I've recently become obsessed with filtering SPAM from my email. I receive, on average, 300-400 SPAM emails PER DAY. It's driving me nuts.
I've contacted my ISP (Windstream) as apparently they do diddly-squat to filter SPAM on their end and I was told it's on me to create filters (which I can do, sort of, via a web interface to my mailbox on their end). Their system is cumbersome and I have to create a new filter rule for every single thing I want to filter. I gave up on it.
What I've started doing is creating rules in my Outlook. Yeah, I still get the glorious luxury of downloading all that crap email, but at least it gets dumped to trash before it hits my inbox. Unfortunately, Microsoft doesn't make creating rules much easier. There's no option to filter, say a range of something, only individual items at a time, but at least the filter criteria can be contained within a single rule.
I've also downloaded a complete database of all issued IP's in the world and put them in an Excel spreadsheet and sorted by country of origin. That way, I can look at header info in SPAM emails and check the originating IP (at least on those too dumb to hide it). If it comes from a foreign IP, it's IP (and when possible entire domain or range of IPs) goes into my filter. Still, it's a never ending process as new SPAM is coming in all the time from new sources, but it's getting better.
So, anyway, this all leads me to a question. Sometimes when I look up an IP on a WHOIS site, it's a bit confusing as to where the IP really is coming from, or who owns it, and so forth. I was hoping someone could look at the following WHOIS entry and explain to me what it means.
This entry is for the the IP: 69.64.39.5
I ran it through the following WHOIS website: https://whoer.net/checkwhois.
Here are the results:
IP address: 69.64.39.5
Location:
United States (US), North America
Region:
Missouri (MO)
City:
Saint Louis
ZIP:
63101
Hostname:
static-ip-69-64-39-5.inaddr.ip-pool.com → 69.64.39.5
IP range:
69.64.35.15 - 69.64.50.101
ISP:
HEG US
Organization:
HEG US
Blacklist:
No
TOR:
No
Time
Zone:
America/Chicago
Local:
Sun Oct 1 2017 13:41:16 GMT-0500 (CDT)
Whois:
NetRange 69.64.32.0 - 69.64.63.255
CIDR 69.64.32.0/19
NetName HEGUS-1
NetHandle NET-69-64-32-0-1
Parent NET69 (NET-69-0-0-0-0)
NetType Direct Allocation
OriginAS AS30083
Organization HEG US Inc. (SERVE-6)
RegDate 2003-07-30
Updated 2017-03-01
Ref https://whois.arin.net/rest/net/NET-69-64-32-0-1
OrgName HEG US Inc.
OrgId SERVE-6
Address 210 North Tucker Blvd.
Address Suite 910
City Saint Louis
StateProv MO
PostalCode 63101
Country US
RegDate 2003-04-15
Updated 2017-03-01
Ref https://whois.arin.net/rest/org/SERVE-6
OrgNOCHandle SWI19-ARIN
OrgNOCName Wintz, Sascha
OrgNOCPhone +1-314-300-2200
OrgNOCEmail sascha.wintz@heg.com
OrgNOCRef https://whois.arin.net/rest/poc/SWI19-ARIN
OrgAbuseHandle HUAD-ARIN
OrgAbuseName HEG US Abuse Department
OrgAbusePhone +1-314-266-3638
OrgAbuseEmail abuse@heg-us.com
OrgAbuseRef https://whois.arin.net/rest/poc/HUAD-ARIN
OrgTechHandle SWI19-ARIN
OrgTechName Wintz, Sascha
OrgTechPhone +1-314-300-2200
OrgTechEmail sascha.wintz@heg.com
OrgTechRef https://whois.arin.net/rest/poc/SWI19-ARIN
RTechHandle SWI19-ARIN
RTechName Wintz, Sascha
RTechPhone +1-314-300-2200
RTechEmail sascha.wintz@heg.com
RTechRef https://whois.arin.net/rest/poc/SWI19-ARIN
RNOCHandle SWI19-ARIN
RNOCName Wintz, Sascha
RNOCPhone +1-314-300-2200
RNOCEmail sascha.wintz@heg.com
RNOCRef https://whois.arin.net/rest/poc/SWI19-ARIN
RAbuseHandle HUAD-ARIN
RAbuseName HEG US Abuse Department
RAbusePhone +1-314-266-3638
