abuse complaints or something.

    You can report abuse here as well and open a ticket but it appears
    tickets fall on deaf ears with these guys when it comes to abuse
    at tele-asia.net

    https://www.tele-asia.net/billing/submitticket.php?step=2&deptid=5


    This is the bounce back that I get. If you email
    abusedept@tele-asia.net it works.

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    abuse@tele-asia.net
    LMTP error after RCPT TO:<abuse@tele-asia.net>:
    552 5.2.2 <abuse@tele-asia.net> Quota exceeded (mailbox for user is
    full)


    Reporting-MTA: dns; main.hosthongkong.net

    Action: failed
    Final-Recipient: rfc822;abuse@tele-asia.net
    Status: 5.0.0


    Has anyone else seen anything coming from 5.34.205.54?

    I would definitely block 5.34.205.0/24 and possibly all of tele-asia.net
    as well.

    Anyone else seeing these attempts coming from this spammer rats nest.

    I would be very careful dealing with "Spaceship Networks" or
    tele-asia.net in this case. They appear to be a big spam nest.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Milutinovic@21:1/5 to Post To Usenet on Tue Mar 22 00:21:53 2022
    "Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border (as are all
    of the former USSR states, the Middle East, most of Asia and a large chunk
    of Africa).

    Have you heard about rate limiting? Fail2Ban?

    --
    Bob Milutinovic
    Cognicom

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Bob Milutinovic on Mon Mar 21 11:07:19 2022
    On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:
    "Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border (as are
    all of the former USSR states, the Middle East, most of Asia and a large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?


    Yes have heard of Fail2ban and yes I run it already.

    It also isn't Ukraine the person responsible for this Clive Rand
    I believe is the one using this other IP block to do this.

    I got a similar message from the free email account as the
    one sent to me by Clive Rand.

    They are in Hong Kong not the Ukraine tele0asia.net

    Also if anyone else is interested in blocking tele-asia.net
    here are at least some of their IP blocks.


    Tele-asia.net

    45.123.88.0/22
    45.123.188.0/24
    45.123.189.0/24
    45.123.190.0/24
    45.123.191.0/24
    45.125.65.0/24
    45.125.66.0/24
    45.125.67.0/24
    79.141.168.0/23
    91.224.92.0/24
    103.16.228.0/22
    103.253.40.0/23
    103.253.42.0/24
    103.253.43.0/24
    114.112.255.0/24
    122.14.132.0/24
    185.36.81.0/24
    185.174.41.0/24
    191.101.180.0/24
    193.31.41.0/24
    223.252.173.0/24


    # Spaceship Networks
    5.34.205.0/24

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Ritz@21:1/5 to Jamie Baillie on Mon Mar 21 13:10:14 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Monday, 21 March 2022 11:07 -0600,
    in article <t1abc8$3da$1@dont-email.me>,
    Jamie Baillie <posttousenet@gmail.com> wrote:

    On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

    Jamie <posttousenet@gmail.com> wrote in message
    news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border
    (as are all of the former USSR states, the Middle East, most of
    Asia and a large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?

    Yes have heard of Fail2ban and yes I run it already.

    It also isn't Ukraine the person responsible for this Clive Rand I
    believe is the one using this other IP block to do this.

    I got a similar message from the free email account as the one sent
    to me by Clive Rand.

    They are in Hong Kong not the Ukraine tele0asia.net

    # Spaceship Networks
    5.34.205.0/24

    $ db-ip.sh 5.34.205.54
    {
    "ipAddress": "5.34.205.54",
    "continentCode": "EU",
    "continentName": "Europe",
    "countryCode": "UA",
    "countryName": "Ukraine",
    "stateProv": "Kyiv City",
    "city": "Kyiv"
    }


    [omit the backslash escape on Linux]
    $ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
    e-mail: bitbucket@ripe.net
    e-mail: bitbucket@ripe.net
    % Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
    notify: haghshenas@gmail.com
    notify: majid.mashayekhi@gmail.com
    e-mail: haghshenas@gmail.com
    notify: ripe@rsane.com
    e-mail: mashayekhi@rasane.com
    e-mail: majid.mashayekhi@gmail.com
    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
    e-mail: spaceshipnetworks@yandex.com
    % Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
    e-mail: spaceshipnetworks@yandex.com
    e-mail: spaceshipnetworks@yandex.com

    Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

    One would hope that Jamie has learned to keep his "reports" neutral,
    brief and to the point, rather than including a quagmire of copy and
    paste text, such as the butt-load of crap which Bob graciously trimmed.

    So far as Jamie being treated rudely in a belligerent manner, it sounds
    as though Jamie's been Jamied.

    - --
    David Ritz <dritz@mindspring.com>
    Be kind to animals; kiss a shark.

