[Dxspider-support] Further analysis of fake spots

Tue Feb 25 18:50:27 GMT 2025

Same IP (188.47.125.123) with two callsigns (HF95PZK and SP2MKI) on two
different nodes (SR2PUT and SR4DXC):

PC92^SR2PUT^2334^A^^1HF95PZK:188.47.125.123^H93^
PC92^SR4DXC^67551^A^^1HF95PZK:188.47.125.123^H95^
PC92^SR2PUT^85952^A^^1SP2MKI:188.47.125.123^H95^

Kin EA3CV

-----Mensaje original-----
De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de
Gregor Surmann via Dxspider-support
Enviado el: martes, 25 de febrero de 2025 18:45
Para: The DXSpider Support list <dxspider-support at tobit.co.uk>
CC: Gregor Surmann <gs at funil.de>
Asunto: [Dxspider-support] Further analysis of fake spots

Hello guys!

I have found some interesting stuff. I was seeking for the information, if
my SSID/Call was forged. Yes, it was:

sysop at dxspider:~$ grepdbg "bad spot" | grep -i do5ssb
21Feb2025 at 13:03:32 (*) PCPROT: Bad Spot HF95PZK on 21074.0 by
SP2MKI(150.102.129.109)@DO5SSB-2 User SP2MKI not on node DO5SSB-2 via F3KT-3
25 hops

sysop at dxspider:~$ grepdbg HF95PZK | grep -i SP2MKI
21Feb2025 at 05:53:38 (*) PCPROT: Bad Spot HF95PZK on 3573.0 by
SP2MKI(81.89.113.246)@JG1VGX-8 User SP2MKI not on node JG1VGX-8 via ON4KST-2
28 hops
21Feb2025 at 05:53:38 (progress) SPOT: HF95PZK on 3573.0 @ 0553Z by
SP2MKI(81.89.113.246)@JG1VGX-8 '95th PZK - 100th IARU FT8' route: ON4KST-2
21Feb2025 at 06:47:40 (*) PCPROT: Bad Spot HF95PZK on 7074.0 by
SP2MKI(145.89.214.218)@ON4KST-2 User SP2MKI not on node ON4KST-2 via
ON4KST-2 28 hops
21Feb2025 at 06:47:40 (progress) SPOT: HF95PZK on 7074.0 @ 0647Z by
SP2MKI(145.89.214.218)@ON4KST-2 'ft8 95th PZK - 100th IARU' route: ON4KST-2
21Feb2025 at 08:48:22 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by
SP2MKI(54.225.51.18)@EA4FIT-2 User SP2MKI not on node EA4FIT-2 via ON4KST-2
28 hops
21Feb2025 at 08:48:22 (progress) SPOT: HF95PZK on 7047.0 @ 0848Z by
SP2MKI(54.225.51.18)@EA4FIT-2 '95th PZK - 100th IARU FT4' route: ON4KST-2
21Feb2025 at 09:10:13 (*) PCPROT: Bad Spot HF95PZK on 14080.0 by
SP2MKI(36.134.227.136)@IV3SCP-6 User SP2MKI not on node IV3SCP-6 via F6KVP-3
26 hops
[...more...spots...]
21Feb2025 at 22:44:41 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by
SP2MKI(59.181.166.39)@SM7IUN-3 User SP2MKI not on node SM7IUN-3 via ON4KST-2
28 hops

sysop at dxspider:~$ grepdbg 150.102.129.109 sysop at dxspider:~$

So, there was never a user with the IP 150.102.129.109 here, but the spot
originated at DO5SSB-2, strange.

This means, that someone is injecting packets at some point in the network,
without being on the node itself, not before, not while and not after the
spot.

Or, maybe the famous VE7CC-1 is doing nasty stuff?

All of the IPs do exist in the global BGP routing, many of them are in AWS
or other data centers.

But probably none of the IPs are from the countries the callsign is in.

So, either someone is using the clusters and faking spots, or someone is
injecting PC messages somewhere.

73 de Gregor, DO5SSB

_______________________________________________
Dxspider-support mailing list
Dxspider-support at tobit.co.uk
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support