Jump to content
MIG

50.31.49.41 - email originates from where ?

Recommended Posts

1 hour ago, petzl said:

abuse[AT]steadfast.net.

I concur. Sendgrid is a spammer friendly host and needs to be made aware that this is not acceptable. Thus:

https://whois.arin.net/rest/net/NET-50-31-32-0-1/pft?s=50.31.49.41

gives me parent: STEADFAST-6 (NET-50-31-0-0-1)

which in turn returns Related organization's POC records.

 

from which I can take (extrapolate?(sic))

Abuse: ABUSE959-ARIN (ABUSE959-ARIN) -> https://whois.arin.net/rest/poc/ABUSE959-ARIN.html

and you have the aforementioned abuse email address ;)

 

Share this post


Link to post
Share on other sites

Hi Petzel & RobiBue, 

Thank you, both of you; I concur, however these are the replies I get from Sendgrid:

quote:

"the domain sendgrid.net is not currently registered through our service. The IP address 50.31.49.41 does not belong to our service,  &  the URL of virustotal.com shows, the current registrar of the domain sengrid.net is GoDaddy.com, LLC. We therefore suggest to contact GoDaddy.com, LLC or the registrant of the domain. & as we mentioned in our previous mail, the domain is not registered through our service, and the IP address belongs to  GoDaddy.com, LLC. Therefore the responsible registrar in question is GoDaddy.com, LLC. Please contact abuse@godaddy.com for further investigation:

addresses        50.31.49.41
Domain Whois record

Queried whois.internic.net with "dom sendgrid.net"...

   Domain Name: SENDGRID.NET
   Registry Domain ID: 1552841547_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-04-21T14:31:24Z
   Creation Date: 2009-04-20T09:09:23Z
   Registry Expiry Date: 2019-04-20T09:09:23Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505"

unquote

😕


 

 

Share this post


Link to post
Share on other sites
16 minutes ago, RobiBue said:

Sendgrid is a spammer friendly host and needs to be made aware that this is not acceptable.

which is a good reason for SpamCop to devnull the report sent to sendgrid.com

Quote
If reported today, reports would be sent to:

Re: 50.31.49.41 (Administrator of IP block - statistics only)

abuse#sendgrid.com@devnull.spamcop.net

 

Share this post


Link to post
Share on other sites

🤔Mmm Lking,

I don't disagree with SC, just curious that SendGrid are denying hosting the source, leaving me 😕😵😕

Edited by MIG

Share this post


Link to post
Share on other sites
16 minutes ago, Lking said:

which is a good reason for SpamCop to devnull the report sent to sendgrid.com

 

My whois states 
Comment:        Please submit all reports of abuse to
Comment:        abuse[AT]steadfast.net. Reports sent to
Comment:        other addresses will not be processed.
 

Share this post


Link to post
Share on other sites
5 minutes ago, MIG said:

just curious that SendGrid are denying hosting the source,

Rule #1

petzl, yes but if they are spammer friendly why clog the internet with spam reports?

Share this post


Link to post
Share on other sites
14 minutes ago, MIG said:

Hi Petzel & RobiBue, 

Thank you, both of you; I concur, however these are the replies I get from Sendgrid:

quote:

"the domain sendgrid.net is not currently registered through our service. The IP address 50.31.49.41 does not belong to our service,  &  the URL of virustotal.com shows, the current registrar of the domain sengrid.net is GoDaddy.com, LLC. We therefore suggest to contact GoDaddy.com, LLC or the registrant of the domain. & as we mentioned in our previous mail, the domain is not registered through our service, and the IP address belongs to  GoDaddy.com, LLC. Therefore the responsible registrar in question is GoDaddy.com, LLC. Please contact abuse@godaddy.com for further investigation:

addresses        50.31.49.41
Domain Whois record

Queried whois.internic.net with "dom sendgrid.net"...

   Domain Name: SENDGRID.NET
   Registry Domain ID: 1552841547_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-04-21T14:31:24Z
   Creation Date: 2009-04-20T09:09:23Z
   Registry Expiry Date: 2019-04-20T09:09:23Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505"

unquote

😕

I would like to know how they can explain the following ARIN entry:

https://whois.arin.net/rest/net/NET-50-31-32-0-1/pft?s=50.31.49.41

which clearly names
Origin AS: AS11377
Organization: SendGrid, Inc. (SENDG)
and is definitely sendgrid.com and not sendgrid.net

 

Share this post


Link to post
Share on other sites
2 minutes ago, RobiBue said:

I would like to know how they can explain the following ARIN entry:

https://whois.arin.net/rest/net/NET-50-31-32-0-1/pft?s=50.31.49.41

which clearly names
Origin AS: AS11377
Organization: SendGrid, Inc. (SENDG)
and is definitely sendgrid.com and not sendgrid.net

 

They're not explaining RobiBue, just streadfastly denying, that's why I reached out here, after days of denials I was confident SFCA Team would clarify & you 3 have! Thanks, always. Not only is SC a firstclass tool, the SCF is full of genius gems :)

 

Share this post


Link to post
Share on other sites
3 minutes ago, MIG said:

Even to me Lking? I'm shattered! 