    -----BEGIN PGP SIGNATURE-----

    iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYji/hgAKCRBSvCmZGhLe 6zsBAKDs3zqOnrS2eChAW0vQk5W4YdjJ4QCgu8QwkxXQPyMRnSIfo3usLB4sTRo=
    =FV8Q
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From jrg@21:1/5 to David Ritz on Mon Mar 21 12:56:35 2022
    On 3/21/22 11:10, David Ritz wrote:
    On Monday, 21 March 2022 11:07 -0600,
    in article <t1abc8$3da$1@dont-email.me>,
    Jamie Baillie <posttousenet@gmail.com> wrote:

    On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

    Jamie <posttousenet@gmail.com> wrote in message
    news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border
    (as are all of the former USSR states, the Middle East, most of
    Asia and a large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?

    Yes have heard of Fail2ban and yes I run it already.

    It also isn't Ukraine the person responsible for this Clive Rand I
    believe is the one using this other IP block to do this.

    I got a similar message from the free email account as the one sent
    to me by Clive Rand.

    They are in Hong Kong not the Ukraine tele0asia.net

    # Spaceship Networks
    5.34.205.0/24

    $ db-ip.sh 5.34.205.54
    {
    "ipAddress": "5.34.205.54",
    "continentCode": "EU",
    "continentName": "Europe",
    "countryCode": "UA",
    "countryName": "Ukraine",
    "stateProv": "Kyiv City",
    "city": "Kyiv"
    }


    [omit the backslash escape on Linux]
    $ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
    e-mail: bitbucket@ripe.net
    e-mail: bitbucket@ripe.net
    % Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
    notify: haghshenas@gmail.com
    notify: majid.mashayekhi@gmail.com
    e-mail: haghshenas@gmail.com
    notify: ripe@rsane.com
    e-mail: mashayekhi@rasane.com
    e-mail: majid.mashayekhi@gmail.com
    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
    e-mail: spaceshipnetworks@yandex.com
    % Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
    e-mail: spaceshipnetworks@yandex.com
    e-mail: spaceshipnetworks@yandex.com

    Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

    One would hope that Jamie has learned to keep his "reports" neutral,
    brief and to the point, rather than including a quagmire of copy and
    paste text, such as the butt-load of crap which Bob graciously trimmed.

    So far as Jamie being treated rudely in a belligerent manner, it sounds
    as though Jamie's been Jamied.


    +1

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrzej Adam Filip@21:1/5 to Bob Milutinovic on Mon Mar 21 20:03:52 2022
    "Bob Milutinovic" <cognicom@gmail.com> wrote:
    "Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border (as
    are all of the former USSR states, the Middle East, most of Asia and a
    large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?

    $ whois 5.34.205.54
    inetnum: 5.34.205.0 - 5.34.205.255
    org: ORG-SL1132-RIPE
    netname: SpaceshipNetworks
    country: UA
    […]

    organisation: ORG-SL1132-RIPE
    org-name: Spaceshipnetworks LTD
    org-type: OTHER
    address: Khreshhatik St., 14D, Kyiv (Kiev), UA
    […]

    $ whois -h riswhois.ripe.net 5.34.205.54

    route: 5.34.205.0/24
    origin: AS15828
    descr: WCD-AS Blue Diamond Network Co., Ltd., IR


    --
    A. Filip

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrzej Adam Filip@21:1/5 to Post To Usenet on Tue Mar 22 05:01:23 2022
    Post To Usenet <posttousenet@gmail.com> wrote:
    On 2022-03-21 2:03 p.m., Andrzej Adam Filip wrote:
    "Bob Milutinovic" <cognicom@gmail.com> wrote:
    "Post To Usenet" <posttousenet@gmail.com> wrote in message
    news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border (as
    are all of the former USSR states, the Middle East, most of Asia and a
    large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?
    $ whois 5.34.205.54
    inetnum: 5.34.205.0 - 5.34.205.255
    org: ORG-SL1132-RIPE
    netname: SpaceshipNetworks
    country: UA
    […]
    organisation: ORG-SL1132-RIPE
    org-name: Spaceshipnetworks LTD
    org-type: OTHER
    address: Khreshhatik St., 14D, Kyiv (Kiev), UA
    […]
    $ whois -h riswhois.ripe.net 5.34.205.54
    route: 5.34.205.0/24
    origin: AS15828
    descr: WCD-AS Blue Diamond Network Co., Ltd., IR


    See my post above to David Ritz. I know what the record says
    but I don't believe that information to be accurate or correct
    please see my other post.

    RISWOIS reports current routing *as reported by internet (BGP) routers*.
    WHOIS "may" sometimes be outdated or inaccurate. In short: such
    discrepancy between WHOIS and RISWHOIS is at very least "interesting".

    AFAIR There has bas outbreak on spam source on spamcop top-200 from IP addresses formally assigned to CZ but routed via russian AS.

    --
    A. Filip

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Andrzej Adam Filip on Mon Mar 21 22:49:22 2022
    On 2022-03-21 2:03 p.m., Andrzej Adam Filip wrote:
    "Bob Milutinovic" <cognicom@gmail.com> wrote:
    "Post To Usenet" <posttousenet@gmail.com> wrote in message
    news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border (as
    are all of the former USSR states, the Middle East, most of Asia and a
    large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?