RAbuseEmail abuse@heg-us.com
RAbuseRef https://whois.arin.net/rest/poc/HUAD-ARIN
NetRange 69.64.39.5 - 69.64.39.5
CIDR 69.64.39.5/32
NetName ARIN-69-64-39-5-32
NetHandle NET-69-64-39-5-1
Parent HEGUS-1 (NET-69-64-32-0-1)
NetType Reassigned
OriginAS AS30083
Organization Nxhost (NXHOS)
RegDate 2017-08-29
Updated 2017-08-29
Ref https://whois.arin.net/rest/net/NET-69-64-39-5-1
OrgName Nxhost
OrgId NXHOS
Address Tapejara 471
City Tapejara
StateProv
PostalCode 99950000
Country BR
RegDate 2017-01-12
Updated 2017-01-12
Ref https://whois.arin.net/rest/org/NXHOS
OrgTechHandle FWF-ARIN
OrgTechName Filho, Francisco Witschoreck
OrgTechPhone +55.54.33440135
OrgTechEmail vendas@nxhost.com.br
OrgTechRef https://whois.arin.net/rest/poc/FWF-ARIN
OrgAbuseHandle FWF-ARIN
OrgAbuseName Filho, Francisco Witschoreck
OrgAbusePhone +55.54.33440135
OrgAbuseEmail vendas@nxhost.com.br
OrgAbuseRef https://whois.arin.net/rest/poc/FWF-ARIN
I'm, most interested in all the "Whois" information. What does it all mean? How do I read that? I also notice at the bottom there appears to be a foreign country (BR), address, name, and phone number. What the heck? Why do the initial Whois data indicate "HEG US Inc", but further down it says "NXHOS" in some city named "Tapejara", in the country "BR"??
I've contacted my ISP (Windstream) as apparently they do diddly-squat to filter SPAM on their end and I was told it's on me to create filters (which I can do, sort of, via a web interface to my mailbox on their end). Their system is cumbersome and I have to create a new filter rule for every single thing I want to filter. I gave up on it.
What I've started doing is creating rules in my Outlook. Yeah, I still get the glorious luxury of downloading all that crap email, but at least it gets dumped to trash before it hits my inbox. Unfortunately, Microsoft doesn't make creating rules much easier. There's no option to filter, say a range of something, only individual items at a time, but at least the filter criteria can be contained within a single rule.
I've also downloaded a complete database of all issued IP's in the world and put them in an Excel spreadsheet and sorted by country of origin. That way, I can look at header info in SPAM emails and check the originating IP (at least on those too dumb to hide it). If it comes from a foreign IP, it's IP (and when possible entire domain or range of IPs) goes into my filter. Still, it's a never ending process as new SPAM is coming in all the time from new sources, but it's getting better.
So, anyway, this all leads me to a question. Sometimes when I look up an IP on a WHOIS site, it's a bit confusing as to where the IP really is coming from, or who owns it, and so forth. I was hoping someone could look at the following WHOIS entry and explain to me what it means.
This entry is for the the IP: 69.64.39.5
I ran it through the following WHOIS website: https://whoer.net/checkwhois.
Here are the results:
IP address: 69.64.39.5
Location:
Region:
Missouri (MO)
City:
Saint Louis
ZIP:
63101
Hostname:
static-ip-69-64-39-5.inaddr.ip-pool.com → 69.64.39.5
IP range:
69.64.35.15 - 69.64.50.101
ISP:
HEG US
Organization:
HEG US
Blacklist:
No
TOR:
No
Time
Zone:
America/Chicago
Local:
Sun Oct 1 2017 13:41:16 GMT-0500 (CDT)
Whois:
NetRange 69.64.32.0 - 69.64.63.255
CIDR 69.64.32.0/19
NetName HEGUS-1
NetHandle NET-69-64-32-0-1
Parent NET69 (NET-69-0-0-0-0)
NetType Direct Allocation
OriginAS AS30083
Organization HEG US Inc. (SERVE-6)
RegDate 2003-07-30
Updated 2017-03-01
Ref https://whois.arin.net/rest/net/NET-69-64-32-0-1
OrgName HEG US Inc.