🤣🤣  I am afraid so grasshopper.

 

Share this post


Link to post
Share on other sites
1 minute ago, Lking said:

🤣🤣  I am afraid so grasshopper.

 

Help!🦗stuck prone, from😂🤣😂🤣 too much!

Share this post


Link to post
Share on other sites
2 hours ago, MIG said:

Hi Petzel & RobiBue, 

Thank you, both of you; I concur, however these are the replies I get from Sendgrid:

quote:

"the domain sendgrid.net is not currently registered through our service. The IP address 50.31.49.41 does not belong to our service,  &  the URL of virustotal.com shows, the current registrar of the domain sengrid.net is GoDaddy.com, LLC. We therefore suggest to contact GoDaddy.com, LLC or the registrant of the domain. & as we mentioned in our previous mail, the domain is not registered through our service, and the IP address belongs to  GoDaddy.com, LLC. Therefore the responsible registrar in question is GoDaddy.com, LLC. Please contact abuse@godaddy.com for further investigation:

addresses        50.31.49.41
Domain Whois record

Queried whois.internic.net with "dom sendgrid.net"...

   Domain Name: SENDGRID.NET
   Registry Domain ID: 1552841547_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-04-21T14:31:24Z
   Creation Date: 2009-04-20T09:09:23Z
   Registry Expiry Date: 2019-04-20T09:09:23Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505"

😕

unquote

very interesting:

02/08/19 22:49:04 whois dom sendgrid.com@whois.internic.net

whois -h whois.internic.net dom sendgrid.com ...
   Domain Name: SENDGRID.COM
   Registry Domain ID: 1552841541_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-04-21T14:31:24Z
   Creation Date: 2009-04-20T09:09:19Z
   Registry Expiry Date: 2019-04-20T09:09:19Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505

and

02/08/19 22:48:32 whois dom sendgrid.net
.net is a domain of Network services
Searches for .net can be run at http://www.crsnic.net/

whois -h whois.crsnic.net dom sendgrid.net ...
   Domain Name: SENDGRID.NET
   Registry Domain ID: 1552841547_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-04-21T14:31:24Z
   Creation Date: 2009-04-20T09:09:23Z
   Registry Expiry Date: 2019-04-20T09:09:23Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: abuse@godaddy.com
   Registrar Abuse Contact Phone: 480-624-2505

so, interestingly, sendgrid.com and sendgrid.net are both registered through godaddy, and, coincidentally, both sendgrid domains were created 2009-04-20T09:09 with a 4 second time difference, and both were also coincidentally updated exactly at the same time and date 2018-04-21T14:31:24Z

also the registry domain ID is very odd:
Registry Domain ID: 1552841541_DOMAIN_COM-VRSN
Registry Domain ID: 1552841547_DOMAIN_NET-VRSN

the numbers are waaaaaaaaaaaay too close....

and digging deeper, I look at godaddy's whois database search:

https://www.godaddy.com/whois/results.aspx?domain=sendgrid.net


WHOIS search results
Domain Name: SENDGRID.NET
Registry Domain ID: 1552841547_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-04-21T14:31:23Z
Creation Date: 2009-04-20T09:09:23Z
Registrar Registration Expiration Date: 2019-04-20T09:09:23Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Operations Team
Registrant Organization: SendGrid, Inc
Registrant Street: 1801 California Street
Registrant Street: Suite 500
Registrant City: Denver
Registrant State/Province: Colorado
Registrant Postal Code: 80202
Registrant Country: US
Registrant Phone: +1.8779698647
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: domains-abuse@sendgrid.com
Registry Admin ID: Not Available From Registry
Admin Name: Operations Team
Admin Organization: SendGrid, Inc
Admin Street: 1801 California Street
Admin Street: Suite 500
Admin City: Denver
Admin State/Province: Colorado
Admin Postal Code: 80202
Admin Country: US
Admin Phone: +1.8779698647
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: domains-abuse@sendgrid.com
Registry Tech ID: Not Available From Registry
Tech Name: Operations Team
Tech Organization: SendGrid, Inc
Tech Street: 1801 California Street
Tech Street: Suite 500
Tech City: Denver
Tech State/Province: Colorado
Tech Postal Code: 80202
Tech Country: US
Tech Phone: +1.8779698647
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: domains-abuse@sendgrid.com
Name Server: NS10.DNSMADEEASY.COM
Name Server: NS11.DNSMADEEASY.COM
Name Server: NS12.DNSMADEEASY.COM
Name Server: NS13.DNSMADEEASY.COM
Name Server: NS14.DNSMADEEASY.COM
Name Server: NS15.DNSMADEEASY.COM
DNSSEC: unsigned 