    $ whois 5.34.205.54
    inetnum: 5.34.205.0 - 5.34.205.255
    org: ORG-SL1132-RIPE
    netname: SpaceshipNetworks
    country: UA
    […]

    organisation: ORG-SL1132-RIPE
    org-name: Spaceshipnetworks LTD
    org-type: OTHER
    address: Khreshhatik St., 14D, Kyiv (Kiev), UA
    […]

    $ whois -h riswhois.ripe.net 5.34.205.54

    route: 5.34.205.0/24
    origin: AS15828
    descr: WCD-AS Blue Diamond Network Co., Ltd., IR



    See my post above to David Ritz. I know what the record says
    but I don't believe that information to be accurate or correct
    please see my other post.

    Thank you,

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to David Ritz on Mon Mar 21 22:47:46 2022
    On 2022-03-21 12:10 p.m., David Ritz wrote:
    On Monday, 21 March 2022 11:07 -0600,
    in article <t1abc8$3da$1@dont-email.me>,
    Jamie Baillie <posttousenet@gmail.com> wrote:

    On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

    Jamie <posttousenet@gmail.com> wrote in message
    news:t15gr5$5f5$1@dont-email.me...

    <a lot of crap>

    <snip>
    Has anyone else seen anything coming from 5.34.205.54?
    </snip>

    Nope, nothing here. Ukraine is null-routed at the network border
    (as are all of the former USSR states, the Middle East, most of
    Asia and a large chunk of Africa).

    Have you heard about rate limiting? Fail2Ban?

    Yes have heard of Fail2ban and yes I run it already.

    It also isn't Ukraine the person responsible for this Clive Rand I
    believe is the one using this other IP block to do this.

    I got a similar message from the free email account as the one sent
    to me by Clive Rand.

    They are in Hong Kong not the Ukraine tele0asia.net

    # Spaceship Networks
    5.34.205.0/24

    $ db-ip.sh 5.34.205.54
    {
    "ipAddress": "5.34.205.54",
    "continentCode": "EU",
    "continentName": "Europe",
    "countryCode": "UA",
    "countryName": "Ukraine",
    "stateProv": "Kyiv City",
    "city": "Kyiv"
    }


    [omit the backslash escape on Linux]
    $ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
    e-mail: bitbucket@ripe.net
    e-mail: bitbucket@ripe.net
    % Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
    notify: haghshenas@gmail.com
    notify: majid.mashayekhi@gmail.com
    e-mail: haghshenas@gmail.com
    notify: ripe@rsane.com
    e-mail: mashayekhi@rasane.com
    e-mail: majid.mashayekhi@gmail.com
    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
    e-mail: spaceshipnetworks@yandex.com
    % Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
    e-mail: spaceshipnetworks@yandex.com
    e-mail: spaceshipnetworks@yandex.com

    Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

    % Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

    One would hope that Jamie has learned to keep his "reports" neutral,
    brief and to the point, rather than including a quagmire of copy and
    paste text, such as the butt-load of crap which Bob graciously trimmed.

    So far as Jamie being treated rudely in a belligerent manner, it sounds
    as though Jamie's been Jamied.


    Yes I know Mr. Ritz the information listed on the whois record but I
    don't believe that information is accurate. I believe the information
    to be inaccurate and is actually Clive Rand from tele-asia.net who is
    using this IP block that I was reporting before to do these criminal activities. Also the fact that tele-asia.net has several spamhaus.org
    records and the fact that the ports being tried on is the secure port
    for my mail server and that is the only port being tried.

    I believe that the same person who owns tele-asia.net is using this
    IP block 5.34.205.0/24 and IP 5.34.205.54 to try and break into networks
    and is providing false information on this whois record and is silently providing connectivity / peering to this IP block though tele-asia.net

    That way tele-asia.net won't take any of the heat for this as it isn't
    listed under then and uses a free email address on yandex.com and false
    whois information on the rest of the record.

    It wouldn't be the first time a spammer fakes a whois record.

    Also when I emailed abuse@rsane.com I got this response from them
    that they are not responsible for this block and point me back to
    emailing spaceshipnetworks@yandex.com who is the actual abuser
    themselves. Hiding behind false information.

    It wouldn't be the first time a spammer has faked the whois information
    and provided false information.

    I got a very similar email from Clive Rand calling me "Karen" then
    shortly after that one from the free yandex account calling me the same
    thing I have reason to believe he is in control of that free yandex
    account as well as running tele-asia.net and uses this IP block for any
    illegal activity (5.34.205.0) so that it doesn't come back on
    his company tele-asia.net.

    I also emailed info@rasane.com which they have listed on their website
    and it bounces back saying the mailbox is full.

    Delivery has failed to these recipients or groups:

    "info@rasane.com
    Your message couldn't be delivered. When Office 365 tried to send the
    message, the external email server returned the error below. This is
    probably due to a problem or policy setting on the recipient's email system.

    Diagnostic information for administrators:

    Generating server: DM5PR0401MB3543.namprd04.prod.outlook.com

    info@rasane.com
    Remote Server returned '550 5.0.350 Remote server returned an error ->
    550 Mailbox is full / Blocks limit exceeded / Inode limit exceeded'"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)