OrgId SERVE-6
Address 210 North Tucker Blvd.
Address Suite 910
City Saint Louis
StateProv MO
PostalCode 63101
Country US
RegDate 2003-04-15
Updated 2017-03-01
Ref https://whois.arin.net/rest/org/SERVE-6
OrgNOCHandle SWI19-ARIN
OrgNOCName Wintz, Sascha
OrgNOCPhone +1-314-300-2200
OrgNOCEmail sascha.wintz@heg.com
OrgNOCRef https://whois.arin.net/rest/poc/SWI19-ARIN
OrgAbuseHandle HUAD-ARIN
OrgAbuseName HEG US Abuse Department
OrgAbusePhone +1-314-266-3638
OrgAbuseEmail abuse@heg-us.com
OrgAbuseRef https://whois.arin.net/rest/poc/HUAD-ARIN
OrgTechHandle SWI19-ARIN
OrgTechName Wintz, Sascha
OrgTechPhone +1-314-300-2200
OrgTechEmail sascha.wintz@heg.com
OrgTechRef https://whois.arin.net/rest/poc/SWI19-ARIN
RTechHandle SWI19-ARIN
RTechName Wintz, Sascha
RTechPhone +1-314-300-2200
RTechEmail sascha.wintz@heg.com
RTechRef https://whois.arin.net/rest/poc/SWI19-ARIN
RNOCHandle SWI19-ARIN
RNOCName Wintz, Sascha
RNOCPhone +1-314-300-2200
RNOCEmail sascha.wintz@heg.com
RNOCRef https://whois.arin.net/rest/poc/SWI19-ARIN
RAbuseHandle HUAD-ARIN
RAbuseName HEG US Abuse Department
RAbusePhone +1-314-266-3638
RAbuseEmail abuse@heg-us.com
RAbuseRef https://whois.arin.net/rest/poc/HUAD-ARIN
NetRange 69.64.39.5 - 69.64.39.5
CIDR 69.64.39.5/32
NetName ARIN-69-64-39-5-32
NetHandle NET-69-64-39-5-1
Parent HEGUS-1 (NET-69-64-32-0-1)
NetType Reassigned
OriginAS AS30083
Organization Nxhost (NXHOS)
RegDate 2017-08-29
Updated 2017-08-29
Ref https://whois.arin.net/rest/net/NET-69-64-39-5-1
OrgName Nxhost
OrgId NXHOS
Address Tapejara 471
City Tapejara
StateProv
PostalCode 99950000
Country BR
RegDate 2017-01-12
Updated 2017-01-12
Ref https://whois.arin.net/rest/org/NXHOS
OrgTechHandle FWF-ARIN
OrgTechName Filho, Francisco Witschoreck
OrgTechPhone +55.54.33440135
OrgTechEmail vendas@nxhost.com.br
OrgTechRef https://whois.arin.net/rest/poc/FWF-ARIN
OrgAbuseHandle FWF-ARIN
OrgAbuseName Filho, Francisco Witschoreck
OrgAbusePhone +55.54.33440135
OrgAbuseEmail vendas@nxhost.com.br
OrgAbuseRef https://whois.arin.net/rest/poc/FWF-ARIN
I'm, most interested in all the "Whois" information. What does it all mean? How do I read that? I also notice at the bottom there appears to be a foreign country (BR), address, name, and phone number. What the heck? Why do the initial Whois data indicate "HEG US Inc", but further down it says "NXHOS" in some city named "Tapejara", in the country "BR"??
Facebook
Twitter