[Dxspider-support] Further analysis of fake spots

Keith, G6NHU g6nhu at me.com
Tue Feb 25 20:26:36 GMT 2025 

Are there any other variations of the same IP?

73 Keith
On 25 Feb 2025 at 18:50 +0000, Kin via Dxspider-support <dxspider-support at tobit.co.uk>, wrote:
> Same IP (188.47.125.123) with two callsigns (HF95PZK and SP2MKI) on two
> different nodes (SR2PUT and SR4DXC):
>
> PC92^SR2PUT^2334^A^^1HF95PZK:188.47.125.123^H93^
> PC92^SR4DXC^67551^A^^1HF95PZK:188.47.125.123^H95^
> PC92^SR2PUT^85952^A^^1SP2MKI:188.47.125.123^H95^
>
> Kin EA3CV
>
>
> -----Mensaje original-----
> De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de
> Gregor Surmann via Dxspider-support
> Enviado el: martes, 25 de febrero de 2025 18:45
> Para: The DXSpider Support list <dxspider-support at tobit.co.uk>
> CC: Gregor Surmann <gs at funil.de>
> Asunto: [Dxspider-support] Further analysis of fake spots
>
> Hello guys!
>
> I have found some interesting stuff. I was seeking for the information, if
> my SSID/Call was forged. Yes, it was:
>
> sysop at dxspider:~$ grepdbg "bad spot" | grep -i do5ssb
> 21Feb2025 at 13:03:32 (*) PCPROT: Bad Spot HF95PZK on 21074.0 by
> SP2MKI(150.102.129.109)@DO5SSB-2 User SP2MKI not on node DO5SSB-2 via F3KT-3
> 25 hops
>
> sysop at dxspider:~$ grepdbg HF95PZK | grep -i SP2MKI
> 21Feb2025 at 05:53:38 (*) PCPROT: Bad Spot HF95PZK on 3573.0 by
> SP2MKI(81.89.113.246)@JG1VGX-8 User SP2MKI not on node JG1VGX-8 via ON4KST-2
> 28 hops
> 21Feb2025 at 05:53:38 (progress) SPOT: HF95PZK on 3573.0 @ 0553Z by
> SP2MKI(81.89.113.246)@JG1VGX-8 '95th PZK - 100th IARU FT8' route: ON4KST-2
> 21Feb2025 at 06:47:40 (*) PCPROT: Bad Spot HF95PZK on 7074.0 by
> SP2MKI(145.89.214.218)@ON4KST-2 User SP2MKI not on node ON4KST-2 via
> ON4KST-2 28 hops
> 21Feb2025 at 06:47:40 (progress) SPOT: HF95PZK on 7074.0 @ 0647Z by
> SP2MKI(145.89.214.218)@ON4KST-2 'ft8 95th PZK - 100th IARU' route: ON4KST-2
> 21Feb2025 at 08:48:22 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by
> SP2MKI(54.225.51.18)@EA4FIT-2 User SP2MKI not on node EA4FIT-2 via ON4KST-2
> 28 hops
> 21Feb2025 at 08:48:22 (progress) SPOT: HF95PZK on 7047.0 @ 0848Z by
> SP2MKI(54.225.51.18)@EA4FIT-2 '95th PZK - 100th IARU FT4' route: ON4KST-2
> 21Feb2025 at 09:10:13 (*) PCPROT: Bad Spot HF95PZK on 14080.0 by
> SP2MKI(36.134.227.136)@IV3SCP-6 User SP2MKI not on node IV3SCP-6 via F6KVP-3
> 26 hops
> [...more...spots...]
> 21Feb2025 at 22:44:41 (*) PCPROT: Bad Spot HF95PZK on 7047.0 by
> SP2MKI(59.181.166.39)@SM7IUN-3 User SP2MKI not on node SM7IUN-3 via ON4KST-2
> 28 hops
>
> sysop at dxspider:~$ grepdbg 150.102.129.109 sysop at dxspider:~$
>
> So, there was never a user with the IP 150.102.129.109 here, but the spot
> originated at DO5SSB-2, strange.
>
> This means, that someone is injecting packets at some point in the network,
> without being on the node itself, not before, not while and not after the
> spot.
>
> Or, maybe the famous VE7CC-1 is doing nasty stuff?
>
> All of the IPs do exist in the global BGP routing, many of them are in AWS
> or other data centers.
>
> But probably none of the IPs are from the countries the callsign is in.
>
> So, either someone is using the clusters and faking spots, or someone is
> injecting PC messages somewhere.
>
> 73 de Gregor, DO5SSB
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250225/74ce6d08/attachment.htm>

More information about the Dxspider-support mailing list