wait a minute... what's that?
Domain Name: SENDGRID.NET
Registrant Email: domains-abuse@sendgrid.com

hmmm.... let's look up the other one now:

https://www.godaddy.com/whois/results.aspx?domain=sendgrid.com


WHOIS search results
Domain Name: SENDGRID.COM
Registry Domain ID: 1552841541_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-04-21T14:31:23Z
Creation Date: 2009-04-20T09:09:19Z
Registrar Registration Expiration Date: 2019-04-20T09:09:19Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Operations Team
Registrant Organization: SendGrid, Inc
Registrant Street: 1801 California Street
Registrant Street: Suite 500
Registrant City: Denver
Registrant State/Province: Colorado
Registrant Postal Code: 80202
Registrant Country: US
Registrant Phone: +1.8779698647
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: domains-abuse@sendgrid.com
Registry Admin ID: Not Available From Registry
Admin Name: Operations Team
Admin Organization: SendGrid, Inc
Admin Street: 1801 California Street
Admin Street: Suite 500
Admin City: Denver
Admin State/Province: Colorado
Admin Postal Code: 80202
Admin Country: US
Admin Phone: +1.8779698647
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: domains-abuse@sendgrid.com
Registry Tech ID: Not Available From Registry
Tech Name: Operations Team
Tech Organization: SendGrid, Inc
Tech Street: 1801 California Street
Tech Street: Suite 500
Tech City: Denver
Tech State/Province: Colorado
Tech Postal Code: 80202
Tech Country: US
Tech Phone: +1.8779698647
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: domains-abuse@sendgrid.com
Name Server: NS10.DNSMADEEASY.COM
Name Server: NS11.DNSMADEEASY.COM
Name Server: NS12.DNSMADEEASY.COM
Name Server: NS13.DNSMADEEASY.COM
Name Server: NS14.DNSMADEEASY.COM
Name Server: NS15.DNSMADEEASY.COM
DNSSEC: unsigned 

Domain Name: SENDGRID.COM
Registrant Email: domains-abuse@sendgrid.com

and last but not least:

Domain Name: SENDGRID.NET
Registrant Name: Operations Team
Registrant Organization: SendGrid, Inc
Registrant Street: 1801 California Street
Registrant Street: Suite 500
Registrant City: Denver
Registrant State/Province: Colorado
Registrant Postal Code: 80202
Registrant Country: US
Registrant Phone: +1.8779698647

vs.

Domain Name: SENDGRID.COM
Registrant Name: Operations Team
Registrant Organization: SendGrid, Inc
Registrant Street: 1801 California Street
Registrant Street: Suite 500
Registrant City: Denver
Registrant State/Province: Colorado
Registrant Postal Code: 80202
Registrant Country: US
Registrant Phone: +1.8779698647

And the winner is: Rule#1!

Oh, you got the wrong sendgrid in colorado! you need the other sendgrid in colorado!
The one with the same address and same phone number.
 

Edited by RobiBue
hit ctrl-enter instead of alt-enter. wasn't finished...

Share this post


Link to post
Share on other sites

RobiBue, 

Apologies for no response to your brilliant 🕵️‍♂️analysis, documenting same and your lethal humor, YOU'RE a bloody legend!

No response (from me) due to 💻 crashed & burned during massive storm, all bu's, recovery, etc failed, needed admission to ER! 

BC some SCF doco disappears into some black hole from which nothing can be retrieved, I'm now archiving all great, helpful, useful posts, of which, many are yours.

🙏Thank you🙏 so much🙏!

Share this post


Link to post
Share on other sites
4 hours ago, MIG said:

RobiBue, 

Apologies for no response to your brilliant 🕵️‍♂️analysis, documenting same and your lethal humor, YOU'RE a bloody legend!

No response (from me) due to 💻 crashed & burned during massive storm, all bu's, recovery, etc failed, needed admission to ER! 

BC some SCF doco disappears into some black hole from which nothing can be retrieved, I'm now archiving all great, helpful, useful posts, of which, many are yours.

🙏Thank you🙏 so much🙏!

sorry to hear that. hope y'all are ok though.

btw I wasn't expecting a reply, just passing information I find for the good of everyone ;)

if someone does have info that doesn't support my theory, I would gladly look at it from a different objective standpoint. 🔭🔍🔬

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×